hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
ecccb8a409 only flag React elements in ClientSideUrlRedirect if it's a HTML element, or known link class 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
36049f05f8 update Next.js xss example such that the attack is viable 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
1f02594ccc rename and move getAPropertyNameInterpretedAsJavaScriptUrl 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
5b5baced9a add support for replace in Next.js router 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
97032f8627 add ClientSideUrlRedirect sink for Next.js routers 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a79c30a818 support NextJS API endpoints 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
0e7e3e6178 support Next.js pages that export React components 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
1fdbbb682d support Next.js page request/response objects 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a5cf024c9f add support for getServerSideProps in Next.js 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
af262a035d add support for getInitialProps in Next.js 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
d63fcaf7f1 add step from getStaticProps to the component render function 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
9d7bb57d8a add parameter values from Next as a RemoteFlowSource 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
41a0c0b55e support React links in js/client-side-unvalidated-url-redirection 2021-03-02 12:25:49 +01:00
CodeQL CI
79839d2304 Merge pull request #5267 from erik-krogh/httpProxy 
Approved by asgerf
 2021-03-02 02:46:50 -08:00
CodeQL CI
2957131853 Merge pull request #5258 from erik-krogh/nextPerf 
Approved by asgerf
 2021-03-02 02:04:20 -08:00
CodeQL CI
9ea8f8201c Merge pull request #5265 from erik-krogh/cacheRemote 
Approved by asgerf
 2021-03-02 02:03:09 -08:00
Asger Feldthaus
26924a3378 JS: Regenerate stats for tuple_type_rest_index 2021-03-01 16:30:09 +00:00
Rasmus Wriedt Larsen
443780f27e Python/JS: Share modeling of cryptographic algorithms 
I didn't quite know where to place it for JS, so I tried my best :)

The canonical Python version might be changed in the future, but I wanted to
keep this change small.
 2021-02-27 11:39:35 +01:00
Erik Krogh Kristensen
214aa072b9 support host for http-proxy client requests 2021-02-26 17:18:29 +01:00
Erik Krogh Kristensen
cc48172fd8 add support for events in http-proxy 2021-02-26 17:17:47 +01:00
Erik Krogh Kristensen
ede1a40a02 add ClientRequst models for http-proxy 2021-02-26 17:17:46 +01:00
CodeQL CI
b7c0d18c4a Merge pull request #5278 from erik-krogh/formData 
Approved by asgerf
 2021-02-26 08:13:41 -08:00
Erik Krogh Kristensen
ae051af9d8 remove redundant code 2021-02-26 14:15:30 +01:00
CodeQL CI
0e70b58a41 Merge pull request #5205 from erik-krogh/ts42 
Approved by asgerf
 2021-02-26 05:06:40 -08:00
Erik Krogh Kristensen
c59e6fef80 add model for form-data 2021-02-26 10:54:46 +01:00
Erik Krogh Kristensen
4ec3289ecc update relation name in .stats file 2021-02-26 10:26:08 +01:00
Erik Krogh Kristensen
1cac692b1d Update javascript/ql/src/semmle/javascript/TypeScript.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-26 10:23:01 +01:00
Geoffrey White
0c4a5f5e2a Merge pull request #5266 from geoffw0/isis 
JS: Fix 'is, is' and 'is is'.
 2021-02-25 18:55:41 +00:00
CodeQL CI
1bd12e6fdf Merge pull request #5199 from asgerf/js/vue-router 
Approved by erik-krogh
 2021-02-25 07:32:57 -08:00
Geoffrey White
0e071b7b79 JS: Fix 'is, is' and 'is is'. 2021-02-25 14:16:25 +00:00
Max Schaefer
3fe249f25c Address review comments. 2021-02-25 10:48:23 +00:00
Erik Krogh Kristensen
de6b604930 cache RemoteFlowSource 2021-02-25 11:41:08 +01:00
Erik Krogh Kristensen
86bc7d3e1a avoid a ValueNode x TypeTracker join in Hapi::RouteSetup::getARouteHandler 2021-02-25 11:41:08 +01:00
Erik Krogh Kristensen
d35ea7fb15 always get a good join-order in getAnAliasedSourceNode 2021-02-25 11:41:08 +01:00
Asger Feldthaus
55a1ab5714 JS: Autoformat 2021-02-25 10:20:13 +00:00
Max Schaefer
2e252ba3e4 JavaScript: Learn that receivers of DOM event handlers are themselves DOM nodes. 2021-02-25 09:06:58 +00:00
Max Schaefer
ae2a5da63f JavaScript: Add new tests for recognising receiver of event handler as DOM element. 2021-02-25 09:04:46 +00:00
Erik Krogh Kristensen
ea17de6225 prevent join between getAValue() and DefiniteAbstractValue in AMD.qll 2021-02-24 18:12:55 +01:00
Erik Krogh Kristensen
be26a48a16 use pragma[only_bind_into] to prevent bad join in Ssa::hasLocationInfo 2021-02-24 18:05:57 +01:00
Erik Krogh Kristensen
ccd706ea10 and pragmas to prevent bad join in RemoteFlowSource 2021-02-24 18:05:10 +01:00
Erik Krogh Kristensen
674b9ad4fe use getALocalSource instead of smallstep in JQuery::legacyObjectSource 2021-02-24 18:04:50 +01:00
Erik Krogh Kristensen
69348b1914 remove redundant hasLocationInfo 2021-02-24 18:01:35 +01:00
Erik Krogh Kristensen
8443b8e421 cache Module::getAnExportedValue 2021-02-24 18:01:16 +01:00
Erik Krogh Kristensen
fd9d738d53 use Expr instead of mising DataFlow-nodes and Exprs in charpred 2021-02-24 18:00:55 +01:00
Erik Krogh Kristensen
8c19f7810d replace forex with unique in DOM.qll 2021-02-24 17:59:38 +01:00
Cornelius Riemenschneider
cea1049745 Merge pull request #5249 from geoffw0/cleanupstr 
C++: QLDoc Pure.qll
 2021-02-24 16:42:41 +01:00
CodeQL CI
d2816b33e2 Merge pull request #5240 from erik-krogh/vsPerf 
Approved by asgerf
 2021-02-24 02:26:16 -08:00
Erik Krogh Kristensen
055275b971 change stats file 2021-02-24 11:12:31 +01:00
Asger Feldthaus
bb858d38c4 JS: Tweak ExprNode 2021-02-24 10:03:45 +00:00
Erik Krogh Kristensen
16150a6419 update printAst expected output 2021-02-24 10:29:29 +01:00