hohn/codeql - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	c146b27c1a	Merge branch 'main' into shellTrue	2021-03-24 20:09:23 +01:00
Erik Krogh Kristensen	8949b9eb0a	add shell interpreted arrays as sinks for js/shell-command-constructed-from-input	2021-03-19 15:59:06 +01:00
Erik Krogh Kristensen	d489d63b8e	recognize object transformations in module.exports when looking for library inputs	2021-03-18 20:54:33 +01:00
Erik Krogh Kristensen	28ad667578	add model for async-execute	2021-03-18 19:40:46 +01:00
Erik Krogh Kristensen	2aa59a3f8b	support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input	2021-01-07 13:58:25 +01:00
Erik Krogh Kristensen	bfd8d1b1e9	Merge branch 'main' into revertSum	2021-01-06 23:04:08 +01:00
Erik Krogh Kristensen	f1cee70e82	add class-field flowstep to js/shell-command-constructed-from-input	2021-01-06 14:37:00 +01:00
Erik Krogh Kristensen	530a4aea35	Merge branch 'main' into shellSanitizer	2020-12-22 13:57:15 +01:00
Erik Krogh Kristensen	da9a4e5267	add test	2020-12-22 11:22:25 +01:00
Erik Krogh Kristensen	876ba7ef2d	add typeof sanitizer to js/shell-command-constructed-from-input	2020-12-21 14:16:55 +01:00
Max Schaefer	4100ab2919	JavaScript: Add another test to show that flow through functions still works.	2020-10-14 10:03:27 +01:00
Max Schaefer	1c04c07f07	JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction.	2020-10-14 10:03:04 +01:00
Max Schaefer	cd33d358aa	JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths. The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path.	2020-10-12 14:50:47 +01:00
Erik Krogh Kristensen	320879bc1e	recognize colon in command-prefixes	2020-09-07 13:12:38 +02:00
Erik Krogh Kristensen	dc8042adeb	introduce conistency-checking for CWE-078	2020-07-06 12:47:56 +02:00
Erik Krogh Kristensen	2b2d691e45	don't treated a property from a tainted object as tainted when there exists a dominating write	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	815671f5d0	add sanitizer guard for typeof undefined	2020-06-04 21:32:26 +02:00
Erik Krogh Kristensen	5b569a4d6d	add a sanitizer for chained replace-calls	2020-05-19 19:16:58 +02:00
Erik Krogh Kristensen	fc7e9eb8c8	add test for non-tracked aliasing	2020-05-18 22:40:41 +02:00
Erik Krogh Kristensen	c8cf958c8a	add test cases for js/shell-command-constructed-from-input	2020-05-17 10:32:27 +02:00