hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
a66b4b55fe Update javascript/ql/src/experimental/poi/PoI.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-23 09:47:21 +02:00
Esben Sparre Andreasen
161c05dced Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-23 08:41:54 +02:00
Erik Krogh Kristensen
6ada588dd1 add support for util.inherits 2020-04-22 22:55:12 +02:00
Erik Krogh Kristensen
957e4073b0 use getABoundCallbackParameter in SocketIO 2020-04-22 21:56:34 +02:00
Erik Krogh Kristensen
40822e10b4 add SocketIO test case 2020-04-22 21:55:20 +02:00
Felicity Chapman
89bf35cd43 Merge branch 'rc/1.24' into merge-124-master 
Conflicts:
	change-notes/1.24/analysis-javascript.md
    Resolved in favor of the rc/1.24 branch
 2020-04-22 19:01:47 +01:00
Esben Sparre Andreasen
a0e6562208 JS: address review feedback 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
2747e2a0c7 JS: formatting 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
2186ca7efc JS: address non-semantic review feedback 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
27e5fce0ed JS: make the default PoIConfiguration/enabled inclusive 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
3b45bcd285 JS: remove the standard PoI configurations 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
dd6378f1d0 JS: address PoI review comments 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
b2ca3d2bdc JS: improve PoI::alertQuery docstring 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
a386d2dcee JS: add missing expected output 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
607d46e2f9 JS: improve PoI tests 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
c407cc072e JS: autoformat 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
e4ea089a0b JS: add experimental PoI module 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
ec73c97422 JS: refactor ClassifyFiles.qll from ClassifyFiles.ql 2020-04-22 14:24:34 +02:00
Erik Krogh Kristensen
ac26741816 reuse existing SanitizerGuard from UnsafeJQueryPlugin 2020-04-22 14:16:15 +02:00
Erik Krogh Kristensen
0a29d132d0 reuse existing logic in DomBasedXss 2020-04-22 13:50:43 +02:00
Erik Krogh Kristensen
ac44cb425e Merge branch 'master' into js/call-graph-exploration 2020-04-22 10:49:26 +02:00
Erik Krogh Kristensen
7bfea946fd update links in xss-through-dom qhelp 2020-04-22 10:23:03 +02:00
Erik Krogh Kristensen
8811455d49 Merge remote-tracking branch 'upstream/master' into XssDom 2020-04-22 10:20:40 +02:00
Erik Krogh Kristensen
76503d3536 user controlled -> user-controlled 2020-04-22 10:08:01 +02:00
Erik Krogh Kristensen
947e9828da Update javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-22 10:07:50 +02:00
semmle-qlci
2fb711e460 Merge pull request #3169 from erik-krogh/Maps 
Approved by asgerf, esbena
 2020-04-21 12:12:06 +01:00
Erik Krogh Kristensen
59b94b3d1b revert back to having 2 separate cases in JQuery::MethodCall 2020-04-21 13:08:06 +02:00
Asger Feldthaus
c04ba91a90 JS: Autoformat 2020-04-21 10:51:42 +01:00
Asger Feldthaus
39920c1b08 JS: Add forwarding libraries in old locations 2020-04-21 10:51:42 +01:00
Asger Feldthaus
9e4709148b JS: Move Forward/Backward exploration to explore folder 2020-04-21 10:51:41 +01:00
Asger Feldthaus
647a3d3a60 JS: Add note and debugging and exploration 2020-04-21 10:51:41 +01:00
Asger Feldthaus
ffeda7f45a JS: Expand on doc a bit 2020-04-21 10:51:41 +01:00
Asger Feldthaus
066549f682 JS: Fix typo in qldoc 2020-04-21 10:51:41 +01:00
Asger F
291ebccfef Update javascript/ql/src/semmle/javascript/explore/CallGraph.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-04-21 10:51:41 +01:00
Asger F
4c9ef8c570 Update javascript/ql/src/semmle/javascript/explore/CallGraph.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-04-21 10:51:41 +01:00
Asger Feldthaus
759e1dfe45 JS: Add helper library for call graph exploration 2020-04-21 10:51:40 +01:00
semmle-qlci
53abf83229 Merge pull request #3304 from asger-semmle/js/typescript-unary-type-expr 
Approved by erik-krogh
 2020-04-21 10:38:59 +01:00
Asger Feldthaus
1703ffe6a1 JS: Cache some SourceNode getter methods differently 2020-04-21 10:33:07 +01:00
Asger Feldthaus
997b44928e JS: Autoformat 2020-04-21 10:14:28 +01:00
semmle-qlci
2ecef33c9d Merge pull request #3299 from asger-semmle/js/flows-to-redundant-check 
Approved by esbena
 2020-04-21 10:00:34 +01:00
semmle-qlci
80c20cb66e Merge pull request #3297 from asger-semmle/js/isambient-refactor 
Approved by esbena
 2020-04-21 09:36:14 +01:00
Asger Feldthaus
883846dfb6 JS: Fix extraction of negative number literal types 2020-04-20 16:17:15 +01:00
Asger Feldthaus
4fc79e38ec JS: Also fix typo in test case 2020-04-20 15:24:51 +01:00
Asger Feldthaus
d4978905f8 JS: Use SendCallback/ReceiveCallback in getAck 2020-04-20 15:12:04 +01:00
Asger Feldthaus
ca60e8264e JS: Autoformat 2020-04-20 14:42:41 +01:00
Erik Krogh Kristensen
9fc29ee0f8 update qhelp 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
73b0aa4004 add more attributes potentially vulnerable to xss-through-dom 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
12f4ce8111 merge two cases of jQuery method calls 2020-04-20 13:28:55 +02:00
Erik Krogh Kristensen
8b254f7b49 Merge remote-tracking branch 'upstream/master' into Maps 2020-04-20 13:00:39 +02:00
Asger Feldthaus
bccc27f1e7 JS: Rephrase flowsTo to avoid redundant SourceNode::Range check 2020-04-20 10:57:52 +01:00