hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

49 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
2f3869f41b add model for puppeteer 2021-03-17 10:03:51 +01:00
Erik Krogh Kristensen
d95d427c5b better support for the &&=, ||=, and ??= operators 2020-08-13 09:22:32 +02:00
semmle-qlci
45ef3ec4a8 Merge pull request #3619 from erik-krogh/CWE022-Correctness 
Approved by asgerf
 2020-07-01 20:07:58 +01:00
Esben Sparre Andreasen
c7f67fafd9 JS: support additional promisification of the fs-module members 2020-06-30 09:10:30 +02:00
Erik Krogh Kristensen
926f2c139f require that a write must dominate the enclosing stmt of a read 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
e467d3ccbf use dominating write check in js/path-injection 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
550c578c3c use MemberShipTest in TaintedPath 2020-06-04 10:51:08 +02:00
Erik Krogh Kristensen
d513e6c5b5 update comments in TaintedPath tests 2020-06-04 10:40:14 +02:00
Erik Krogh Kristensen
eca98b42d2 basic support for util.promisify for NodeJSFileSystemAccess 2020-04-17 09:54:37 +02:00
Erik Krogh Kristensen
9c2053168b writing out the truth table for DotDotSlashPrefixRemovingReplace 2020-04-03 15:46:47 +02:00
Erik Krogh Kristensen
94751c1b31 dst can be relative for "../" replace call 2020-04-03 11:08:31 +02:00
Erik Krogh Kristensen
e46cde17a1 add a "../" removing taint-step for js/path-injection 2020-04-03 09:42:05 +02:00
semmle-qlci
c5d39039bc Merge pull request #2962 from erik-krogh/YetAnotherSanitizer 
Approved by asgerf
 2020-03-04 15:27:09 +00:00
Esben Sparre Andreasen
4625217a68 Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules 2020-03-03 15:07:51 +01:00
Erik Krogh Kristensen
f03c67266a add taint step for replace call that only removes dots 2020-03-03 12:58:06 +01:00
Esben Sparre Andreasen
adddebf039 Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules 2020-03-03 10:55:16 +01:00
Erik Krogh Kristensen
53d1cd33f6 support sanitizers that remove all forward slashes 2020-03-02 21:34:40 +01:00
Erik Krogh Kristensen
26fd17bf39 recognize utility functions implementing a StartsWith check 2020-03-02 13:00:58 +01:00
Erik Krogh Kristensen
71ff32e930 recognize another prefix check for js/path-injection 2020-02-28 14:55:41 +01:00
Esben Sparre Andreasen
a589061bee JS: add type-tracking to the fs-module and model the original-fs 2020-02-28 12:54:59 +01:00
Esben Sparre Andreasen
5a3a1c480d JS: add tests for the fs-module and friends 2020-02-28 12:21:10 +01:00
Erik Krogh Kristensen
dc6bfad023 Merge remote-tracking branch 'upstream/master' into CVE481 2020-02-25 16:25:03 +01:00
Esben Sparre Andreasen
5baba62154 JS: model path-is-inside+is-path-inside for js/path-injection 2020-02-24 23:10:15 +01:00
Esben Sparre Andreasen
86b836cd29 JS: add tests for js/path-injection 2020-02-24 23:03:42 +01:00
Erik Krogh Kristensen
90e5671d98 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE481 2020-02-21 15:25:07 +01:00
Erik Krogh Kristensen
03e295ef11 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74 2020-02-20 12:19:32 +01:00
Erik Krogh Kristensen
2885d48ad0 changes based on review 2020-02-17 14:44:10 +01:00
Erik Krogh Kristensen
5375604109 calling pop or shift on a SplitPath returns a PosixPath 2020-02-17 13:15:46 +01:00
Erik Krogh Kristensen
46cbeb0bc6 add more steps to the SplitPath label 2020-02-17 12:58:27 +01:00
Erik Krogh Kristensen
a6d644bac0 add support for path.normalize(path.realtive(...)) 2020-02-14 13:10:35 +01:00
Erik Krogh Kristensen
94814fa721 fix typos in the test 2020-02-14 13:03:35 +01:00
Erik Krogh Kristensen
d765a33b8d add support for "../" prefixes in sanitizer 2020-02-14 12:36:54 +01:00
Erik Krogh Kristensen
3a146514ce add sanitizer for relative ".." in js/path-injection 2020-02-14 10:51:48 +01:00
Erik Krogh Kristensen
0f511c92b4 Merge remote-tracking branch 'upstream/master' into FalsySanitizer 2020-02-10 09:54:58 +01:00
Esben Sparre Andreasen
736ccb98c2 JS: model the send library for js/path-injection 2020-02-07 12:45:32 +01:00
Erik Krogh Kristensen
d8a30c48a3 update expected output of TaintedPath tests 2020-02-06 09:47:15 +01:00
semmle-qlci
53763c789f Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path 
Approved by erik-krogh
 2020-02-05 10:53:39 +00:00
Esben Sparre Andreasen
bbd60f52ba JS: add additional flow steps to js/path-injection 2020-02-03 16:36:25 +01:00
Erik Krogh Kristensen
e6d46b9279 add test for new prefix check on TaintedPath 2020-01-31 12:35:03 +01:00
Esben Sparre Andreasen
cc768345d0 JS: add security tests for malicious torrents 2019-11-14 13:54:19 +01:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Asger F
5636d42c13 JS: Update test 2019-10-25 09:57:10 +01:00
Asger F
9f1617a6a8 JS: Update TaintedPath.expected (4x paths) 2019-05-28 11:22:08 +01:00
Asger F
07d508d1bf JS: Track taint through .replace() 2019-05-23 09:23:48 +01:00
Asger F
1ec3475457 JS: All of TaintedPath 2019-05-23 09:23:47 +01:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Jason Reed
23d37c7167 JS: Unbreak TaintedPath 2019-02-28 15:45:26 -05:00