hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Asger Feldthaus
317a073b6e JS: DictionaryTaintStep 2021-03-17 13:25:58 +00:00
Asger Feldthaus
3398ddf783 JS: HeapTaintStep 2021-03-17 13:25:58 +00:00
Asger Feldthaus
c3e00181cb JS: Add SharedTaintStep 2021-03-17 13:25:58 +00:00
Erik Krogh Kristensen
dab6a11978 add example code 2021-03-17 13:35:16 +01:00
Erik Krogh Kristensen
5898b48391 add missing polarity check 2021-03-17 13:35:07 +01:00
Erik Krogh Kristensen
1db5cb15f0 Update javascript/ql/src/semmle/javascript/security/IncompleteBlacklistSanitizer.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-17 13:30:05 +01:00
Erik Krogh Kristensen
edb0f77177 add missing qldoc 2021-03-17 10:05:36 +01:00
Erik Krogh Kristensen
8975c3a7ce broaden which types are recognized by API-graphs 2021-03-17 10:03:55 +01:00
Erik Krogh Kristensen
2f3869f41b add model for puppeteer 2021-03-17 10:03:51 +01:00
Asger Feldthaus
97b8e35426 JS: Update test expectations 2021-03-16 15:09:01 +00:00
Asger Feldthaus
a76be91481 JS: Remove deprected use of queryAccess 2021-03-16 13:28:12 +00:00
Asger Feldthaus
ff1326cc7b JS: Cache getReExportedModule 2021-03-16 13:28:12 +00:00
Asger Feldthaus
710cca5395 JS: Update expectations with new sources 2021-03-16 13:28:12 +00:00
Asger Feldthaus
a9383da2c3 JS: Autoformat 2021-03-16 13:28:12 +00:00
Asger Feldthaus
bc4c178648 JS: Cache together 2021-03-16 13:28:12 +00:00
Asger Feldthaus
7b7e87f177 JS: Fix bad join order in closure 2021-03-16 13:28:11 +00:00
Asger Feldthaus
aa1c8c041e JS: Exclude client-side sources from RegExpInjection 2021-03-16 13:28:11 +00:00
Asger Feldthaus
2e57a7d3e9 JS: Add ClientSideRemoteFlowSource 2021-03-16 13:28:09 +00:00
CodeQL CI
ae62fbc2c7 Merge pull request #5382 from erik-krogh/moreCache 
Approved by asgerf
 2021-03-16 05:53:03 -07:00
CodeQL CI
b37da7cc22 Merge pull request #5386 from erik-krogh/cachePrepend 
Approved by asgerf
 2021-03-16 05:49:24 -07:00
CodeQL CI
40acb95105 Merge pull request #5397 from erik-krogh/globalSanitizer 
Approved by asgerf
 2021-03-16 05:37:32 -07:00
Erik Krogh Kristensen
3640bbd466 add test for IncompleteHtmlAttributeSanitization 2021-03-16 13:25:27 +01:00
Erik Krogh Kristensen
1bf259beef support another String.prototype.replace pattern 2021-03-16 13:25:13 +01:00
CodeQL CI
c08230ce1e Merge pull request #5378 from asgerf/js/meta-problem-queries 
Approved by esbena
 2021-03-16 03:58:12 -07:00
Jaroslav Lobačevski
8445ec6c17 Update javascript/ql/src/experimental/semmle/javascript/Actions.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-15 19:15:10 +02:00
Jaroslav Lobačevski
87ea442a78 qhelp 2021-03-15 18:47:45 +02:00
Jaroslav Lobačevski
de6ed1dcb9 File rename 2021-03-15 18:34:10 +02:00
Jaroslav Lobačevski
a823baabfb Ranamed to CWE-094 2021-03-15 18:24:08 +02:00
Jaroslav Lobačevski
16ca2314e4 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-15 18:14:20 +02:00
CodeQL CI
9268050eb8 Merge pull request #5369 from erik-krogh/tempObjInj 
Approved by asgerf
 2021-03-15 05:23:55 -07:00
CodeQL CI
a9c292e265 Merge pull request #5391 from erik-krogh/additionalXss 
Approved by asgerf
 2021-03-15 04:50:54 -07:00
Erik Krogh Kristensen
b039267b76 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-15 12:39:56 +01:00
Erik Krogh Kristensen
1dcfc3840d add test 2021-03-12 16:25:33 +01:00
Erik Krogh Kristensen
f357b73f94 require that the MetacharEscapeSanitizer is a global replace call 2021-03-12 16:18:47 +01:00
CodeQL CI
cb6ee547ca Merge pull request #5379 from asgerf/js/d3 
Approved by erik-krogh
 2021-03-12 06:49:48 -08:00
Asger Feldthaus
a2d1e88bb3 JS: Update more test expectations 2021-03-12 12:57:21 +00:00
Asger Feldthaus
5d6a93332f JS: Autoformat 2021-03-12 08:28:32 +00:00
Erik Krogh Kristensen
d7b0f628a1 add test 2021-03-12 00:03:20 +01:00
Erik Krogh Kristensen
ae805eb939 don't filter away templated URLs in RemoteServerResponse 2021-03-11 23:52:24 +01:00
Asger Feldthaus
a03cb11257 JS: Include $().prop() source in XssThroughDom 2021-03-11 16:27:31 +00:00
Asger Feldthaus
2f3a76c43b JS: Handle global variable d3 2021-03-11 16:17:27 +00:00
Asger Feldthaus
3b11958e33 JS: Expand D3 model a bit 2021-03-11 16:13:02 +00:00
Erik Krogh Kristensen
3005439a6a cache the BasicBlock charpred 2021-03-11 16:09:47 +01:00
Erik Krogh Kristensen
5afb7e05ee cache AccessPath::getAnInstanceIn 2021-03-11 16:09:24 +01:00
Erik Krogh Kristensen
24b0469d74 cache two more predicates in the SSA stage 2021-03-11 16:09:00 +01:00
Erik Krogh Kristensen
e5b13d9db4 cache hasLocationInfo and Node::toString in the dataflow stage 2021-03-11 16:08:45 +01:00
Erik Krogh Kristensen
fa2e7fd498 cache prepend 2021-03-11 11:59:54 +01:00
Asger Feldthaus
3fb810b540 JS: Add @kind problem meta queries 2021-03-11 10:46:18 +00:00
Asger Feldthaus
773cf0dcdd JS: Autoformat 2021-03-11 10:44:33 +00:00
Asger Feldthaus
0c6e161277 JS: Add source to XssThroughDom 2021-03-11 10:05:05 +00:00