hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
12c0291dde require that an options object has a known set of properties 2020-02-20 11:35:11 +01:00
Erik Krogh Kristensen
b5ef45e6c2 add isSync predicate to SystemCommandExecution 2020-02-20 11:30:23 +01:00
Erik Krogh Kristensen
a193cb110e support arrow functions in the callbacks 2020-02-20 11:13:39 +01:00
Erik Krogh Kristensen
558beb7255 simplify the output file argument 2020-02-20 10:57:33 +01:00
semmle-qlci
091c6c063c Merge pull request #2856 from esbena/js/fix-RegExp-getPredecessor-getSuccessor 
Approved by max-schaefer
 2020-02-20 09:50:52 +00:00
Erik Krogh Kristensen
a5fdcb67f9 restricts alerts to the first line 2020-02-20 10:43:41 +01:00
Erik Krogh Kristensen
d4e73df92f remove dead predicate 2020-02-20 10:39:16 +01:00
Erik Krogh Kristensen
56f3e431f9 update expected output 2020-02-20 10:28:53 +01:00
Erik Krogh Kristensen
80962803b0 update doc for VarAccessBarrier, and make the class private 2020-02-20 10:09:32 +01:00
Erik Krogh Kristensen
2d437efdfd corrections on qldoc 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-02-20 09:54:11 +01:00
Asger Feldthaus
479770dc07 JS: Recognize class members in more cases 2020-02-19 17:04:41 +00:00
Erik Krogh Kristensen
bdab9ee12b change useless cat query to only flag instances that can be re-written to 2020-02-19 16:59:28 +01:00
Asger Feldthaus
77105f6572 JS: Do not flag void operands MissingAwait 2020-02-19 09:30:03 +00:00
Erik Krogh Kristensen
344060e139 accept IO redirections as OK 2020-02-19 10:12:24 +01:00
Max Schaefer
4346691cdc JavaScript: Distinguish {lo} and {lo,} in the regular expression parser. 2020-02-19 08:26:14 +00:00
Erik Krogh Kristensen
73a7d406a5 add query for useless use of cat 2020-02-18 19:18:45 +01:00
Erik Krogh Kristensen
e359e1a373 use a barrier directly instead of a barrier guard 2020-02-18 10:57:28 +01:00
Esben Sparre Andreasen
abe7aeef7c Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
Esben Sparre Andreasen
e8938fb466 JS: introduce RegExpSequence::nextElement and previousElement 2020-02-17 23:20:25 +01:00
Erik Krogh Kristensen
56e5bd50f6 update expected output 2020-02-17 14:55:08 +01:00
Erik Krogh Kristensen
2885d48ad0 changes based on review 2020-02-17 14:44:10 +01:00
Asger Feldthaus
9249b92d85 JS: Fix typo in comment 2020-02-17 12:48:13 +00:00
Esben Sparre Andreasen
8a9587fc91 JS: fix RegExp::getSuccessor/getPredecessor for sequence end/starts 2020-02-17 13:40:53 +01:00
Erik Krogh Kristensen
d1a58f1d17 Merge remote-tracking branch 'upstream/master' into CVE74 2020-02-17 13:18:52 +01:00
Erik Krogh Kristensen
b07f3d36d8 qldoc on splitPath 2020-02-17 13:17:12 +01:00
Erik Krogh Kristensen
5375604109 calling pop or shift on a SplitPath returns a PosixPath 2020-02-17 13:15:46 +01:00
Esben Sparre Andreasen
c5ee436b16 JS: add RegExp::getSuccessor/getPredecessor tests 2020-02-17 13:06:55 +01:00
Erik Krogh Kristensen
3855268201 use RegExpCreationNode 2020-02-17 13:02:47 +01:00
Erik Krogh Kristensen
46cbeb0bc6 add more steps to the SplitPath label 2020-02-17 12:58:27 +01:00
semmle-qlci
23ed2bcc64 Merge pull request #2782 from asger-semmle/js/export-as-ns 
Approved by erik-krogh, max-schaefer
 2020-02-17 11:22:58 +00:00
Erik Krogh Kristensen
a6d644bac0 add support for path.normalize(path.realtive(...)) 2020-02-14 13:10:35 +01:00
Erik Krogh Kristensen
94814fa721 fix typos in the test 2020-02-14 13:03:35 +01:00
Erik Krogh Kristensen
d765a33b8d add support for "../" prefixes in sanitizer 2020-02-14 12:36:54 +01:00
Erik Krogh Kristensen
9d61004128 remove redundant constructor on sink 2020-02-14 12:31:12 +01:00
Max Schaefer
f181111886 JavaScript: Add model of http2 compatibility API. 
Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.
 2020-02-14 11:14:31 +00:00
Erik Krogh Kristensen
3a146514ce add sanitizer for relative ".." in js/path-injection 2020-02-14 10:51:48 +01:00
semmle-qlci
da566a4484 Merge pull request #2828 from erik-krogh/CVE24 
Approved by esbena
 2020-02-14 09:12:48 +00:00
semmle-qlci
769dce511b Merge pull request #2788 from erik-krogh/CVE42-sink 
Approved by esbena
 2020-02-14 08:00:00 +00:00
Erik Krogh Kristensen
897bb4d801 add test for chrome-remote-interface 2020-02-13 15:12:45 +01:00
Erik Krogh Kristensen
1ab5ca4e64 typo in docstring 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-13 14:15:28 +01:00
Erik Krogh Kristensen
d6afd438ba add model for chrome-remote-interface as a ClientRequest 2020-02-13 10:58:07 +01:00
Erik Krogh Kristensen
35d8151374 add a few arrary methods to TaintedPath.qll 2020-02-11 12:23:51 +01:00
Erik Krogh Kristensen
8e316d2f05 add unary type-tracking predicates 2020-02-10 12:51:09 +01:00
Erik Krogh Kristensen
0f511c92b4 Merge remote-tracking branch 'upstream/master' into FalsySanitizer 2020-02-10 09:54:58 +01:00
semmle-qlci
37360e7d93 Merge pull request #2794 from esbena/js/move-EnumeratedPropName 
Approved by asgerf
 2020-02-07 21:31:37 +00:00
semmle-qlci
76ba48c6fb Merge pull request #2790 from esbena/js/model-send 
Approved by asgerf
 2020-02-07 21:30:54 +00:00
Asger Feldthaus
e4844bfad2 JS: Fix deprecated API usage 2020-02-07 17:17:48 +00:00
Asger Feldthaus
ad10414604 JS: Update expected output of existing test 2020-02-07 16:57:57 +00:00
Erik Krogh Kristensen
06e13cb3a1 Merge branch 'master' of git.semmle.com:Semmle/ql into FalsySanitizer 2020-02-07 16:13:02 +01:00
Erik Krogh Kristensen
c6668da02e expand how indirectCommandArguments are found 2020-02-07 15:00:05 +01:00