hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

911 Commits

Author SHA1 Message Date
semmle-qlci
52d6626547 Merge pull request #1242 from esben-semmle/js/whitelist-trailing-newline-removal 
Approved by xiemaisi
 2019-04-29 07:35:15 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
Max Schaefer
455dbccd05 JavaScript: Fix definitions of SourcePathNode and SinkPathNode. 
Their charpreds previously only ensured that they were on a path from a
source to a sink, not that they actually were the source and sink,
respectively. See two commits further for a test case.
 2019-04-23 13:15:47 +01:00
Esben Sparre Andreasen
ac0913c878 JS: add newline removal whitelist for js/incomplete-sanitization 2019-04-23 08:38:23 +02:00
Esben Sparre Andreasen
bdbd00e046 JS: add newline removal tests for js/incomplete-sanitization 2019-04-23 08:37:39 +02:00
Max Schaefer
a61ca489f1 Merge pull request #1258 from asger-semmle/prototype-pollution 
JS: prototype pollution query template
 2019-04-17 12:58:05 +01:00
semmle-qlci
f36eafce3f Merge pull request #1246 from xiemaisi/js/hardcoded-password 
Approved by asger-semmle
 2019-04-17 08:54:09 +01:00
Asger F
48ca4ae0d8 JS: prototype pollution query template 2019-04-16 17:40:41 +01:00
Esben Sparre Andreasen
c80ee3df01 Mergeback: rc/1.20 into Semmle/master 2019-04-16 08:46:15 +02:00
Max Schaefer
1d5bb97121 JavaScript: Refine PasswordInConfigurationFile to avoid FPs. 
We now exclude passwords that look like they might be filled in via
templating or shell substitution.
 2019-04-15 12:10:21 +01:00
Esben Sparre Andreasen
9c65277b53 JS: reformulate js/incomplete-hostname-regexp with type tracking 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
5a7101481c JS: make message for js/incomplete-hostname-regexp more informative 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
d643904faf JS: improve tests for fixup js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
fd429ce639 JS: whitelist delimiter unwrapping for js/incomplete-sanitization 2019-04-12 08:38:44 +02:00
Esben Sparre Andreasen
a0ed362310 JS: add test case for js/incomplete-sanitization 2019-04-12 08:37:47 +02:00
Esben Sparre Andreasen
52d86471af JS: whitelist another emptiness check for the type-confusion query 2019-04-08 09:52:27 +02:00
Asger F
3bc7371fd6 JS: be less conservative about incomplete nodes in prefix sanitizers 2019-04-03 15:20:03 +01:00
semmle-qlci
02f4695a5b Merge pull request #1152 from esben-semmle/js/koa-improvements 
Approved by xiemaisi
 2019-04-02 08:51:19 +01:00
Esben Sparre Andreasen
00c8387bb3 JS: model Koa redirects 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
364ba1b4ac JS: use RegExpLiteral as a SourceNode 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
7923c9d77c JS: add tests for missing flow of regular expressions 2019-04-01 09:19:25 +02:00
semmle-qlci
35ea746045 Merge pull request #1172 from asger-semmle/hostname-prefix-sanitizer 
Approved by xiemaisi
 2019-03-28 11:55:10 +00:00
Asger F
99dc2435af JS: update test 2019-03-27 15:03:04 +00:00
Asger F
d4c7312d80 JS: more sanitizing prefixes 2019-03-27 11:22:31 +00:00
Asger F
50f2afb622 JS: add test 2019-03-27 11:20:39 +00:00
Max Schaefer
4533e1f6fe JavaScript: Add model of adm-zip library for ZipSlip query. 2019-03-21 08:04:06 +00:00
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
Max Schaefer
77c383aee2 JavaScript: Simplify flow-summary queries. 
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.

I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
 2019-03-19 10:58:49 +00:00
Jason Reed
4475dd4b9f JavaScript: Add test and fix change note. 2019-03-15 14:40:48 -04:00
Jason Reed
6589813ec7 JavaScript: Add tar-stream extraction to ZipSlip query. 2019-03-15 09:31:26 -04:00
Max Schaefer
28d8011bcf JavaScript: Add models for popular base64 transcoders. 2019-03-13 08:20:58 +00:00
Max Schaefer
48c0949705 Merge pull request #1036 from asger-semmle/hide-implicit-ssa-defs 
JS: Omit uninteresting nodes from path explanations
 2019-03-06 13:30:11 +00:00
Jason Reed
8829fde86b JS: Add test for zipslip basename sanitization. 2019-03-06 09:46:41 +00:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Max Schaefer
8dcd8715b9 Merge pull request #889 from jcreedcmu/jcreed/tarslip 
JavaScript: Add new query for ZipSlip (CWE-022).
 2019-03-01 08:16:35 +00:00
Jason Reed
c5e57dacf8 JS: Actually use fileName in examples 2019-02-28 15:46:14 -05:00
Jason Reed
b0636dd410 JS: Better local flow through .pipe chaining 2019-02-28 15:45:33 -05:00
Jason Reed
23d37c7167 JS: Unbreak TaintedPath 2019-02-28 15:45:26 -05:00
Jason Reed
baa4f08259 JS: Add new query for ZipSlip (CWE-022) 2019-02-28 15:45:08 -05:00
Max Schaefer
2ecabad553 Merge pull request #1004 from asger-semmle/suffix-check-bug 
JS: Recognize '+' in suffix check
 2019-02-28 14:23:26 +00:00
Asger F
8e8085ea1f JS: add test 2019-02-28 10:09:36 +00:00
semmle-qlci
6602b4dbda Merge pull request #992 from xiemaisi/js/socket.io 
Approved by asger-semmle
 2019-02-27 18:43:40 +00:00
Max Schaefer
739705865b JavaScript: Add basic model of socket.io. 2019-02-26 15:53:29 +00:00
Esben Sparre Andreasen
4ce7ec1661 JS: add XSS vector for Vue's v-html 2019-02-25 12:17:56 +01:00
Esben Sparre Andreasen
305a249280 JS: add taint steps for fs.realpath and fs.realpathSync 2019-02-21 09:48:35 +01:00
Max Schaefer
2fce626c3a JavaScript: Add Range.prototype.createContextualFragment as an XSS sink. 2019-02-12 16:32:30 +00:00
semmle-qlci
c133362660 Merge pull request #910 from xiemaisi/js/regexp-taint 
Approved by esben-semmle
 2019-02-12 13:15:16 +00:00
semmle-qlci
10b00254ec Merge pull request #915 from asger-semmle/closure-uri-methods 
Approved by xiemaisi
 2019-02-11 10:51:07 +00:00
semmle-qlci
986afa1b1b Merge pull request #909 from xiemaisi/js/improve-incomplete-sanitization-alerts 
Approved by esben-semmle
 2019-02-08 17:39:36 +00:00
Asger F
f6e0ccfcf0 JS: model URI and XHR methods from closure library 2019-02-08 15:18:27 +00:00