hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

37 Commits

Author SHA1 Message Date
Asger Feldthaus
710cca5395 JS: Update expectations with new sources 2021-03-16 13:28:12 +00:00
Erik Krogh Kristensen
aae69c6537 update expected output 2021-02-01 09:33:52 +01:00
Erik Krogh Kristensen
39591687ba add js/code-injection sink for script tags in React 2021-01-29 12:50:17 +01:00
Asger Feldthaus
68d2bc861d JS: Update test expectations 2020-12-03 15:01:50 +00:00
Asger Feldthaus
6211fe718b JS: Add test 2020-12-01 17:05:48 +00:00
Max Schaefer
e1d90e90ad JavaScript: Add modelling for Module.prototype._compile. 2020-10-19 09:42:17 +01:00
Erik Krogh Kristensen
b8154d41b1 type-track objects where the "$where" property has been written 2020-09-24 20:55:25 +02:00
Erik Krogh Kristensen
664c5e64b4 add [INCONSISTENCY] comment in CodeInjection test 2020-07-08 09:48:12 +02:00
Erik Krogh Kristensen
210e71cd93 update expected output 2020-06-16 21:52:59 +02:00
Erik Krogh Kristensen
5ce17bea60 add qhelp for js/bad-code-sanitization 2020-06-16 16:23:41 +02:00
Erik Krogh Kristensen
a0951f76b6 add additional taint steps when type-tracking RemoteFlowSource 2020-06-16 14:55:07 +02:00
Erik Krogh Kristensen
c375a0c611 fix compilation and update expected output 2020-06-11 11:16:38 +02:00
Erik Krogh Kristensen
aa3482cbae improve detection of duplicate results with js/code-injection 2020-06-10 22:58:02 +02:00
Erik Krogh Kristensen
373a437d71 add query to detect improperly sanitized code 2020-06-10 19:50:12 +02:00
semmle-qlci
14664be467 Merge pull request #3468 from p0/imp/nodejs-vm-sinks 
Approved by esbena
 2020-05-18 11:10:13 +01:00
Pavel Avgustinov
ab2d059ed4 JavaScript: Model extra sinks in vm module 2020-05-14 10:01:40 +01:00
Esben Sparre Andreasen
7722d77c86 JS: add the NoSQL $where as a sink for js/code-injection 2020-05-13 08:30:22 +02:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Esben Sparre Andreasen
f3de75ae07 JS: update a js/code-injection test 2019-09-11 09:45:54 +02:00
Asger F
f7654d6f1c JS: Add test 2019-09-06 14:42:07 +01:00
Max Schaefer
28d8011bcf JavaScript: Add models for popular base64 transcoders. 2019-03-13 08:20:58 +00:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Asger F
ad6add383c JS: improve concatenation-sanitizer for property injection 2019-01-14 15:34:01 +00:00
Max Schaefer
b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
Asger F
ce18aca62b JS: update expected output 2018-12-19 11:30:46 +00:00
Asger F
61ef6552c3 JS: handle both data() and taint() source labels 2018-11-22 09:59:31 +00:00
Asger F
4ae2493798 JS: rename query to Unsafe Dynamic Method Access 2018-11-21 12:34:18 +00:00
Asger F
7d80847832 JS: add qhelp example to test suite 2018-11-20 18:44:18 +00:00
Asger F
49cd2876c9 JS: use StringConcatenation library in ConcatSanitizer 2018-11-20 18:12:07 +00:00
Asger F
2239f863f7 JS: add query MethodNameInjection 2018-11-20 15:57:18 +00:00
Asger F
bc3b983768 JS: move CodeInjection tests into subfolder 2018-11-20 14:24:37 +00:00
Max Schaefer
9221b62ded JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates. 2018-11-14 09:32:31 +00:00
semmle-qlci
44e4b25f42 Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Robert Marsh
aaeda5dfcc JavaScript: add the ESLint attack as a test 2018-08-17 10:16:52 -07:00
Max Schaefer
199990feea JavaScript: Add WebView-related taint sinks for CodeInjection, DomBasedXss and ServerSideUrlRedirect. 2018-08-10 15:59:27 +01:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00