hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Max Schaefer
d81d80430e JavaScript: Add a regression test for DeadStoreOfProperty. 2020-09-02 19:45:27 +01:00
Max Schaefer
df49818152 JavaScript: Address review comments. 2020-09-02 19:45:27 +01:00
Max Schaefer
82d92dc726 JavaScript: Avoid bad join order. 
The optimiser decided that it would be a great idea to start the pipeline with `getReturn().getAUse().(DataFlow::InvokeNode)`. It's not.
 2020-09-02 17:42:33 +01:00
Max Schaefer
500f7bd8fa JavaScript: Reduce complexity of SystemCommandExecutors charpred. 2020-09-02 17:42:32 +01:00
Max Schaefer
e3a9906071 JavaScript: Switch MissingRateLimiting.qll to API graphs. 
The added test shows how this helps us avoid false positives.
 2020-09-02 17:35:47 +01:00
Max Schaefer
e34a821cc6 JavaScript: Switch system-command executor modelling from source nodes to API graphs. 2020-09-02 17:35:47 +01:00
Max Schaefer
6d68036d85 JavaScript: Add test demonstrating more SQL flow. 2020-09-02 17:35:47 +01:00
Max Schaefer
68b3ccdc65 JavaScript: Switch SQL modelling from source nodes to API graphs. 2020-09-02 17:35:47 +01:00
Max Schaefer
f3e9104be4 JavaScript: Add implementation of API graphs. 2020-09-02 17:35:47 +01:00
Arthur Baars
90f013d74f Merge pull request #4176 from aibaars/missing-qhelp 
Add missing QHelp files
 2020-09-02 16:12:42 +02:00
Asger F
2c0e9f0c86 Merge pull request #4186 from github/rc/1.25 
Mergeback: 1.25 -> main
 2020-09-02 15:12:25 +01:00
Max Schaefer
cd64ce7b1a JavaScript: Add utility predicate SSA::implicitInit. 2020-09-02 14:34:52 +01:00
CodeQL CI
c017308505 Merge pull request #4134 from erik-krogh/genCalls 
Approved by asgerf
 2020-09-02 14:23:39 +01:00
Alessio Della Libera
785f335ab8 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:22:33 +02:00
Alessio Della Libera
548cb65a64 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:22:23 +02:00
Alessio Della Libera
26046a4847 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:22:07 +02:00
Alessio Della Libera
6ad88bf93f Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:21:55 +02:00
Erik Krogh Kristensen
a24db09418 only flag unused array-destructs if it is the last variable 2020-09-02 11:40:35 +02:00
CodeQL CI
48a1ee6233 Merge pull request #4130 from erik-krogh/bbFix 
Approved by asgerf
 2020-09-02 10:38:50 +01:00
Erik Krogh Kristensen
f0a0f41c3c allow urls that are prefixed with # or ? in js/unsafe-external-link 2020-09-02 10:19:42 +02:00
ubuntu
042d07161c Rename getQueryCall to getQueryCallSink 2020-09-01 22:43:31 +02:00
ubuntu
15562e4814 Update LdapjsSearchOptions 2020-09-01 22:28:58 +02:00
ubuntu
e2e55455c1 Update LdapjsSearchOptions and getQueryCall 2020-09-01 22:23:07 +02:00
Alessio Della Libera
8f00acd4e2 Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 21:00:49 +02:00
Alessio Della Libera
78ebcee570 Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 21:00:38 +02:00
Alessio Della Libera
b86b9ba510 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 21:00:21 +02:00
Alessio Della Libera
28729915d7 Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 20:56:25 +02:00
Alessio Della Libera
1b50477fae Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 20:55:44 +02:00
Alessio Della Libera
44e728016b Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 20:54:58 +02:00
Erik Krogh Kristensen
6cbdc7ad8f autoformat 2020-09-01 20:16:49 +02:00
Erik Krogh Kristensen
2628c05e43 split out comment over multiple lines 2020-09-01 13:12:44 +02:00
Erik Krogh Kristensen
c6947320ea use isAsyncOrGenerator instead of isOrdinary 2020-09-01 13:11:44 +02:00
Arthur Baars
aedfa47cb4 Add missing QHelp files 2020-09-01 12:46:57 +02:00
Erik Krogh Kristensen
f7edf28d0d allow mailto links in js/unsafe-external-link 2020-08-31 16:01:28 +02:00
Max Schaefer
22ccae6006 JavaScript: Make PromiseFlow module public. 2020-08-31 11:55:10 +01:00
ubuntu
104c9b5dac Move sinks into separate classes 2020-08-29 11:24:58 +02:00
Alessio Della Libera
8f98723822 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-29 11:18:41 +02:00
Erik Krogh Kristensen
f4060723bb add stats for new properties 2020-08-28 12:43:26 +02:00
Erik Krogh Kristensen
038cca814a Merge branch 'main' into ts4 2020-08-28 10:27:49 +02:00
CodeQL CI
80cb8be405 Merge pull request #4155 from asger-semmle/js/lower-duplicate-element-id-precision 
Approved by esbena
 2020-08-28 08:52:58 +01:00
CodeQL CI
ac94869978 Merge pull request #3978 from dellalibera/js/insecure-cookies 
Approved by esbena
 2020-08-28 08:31:38 +01:00
Asger Feldthaus
e7a0bc6be6 JS: Lower precision of ambiguous HTML ID attribute 2020-08-27 15:51:34 +01:00
Esben Sparre Andreasen
9aa1404646 JS: fix formatting of InsecureCookie.qll 2020-08-27 09:44:45 +02:00
Esben Sparre Andreasen
67278d9c93 Merge pull request #4141 from esbena/js/clarify-sanitization 
JS: make sanitization a "common" technique rather than "important"
 2020-08-27 08:08:17 +02:00
ubuntu
736f76b685 Simplify getQueryCall 2020-08-27 02:12:17 +02:00
ubuntu
30e7f958a8 Highlight API call 2020-08-27 01:42:16 +02:00
ubuntu
7eeec0d765 Correct typo example 2020-08-27 01:07:13 +02:00
ubuntu
cbe879ae73 Correct typo examples 2020-08-27 01:05:49 +02:00
ubuntu
68ff480892 Update .qhelp 2020-08-27 00:51:08 +02:00
ubuntu
13f443d2c3 Update getLdapjsClientDNMethodName 2020-08-27 00:48:29 +02:00