hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

2615 Commits

Author SHA1 Message Date
semmle-qlci
29b8a0db92 Merge pull request #3508 from asger-semmle/js/shared-data-flow-node 
Approved by esbena
 2020-05-20 10:58:09 +01:00
Erik Krogh Kristensen
7c51dff0f7 share implementation between TaintedPath and ZipSlip 2020-05-20 10:10:04 +02:00
Erik Krogh Kristensen
5b569a4d6d add a sanitizer for chained replace-calls 2020-05-19 19:16:58 +02:00
Asger Feldthaus
b39e0ec091 JS: Update output due to whitelisting change 2020-05-19 15:30:36 +01:00
Erik Krogh Kristensen
b71919299b Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-19 14:03:03 +02:00
Esben Sparre Andreasen
76bce40a8b JS: test fixups 2020-05-19 13:12:34 +02:00
Asger Feldthaus
525b9871e0 JS: Update benign test output changes 2020-05-19 11:07:08 +01:00
Erik Krogh Kristensen
0275ea955b update expected output 2020-05-19 10:29:07 +02:00
Erik Krogh Kristensen
a4450c36f6 autoformat 2020-05-19 10:26:36 +02:00
Erik Krogh Kristensen
5a5192b890 add testing for complex path sanitizer in ZipSlip 2020-05-19 10:17:15 +02:00
semmle-qlci
0c081a8e87 Merge pull request #3497 from esbena/js/yield-and-local-objects 
Approved by asgerf, erik-krogh
 2020-05-19 09:02:22 +01:00
Asger Feldthaus
7d9923038e JS: Fix perf issue from overriding isIncomplete 2020-05-18 22:45:59 +01:00
Asger Feldthaus
9581bb52cb JS: Update test output 2020-05-18 22:45:59 +01:00
Asger Feldthaus
430bf2da8a JS: Fix whitelisting in UselessConditional 2020-05-18 22:45:56 +01:00
Asger Feldthaus
eddbdffe62 JS: Add more tests for implicit returns 2020-05-18 22:29:33 +01:00
Asger Feldthaus
c869812563 JS: Add UselessConditional test 2020-05-18 22:29:32 +01:00
Erik Krogh Kristensen
aa396a39d3 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 20:57:51 +00:00
Erik Krogh Kristensen
fc7e9eb8c8 add test for non-tracked aliasing 2020-05-18 22:40:41 +02:00
Erik Krogh Kristensen
742abf8751 refactor package export into a library, and add tests for the library 2020-05-18 21:06:14 +02:00
Asger F
96d6115452 Merge branch 'master' into js/sql-type-tracking 2020-05-18 15:58:42 +01:00
Erik Krogh Kristensen
70a28f60e3 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 14:05:37 +00:00
Max Schaefer
6797fec1a3 JavaScript: Add more models of packages that execute commands over SSH. 2020-05-18 12:08:14 +01:00
Esben Sparre Andreasen
a9ba6ac659 JS: make LocalObjects::isEscape aware of yield 2020-05-18 12:43:46 +02:00
semmle-qlci
14664be467 Merge pull request #3468 from p0/imp/nodejs-vm-sinks 
Approved by esbena
 2020-05-18 11:10:13 +01:00
Esben Sparre Andreasen
b3691cd0e9 JS: change MembershipTest to MembershipCandidate 2020-05-18 11:51:00 +02:00
Erik Krogh Kristensen
c6276ddd1c update expected output after restricting precise array tracking to Promise.all 2020-05-18 11:49:07 +02:00
Erik Krogh Kristensen
bd3c4d4077 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 07:51:19 +00:00
Esben Sparre Andreasen
ddb545c182 JS: introduce MembershipTests.qll and use in two locations 2020-05-18 09:50:00 +02:00
semmle-qlci
6041d52936 Merge pull request #3424 from asger-semmle/js/express-param-handler 
Approved by esbena
 2020-05-18 08:48:24 +01:00
semmle-qlci
0230b79efc Merge pull request #3391 from erik-krogh/SplitFPs 
Approved by esbena
 2020-05-18 08:46:26 +01:00
Erik Krogh Kristensen
c8cf958c8a add test cases for js/shell-command-constructed-from-input 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
a1a6826278 support non-SourceNode in IndirectCommandArgument#argumentList 2020-05-16 23:15:37 +02:00
semmle-qlci
8d41ce1630 Merge pull request #3480 from erik-krogh/moreSlip 
Approved by esbena
 2020-05-16 21:17:27 +01:00
Erik Krogh Kristensen
e2cd7e6230 more precise taint-tracking for Promise.all 2020-05-15 22:02:41 +02:00
Asger Feldthaus
5249e84359 JS: Type track spanner model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
d225715828 JS: Type track mssql model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
6dcee5a0ef JS: Type track sqlite model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
84cd02cf01 JS: Type track pg model 2020-05-15 17:27:27 +01:00
Asger Feldthaus
f7771f17d1 JS: Type track mysql model 2020-05-15 17:27:27 +01:00
Asger Feldthaus
3e9849b7c4 JS: Type track sequelize model 2020-05-15 17:27:24 +01:00
Erik Krogh Kristensen
3138918f1d add test for promise inside Promise.all 2020-05-15 11:49:29 +02:00
Asger Feldthaus
d84f1b47c2 JS: Refactor RequestInputAccess to use source nodes 2020-05-15 09:59:28 +01:00
Asger Feldthaus
da974f1527 JS: Add test with dynamic access to req.query 2020-05-15 09:59:28 +01:00
Asger Feldthaus
bfbe70a7a9 JS: Fixes 2020-05-15 09:59:27 +01:00
Asger Feldthaus
9cacfab7c6 JS: Recognize Express param value callback as RemoteFlowSource 2020-05-15 09:59:26 +01:00
semmle-qlci
a536069059 Merge pull request #3408 from esbena/js/unsafe-html-expansion 
Approved by asgerf, mchammer01
 2020-05-15 08:24:12 +01:00
Erik Krogh Kristensen
6775294ac1 update expected output 2020-05-14 22:26:44 +02:00
Erik Krogh Kristensen
e7d1b12ac8 add test 2020-05-14 20:31:23 +02:00
Erik Krogh Kristensen
5132e61ce7 add tests 2020-05-14 18:55:49 +02:00
semmle-qlci
c06680a496 Merge pull request #3470 from asger-semmle/js/cache-module-import 
Approved by esbena
 2020-05-14 17:20:04 +01:00