hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

2615 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
d36312cf9f update expected output 2019-11-15 16:08:13 +01:00
Erik Krogh Kristensen
3edd65f9ab changed the exceptional taint-steps to step through each call-site 2019-11-15 16:05:15 +01:00
Erik Krogh Kristensen
e95cceef1d import all the shared XSS sources and sinks 2019-11-15 15:41:53 +01:00
Erik Krogh Kristensen
65a018ceed use flow labels to avoid dual configurations 2019-11-15 14:37:46 +01:00
Erik Krogh Kristensen
8d2ae136b0 move String.prototype.match taint step to a general AdditionalTaintStep 2019-11-15 12:52:54 +01:00
semmle-qlci
2f63b89941 Merge pull request #2338 from esbena/js/model-get-them-args 
Approved by max-schaefer
 2019-11-15 11:50:45 +00:00
Asger F
e3b15a98c4 JS: Add prop names for array element pattern PropReads 2019-11-15 11:16:50 +00:00
Asger F
37aa85fe81 JS: Fix parsing of non-BMP chars before a quantifier 2019-11-15 09:27:21 +00:00
Asger F
57a9cad721 JS: Fix offsets of octal and unicode escape 2019-11-15 09:27:20 +00:00
Asger F
e01a9846d8 JS: Update test annotations 2019-11-15 09:27:20 +00:00
Asger F
153d34638b JS: Fix a FP 2019-11-15 09:27:20 +00:00
Asger F
8c5b9b9195 JS: Add missing post-anchor case to MissingRegExpAnchor 2019-11-15 09:27:20 +00:00
Asger F
17ad97812e JS: Fix FPs from TLDs without a domain name 2019-11-15 09:27:20 +00:00
Asger F
e45c361d64 JS: Port IncompleteHostnameRegExp 2019-11-15 09:27:20 +00:00
Asger F
9ecab1b5d5 JS: Port unanchored RegExp query but for hostnames only 2019-11-15 09:27:20 +00:00
Asger F
e5f2f9e43e JS: Do not flag semi-anchored regexps in .replace() 2019-11-15 09:27:20 +00:00
Asger F
cae09a447b JS: Update test case 2019-11-15 09:27:20 +00:00
Asger F
3e37950170 JS: Whitelist one more FP case 2019-11-15 09:27:20 +00:00
Asger F
2b151cd587 JS: Include anchor direction in message 2019-11-15 09:27:20 +00:00
Asger F
3e952cf564 JS: Restrict semi-anchored regex query more 2019-11-15 09:27:19 +00:00
Asger F
0726bd8cac JS: Add double semi-anchored test case 2019-11-15 09:27:19 +00:00
Asger F
9fa9729470 JS: Shift line numbers in SemiAnchoredRegExp testcase 2019-11-15 09:27:19 +00:00
Asger F
8bc89ee254 JS: Update semi-anchored regex query 2019-11-15 09:27:19 +00:00
Asger F
c21d095d38 JS: Restrict RegExp queries to actual regular expressions 2019-11-15 09:27:19 +00:00
Asger F
e0bdc777b9 JS: Make ReDoS check string-based regexes 2019-11-15 09:27:19 +00:00
Asger F
97e5da1046 JS: Update ReDoS query 2019-11-15 09:27:19 +00:00
Asger F
591fffc5cc JS: Add test case for wide constants in char class 2019-11-15 09:27:19 +00:00
Asger F
68d23bcf8c JS: Extract surrogate pairs as one constant node 2019-11-15 09:27:19 +00:00
Esben Sparre Andreasen
8e6a19b3d3 JS: add DefaultParsedCommandLineArgumentsAsSource 2019-11-15 08:42:02 +01:00
Esben Sparre Andreasen
2ea7d141c8 Merge pull request #2310 from max-schaefer/js/insufficient-url-scheme-check 
JavaScript: Add query `IncompleteUrlSchemeCheck`
 2019-11-14 22:13:02 +01:00
Erik Krogh Kristensen
7137a64b7d Added query for detecting XSS that happens through an exception 2019-11-14 17:04:00 +01:00
Esben Sparre Andreasen
cc768345d0 JS: add security tests for malicious torrents 2019-11-14 13:54:19 +01:00
Esben Sparre Andreasen
bea59ec8ad JS: add some parsed torrent properties as remote flow sources 2019-11-14 13:54:19 +01:00
Dave Bartolomeo
e89ecc19e3 Merge pull request #2302 from max-schaefer/test-qlpacks 
Add `qlpack.yml` files for test folders.
 2019-11-13 12:21:19 -07:00
semmle-qlci
b11a7427c2 Merge pull request #2270 from erik-krogh/reflectiveExpr 
Approved by max-schaefer
 2019-11-13 13:08:40 +00:00
Max Schaefer
ab583b7994 JavaScript: Add query IncompleteUrlSchemeCheck.ql. 2019-11-13 10:27:18 +00:00
Max Schaefer
155cea7b5b Revert "JavaScript: Improve double-escaping query" 2019-11-12 22:54:12 +00:00
Max Schaefer
5b2e32b051 Add qlpack.yml files for test folders. 2019-11-12 15:03:02 +00:00
Erik Krogh Kristensen
6f6c4c4fcc fix tests after change from tabs to spaces 2019-11-12 08:48:01 +01:00
Erik Krogh Kristensen
67b38ed301 correctly weed out benign calls inside attributes 2019-11-11 15:30:33 +01:00
Esben Sparre Andreasen
9b346b1d52 Merge pull request #2260 from max-schaefer/js/_min 
JavaScript: Classify files with names ending in `_min` as minified.
 2019-11-08 13:52:33 +01:00
semmle-qlci
e65271dfad Merge pull request #2251 from asger-semmle/barrier-guard-improvements 
Approved by esbena
 2019-11-07 15:50:23 +00:00
semmle-qlci
f79c2a7630 Merge pull request #2224 from asger-semmle/access-paths-with-source-node-root 
Approved by max-schaefer
 2019-11-07 15:46:14 +00:00
Erik Krogh Kristensen
0c080a82be fix expected output 2019-11-07 14:31:09 +01:00
Erik Krogh Kristensen
232e875274 add test for getEnclosingExpr 2019-11-07 14:29:31 +01:00
semmle-qlci
3a7f9a588d Merge pull request #2267 from max-schaefer/js/qltest-extractor-options 
Approved by asger-semmle
 2019-11-07 11:36:45 +00:00
Max Schaefer
e314869e5c JavaScript: Classify files with names ending in _min as minified. 
We already do the same for `-min` and `.min`. [Here](https://github.com/antoniogarrote/rdfstore-js/blob/master/dist/rdfstore_min.js) is a real-world example.
 2019-11-07 10:33:47 +00:00
Max Schaefer
54e40a8977 JavaScript: Move --html all extractor options into options file. 2019-11-06 16:30:01 +00:00
Asger F
d9beb54dde Merge pull request #2102 from erik-krogh/deferredModel 
JS: add Deferred model in js/use-of-returnless-function
 2019-11-06 14:30:03 +00:00
semmle-qlci
f73caac88d Merge pull request #2254 from asger-semmle/for-of-propread 
Approved by max-schaefer
 2019-11-06 13:44:55 +00:00