codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
semmle-qlci	53763c789f	Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path Approved by erik-krogh	2020-02-05 10:53:39 +00:00
semmle-qlci	52f34d7178	Merge pull request #2715 from erik-krogh/PrivateFields Approved by asgerf	2020-02-05 10:20:28 +00:00
Erik Krogh Kristensen	ffc6fddddd	update expected test output	2020-02-05 10:52:40 +01:00
Esben Sparre Andreasen	f6ad22dd1f	Merge pull request #2758 from asger-semmle/js/string-concat-concat JS: Model concat() calls as string concatenation	2020-02-05 10:41:02 +01:00
Erik Krogh Kristensen	76aca02752	change the pseudo-property on URL to a two-stage process	2020-02-05 10:27:03 +01:00
Erik Krogh Kristensen	e525cf0959	generalize `isAdditionalLoadStoreStep` such that it loads and stores different properties	2020-02-05 09:40:16 +01:00
Asger Feldthaus	b4df03767d	JS: Ignore obvious Array.prototype.concat calls	2020-02-04 16:36:41 +00:00
Erik Krogh Kristensen	8d37c03209	using pseudo-properties to model URL parsing	2020-02-04 16:30:07 +01:00
Asger Feldthaus	c185cededf	JS: More pruning and more data flow	2020-02-04 15:06:42 +00:00
semmle-qlci	4b89eee683	Merge pull request #2757 from max-schaefer/js/resolveMainModule-extensions Approved by asgerf	2020-02-04 13:07:08 +00:00
Erik Krogh Kristensen	15e26666cd	add declaration for private field in syntax error test	2020-02-04 14:05:09 +01:00
Asger Feldthaus	bf2c944b4f	JS: Model concat() calls as string concatenation	2020-02-04 10:20:37 +00:00
Max Schaefer	e21c24c60e	JavaScript: Add failing test case.	2020-02-04 09:39:04 +00:00
semmle-qlci	bd51ef35b7	Merge pull request #2731 from erik-krogh/CVE527 Approved by esbena	2020-02-04 08:38:26 +00:00
Esben Sparre Andreasen	bbd60f52ba	JS: add additional flow steps to js/path-injection	2020-02-03 16:36:25 +01:00
Erik Krogh Kristensen	e3189aaa47	raise syntax error on declaration of private method, and add syntax tests for private fields	2020-02-03 16:00:25 +01:00
semmle-qlci	3a7845e7fc	Merge pull request #2653 from erik-krogh/exceptionFPs Approved by esbena	2020-02-03 14:15:24 +00:00
Asger Feldthaus	9abf5f06e6	TS: Resolve imports using TypeScript symbols	2020-02-03 09:32:56 +00:00
Esben Sparre Andreasen	c70997febf	JS: address review comments for js/unsafe-jquery-plugin	2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen	2ad9b843ae	JS: fix FP for js/unsafe-jquery-plugin	2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen	cfd567f01d	JS: fix FP for js/unsafe-jquery-plugin	2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen	9e247921fc	JS: add FP tests for js/unsafe-jquery-plugin	2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen	fef918ac13	JS: add query "Unsafe jQuery plugin"	2020-01-31 19:33:04 +01:00
semmle-qlci	d995d5a4a0	Merge pull request #2716 from esbena/js/additional-koa-requests Approved by erik-krogh	2020-01-31 18:30:42 +00:00
Erik Krogh Kristensen	e6d46b9279	add test for new prefix check on TaintedPath	2020-01-31 12:35:03 +01:00
Erik Krogh Kristensen	279c584bb8	fix FP in js/path-injection by recognizing more prefix checks	2020-01-31 11:03:11 +01:00
semmle-qlci	f8d0b4e602	Merge pull request #2618 from erik-krogh/ExceptionalPromise Approved by asgerf	2020-01-31 07:59:09 +00:00
Esben Sparre Andreasen	5f1317fa2d	JS: model path.parse and its ponyfill package: "path-parse"	2020-01-30 21:26:18 +01:00
semmle-qlci	3158b8401a	Merge pull request #2705 from erik-krogh/CVE75 Approved by asgerf	2020-01-30 13:07:05 +00:00
semmle-qlci	120b50f497	Merge pull request #2708 from asger-semmle/js/react-flow-through-imports Approved by esbena	2020-01-30 13:05:07 +00:00
Erik Krogh Kristensen	162c19c348	changes based on review	2020-01-30 14:04:04 +01:00
Erik Krogh Kristensen	7637ebcc03	Merge remote-tracking branch 'upstream/master' into exceptionFPs	2020-01-30 10:56:41 +01:00
Esben Sparre Andreasen	a6d3afd817	JS: support additional Koa request sources	2020-01-29 14:49:01 +01:00
Esben Sparre Andreasen	d4d910b681	JS: add koa test	2020-01-29 14:41:23 +01:00
Erik Krogh Kristensen	b8834ffcad	add support for private fields in classes	2020-01-29 13:10:45 +01:00
semmle-qlci	fb90c2ba52	Merge pull request #2681 from asger-semmle/csrf-only-session-cookie-access Approved by erik-krogh, max-schaefer	2020-01-29 10:46:48 +00:00
Erik Krogh Kristensen	cb16116b4d	adjust type-tracking on custom EventEmitters	2020-01-28 14:00:26 +01:00
Asger Feldthaus	b306571d52	JS: Type-track react component factories	2020-01-28 10:22:04 +00:00
Asger Feldthaus	b98db62e82	JS: Recognize req.user a cookie access	2020-01-24 09:44:20 +00:00
Asger Feldthaus	a68bb9ffd1	JS: Ignore calls and csrf/captcha access	2020-01-23 15:32:05 +00:00
Asger Feldthaus	b1ec3e1bf2	JS: Add test and dont check predecessors	2020-01-23 14:59:03 +00:00
Erik Krogh Kristensen	b526a2ea0f	implement a model of WebSocket and ws based on the EventEmitter model	2020-01-22 14:46:53 +01:00
semmle-qlci	007b0795ec	Merge pull request #2636 from erik-krogh/NewSocketIO Approved by esbena	2020-01-22 13:46:11 +00:00
Erik Krogh Kristensen	5063e3820d	update expected output	2020-01-22 11:18:47 +01:00
Erik Krogh Kristensen	8370699344	add support for creating a promise with another resolved promise, e.g: Promise.resolve(otherPromise)	2020-01-21 20:11:27 +01:00
Erik Krogh Kristensen	fe0b6a86d7	add data-flow steps for when Promise handlers return other promises	2020-01-21 16:15:18 +01:00
Erik Krogh Kristensen	d8b25ef5a2	add data-flow steps for resolved promises using pseudo-properties	2020-01-21 15:52:50 +01:00
Erik Krogh Kristensen	6648e2751f	remove use of .getAlocalSource() i custom load/store test	2020-01-21 15:49:42 +01:00
Erik Krogh Kristensen	569ee8fc8d	add support for subclasses of EventEmitter	2020-01-21 12:08:50 +01:00
Erik Krogh Kristensen	026092559c	changes based on review	2020-01-20 15:53:58 +01:00

... 23 24 25 26 27 ...

2615 Commits