hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

911 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
c375a0c611 fix compilation and update expected output 2020-06-11 11:16:38 +02:00
Erik Krogh Kristensen
1124816f73 fixing FPs in js/biased-cryptographic-random 2020-06-11 11:06:02 +02:00
Asger Feldthaus
4bb2e8b637 JS: Update test externs and include array indices 2020-06-11 09:53:55 +01:00
Erik Krogh Kristensen
aa3482cbae improve detection of duplicate results with js/code-injection 2020-06-10 22:58:02 +02:00
Esben Sparre Andreasen
d6ae905eac JS: remove speculative property access sink from js/server-crash 2020-06-10 21:40:12 +02:00
Erik Krogh Kristensen
373a437d71 add query to detect improperly sanitized code 2020-06-10 19:50:12 +02:00
Erik Krogh Kristensen
5c31b94761 autoformat and update expected output 2020-06-10 18:00:56 +02:00
Esben Sparre Andreasen
1d396524a3 JS: add initial version of ServerCrash.ql 2020-06-10 14:25:56 +02:00
Erik Krogh Kristensen
c4f61134f1 include the source of cryptographically random number in alert message 2020-06-10 13:32:46 +02:00
Erik Krogh Kristensen
7e8fd80327 use steps from InsecureRandomness, and use small-steps 2020-06-10 12:27:50 +02:00
Erik Krogh Kristensen
9189f23403 add support for secure-random 2020-06-10 10:39:02 +02:00
Erik Krogh Kristensen
16ec405724 add explanations about modulo by power of 2 2020-06-10 10:38:47 +02:00
Erik Krogh Kristensen
111f6d406c introduce query to detect biased random number generators 2020-06-10 10:00:10 +02:00
Erik Krogh Kristensen
b8a9ac39f4 add lValueFlowStep for rest-pattern nested inside a property-pattern (and removed old incorrect approach) 2020-06-09 18:16:00 +02:00
Erik Krogh Kristensen
b6e0e6645f Merge pull request #3645 from erik-krogh/infExposure 
JS: add query to detect accidential leak of private files
 2020-06-09 17:38:31 +02:00
Erik Krogh Kristensen
b510e470b1 support rest-patterns inside property patterns 2020-06-09 13:28:56 +02:00
Erik Krogh Kristensen
b04d7015ae fix test 2020-06-09 11:23:46 +02:00
Esben Sparre Andreasen
2d2468463b JS: initial version of IncompleteMultiCharacterSanitization.ql 2020-06-09 08:59:59 +02:00
Erik Krogh Kristensen
167239e745 add query to detect accidential leak of private files 2020-06-08 23:41:14 +02:00
Erik Krogh Kristensen
0f06f04e32 extend support for yargs for js/indirect-command-line-injection 2020-06-08 16:45:09 +02:00
semmle-qlci
ff6936caa7 Merge pull request #3625 from erik-krogh/CVE714 
Approved by asgerf
 2020-06-05 12:21:10 +01:00
semmle-qlci
69a1e11c06 Merge pull request #3609 from erik-krogh/CredFN 
Approved by asgerf, esbena
 2020-06-05 10:49:01 +01:00
Erik Krogh Kristensen
815671f5d0 add sanitizer guard for typeof undefined 2020-06-04 21:32:26 +02:00
Erik Krogh Kristensen
5ce2987cb2 adjust comments to reflect that tainted-path have no array-steps 2020-06-04 16:15:37 +02:00
Erik Krogh Kristensen
60320a9d78 update TaintedPath to use new consistency checking 2020-06-04 11:00:40 +02:00
Erik Krogh Kristensen
c7c46ea3d6 update test comments to be consistent 2020-06-04 10:55:09 +02:00
Erik Krogh Kristensen
550c578c3c use MemberShipTest in TaintedPath 2020-06-04 10:51:08 +02:00
Erik Krogh Kristensen
d513e6c5b5 update comments in TaintedPath tests 2020-06-04 10:40:14 +02:00
semmle-qlci
70131e6ac8 Merge pull request #3598 from asger-semmle/js/regexp-test 
Approved by esbena
 2020-06-04 09:05:21 +01:00
Erik Krogh Kristensen
a90c8769ee update expected output 2020-06-03 15:24:04 +02:00
Erik Krogh Kristensen
a1940979ba support credentials in a Buffer 2020-06-03 12:02:00 +02:00
Erik Krogh Kristensen
ba44ebe8a8 better support for browser based fetch API 2020-06-03 11:51:24 +02:00
Erik Krogh Kristensen
3622fb8716 support more variants of the Headers API 2020-06-03 11:50:10 +02:00
Erik Krogh Kristensen
3c802007a3 add support for string concatenations and base64-encoding of hardcoded credentials 2020-06-02 23:15:13 +02:00
Erik Krogh Kristensen
b6dc94fccb add fetch.Headers.Authorization as a CredentialsExpr 2020-06-02 23:02:16 +02:00
Asger Feldthaus
945db4d86c JS: Fix test output 2020-06-02 16:38:21 +01:00
Esben Sparre Andreasen
f9ed64fc45 Merge branch 'master' into js/membershiptest 2020-06-02 08:54:44 +02:00
Asger Feldthaus
707b0f33a0 JS: Use in ContainsHTMLGuard 2020-06-01 12:06:40 +01:00
Erik Krogh Kristensen
5bb308dc8f sanitize variables used in an HTML escaping switch-case 2020-05-28 12:37:41 +02:00
Erik Krogh Kristensen
1a2db10a90 recognize barrier guard where the result is stored in a variable 2020-05-28 10:24:42 +02:00
Erik Krogh Kristensen
562a38cdd5 add ContainsHTMLGuard 2020-05-28 10:24:42 +02:00
Erik Krogh Kristensen
33da82d884 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566 2020-05-27 12:21:14 +00:00
Erik Krogh Kristensen
319363f56c update expected output 2020-05-26 18:47:37 +02:00
Erik Krogh Kristensen
ad40c4b0f2 add a sanitizer guard for safe attribute string concatenations 2020-05-26 12:36:47 +02:00
Erik Krogh Kristensen
9254df1f78 sanitize optionally sanitized values 2020-05-26 00:09:11 +02:00
semmle-qlci
b9ecf1a304 Merge pull request #3447 from erik-krogh/LibCmdInjection 
Approved by asgerf, mchammer01
 2020-05-22 17:10:57 +01:00
Esben Sparre Andreasen
e172d55ecb Update javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.js 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-22 13:33:34 +02:00
semmle-qlci
8df7b7c42a Merge pull request #3525 from erik-krogh/ZipTaint 
Approved by asgerf
 2020-05-20 16:45:02 +01:00
Erik Krogh Kristensen
7c51dff0f7 share implementation between TaintedPath and ZipSlip 2020-05-20 10:10:04 +02:00
Erik Krogh Kristensen
5b569a4d6d add a sanitizer for chained replace-calls 2020-05-19 19:16:58 +02:00