hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

911 Commits

Author SHA1 Message Date
Tom Hvitved
b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Asger F
9b10254cd4 JS: support label-specific sanitizer guards 2018-10-10 18:27:14 +01:00
Asger F
5e720486d5 JS: recognize req.query.x as deep object taint 2018-10-10 17:15:56 +01:00
Asger F
d72d7345b8 JS: make NosqlInjection use object taint 2018-10-10 17:05:59 +01:00
Esben Sparre Andreasen
6687dfd558 JS: improve model of express' req.sendFile 2018-10-10 15:46:43 +02:00
Esben Sparre Andreasen
358b6c3413 JS: change "remote request" to "network request" 2018-10-10 15:34:39 +02:00
Esben Sparre Andreasen
3b2440e850 JS: remove useless externs definitions for tests 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
b00aa36cdc JS: polish HttpToFileAccess.ql 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
d261915598 JS: polish FileAccessToHttp.ql 2018-10-10 12:12:54 +02:00
Asger F
74f115fa40 JS: add test case 2018-10-10 10:46:40 +01:00
Asger F
030bae9454 JS: Canonicalize ThisNode 2018-10-09 08:53:41 +01:00
Tom Hvitved
ccebd5eb11 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 16:23:29 +02:00
Asger F
d2af4ab94a Merge pull request #227 from xiemaisi/js/taint-kinds 
JavaScript: Add support for state-based taint tracking.
 2018-10-08 15:09:12 +01:00
Tom Hvitved
49644bfb47 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 11:48:56 +02:00
Max Schaefer
017ae4990d JavaScript: Use custom flow labels in ClientSideUrlRedirect. 2018-10-03 15:49:02 +01:00
Denis Levin
e147e690ee Merge branch 'master' into denisl/js/HttpToFileAccessTest 2018-10-02 15:13:35 -07:00
semmle-qlci
b35f450b01 Merge pull request #162 from asger-semmle/partial-calls 
Approved by esben-semmle, xiemaisi
 2018-10-02 11:24:02 +01:00
semmle-qlci
829a5cc451 Merge pull request #259 from asger-semmle/open-redirect-expr 
Approved by xiemaisi
 2018-10-02 08:32:48 +01:00
Denis Levin
9c487bc6d9 Merge branch 'master' 2018-10-01 14:51:56 -07:00
Denis Levin
82d8b4e371 Adding the source link to the test case samples 2018-10-01 11:45:38 -07:00
Asger F
9f07b1011d JS: bugfix in server-side redirect query 2018-10-01 12:34:13 +01:00
Asger F
46336a5643 JS: Add HostHeaderPoisoningInEmailGeneration query 2018-09-27 10:20:35 +01:00
Aditya Sharad
75680dbfef Merge branch 'next' into qlucie/master 2018-09-26 12:08:33 +01:00
Asger F
269bbc9a1a JavaScript: add flow steps through partial function application 2018-09-25 10:16:40 +01:00
Denis Levin
1438cae362 Correction to the test's expected file as the test was modified. 2018-09-24 10:45:54 -07:00
semmle-qlci
7f56be6fe2 Merge pull request #216 from asger-semmle/lusca-csrf 
Approved by esben-semmle
 2018-09-24 11:34:24 +01:00
semmle-qlci
46178271d1 Merge pull request #213 from asger-semmle/sendfile 
Approved by xiemaisi
 2018-09-24 11:32:46 +01:00
Denis Levin
8152cefa60 Squished changes for HttpToFileAccess commint 2018-09-21 16:44:01 -07:00
Asger F
4797924bea JS: review comments 2018-09-21 14:46:21 +01:00
Asger F
5f467d2fc5 JS: recognize CSRF middleware from lusca package 2018-09-21 13:15:40 +01:00
Asger F
6f109a742f JS: add a test case for res.sendfile 2018-09-21 11:04:33 +01:00
alexet
b94df82833 JavaScript: Fix expected output due to qltest change. 2018-09-20 15:56:20 +01:00
semmle-qlci
4aca8f4fd3 Merge pull request #201 from asger-semmle/string-concatenation-squashed 
Approved by esben-semmle
 2018-09-19 21:59:17 +01:00
Asger F
1d793c0a7b JavaScript: fix expected output 2018-09-19 14:33:23 +01:00
Asger F
9384b85bcc JavaScript: ensure prefix sanitizers work for array.join() 2018-09-17 14:31:26 +01:00
Esben Sparre Andreasen
33f98dd1a7 JS: add query: js/stored-xss 2018-09-14 15:30:44 +02:00
semmle-qlci
3d022298dc Merge pull request #186 from Semmle/rc/1.18 
Approved by esben-semmle
 2018-09-13 12:34:54 +01:00
Esben Sparre Andreasen
3d3b7b0254 JS: fix typo in test case 2018-09-06 22:54:07 +02:00
Esben Sparre Andreasen
b9d825b379 JS: better matching of String.prototype.search in js/regex-injection 2018-09-05 08:35:00 +02:00
Esben Sparre Andreasen
f5a6af54e6 JS: add security query: js/request-forgery 2018-09-04 09:25:42 +02:00
semmle-qlci
55ceb9be8b Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers 
Approved by xiemaisi
 2018-08-24 08:37:41 +01:00
Max Schaefer
2187b0c245 Merge pull request #89 from esben-semmle/js/sharpen-type-confusion 
JS: remove emptiness checks from the type confusion `x.length` sinks
 2018-08-23 08:04:09 +01:00
Esben Sparre Andreasen
20b48a2d24 JS: support relational indexof comparison sanitizers 2018-08-22 15:58:47 +02:00
Esben Sparre Andreasen
218c0cb51a JS: address review comments 2018-08-22 13:54:07 +02:00
Esben Sparre Andreasen
fef257b1ec JS: remove emptiness checks from the type confusion x.length sinks 2018-08-22 13:25:22 +02:00
semmle-qlci
7e7e30c01c Merge pull request #73 from esben-semmle/js/cleartext-logging-query 
Approved by xiemaisi
 2018-08-22 08:04:36 +01:00
Esben Sparre Andreasen
2b9f5c3fa2 JS: remove check for test-environment in js/clear-text-logging 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
3636708d30 JS: extract and expose StringConcatenationTaintStep in TaintTracking 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
bbdf6b0f1d JS: mark PrintfStyleCall as a taint step 2018-08-21 09:02:35 +02:00
semmle-qlci
44e4b25f42 Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00