hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
03b210a8e1 made the two Passport classes in the Express model private 2019-09-09 13:04:47 +01:00
Erik Krogh Kristensen
3ebe6608c2 updated expected values for the Express test 2019-09-09 13:02:35 +01:00
erik-semmle
d01f84f015 fix comment in passport test 
Co-Authored-By: Esben Sparre Andreasen <42067045+esben-semmle@users.noreply.github.com>
 2019-09-09 12:59:38 +01:00
semmle-qlci
2283195ebd Merge pull request #1871 from asger-semmle/type-tracking-through-imports 
Approved by xiemaisi
 2019-09-09 12:25:06 +01:00
Erik Krogh Kristensen
26f6b1d186 add model for passport.use in the Express model 2019-09-09 12:01:11 +01:00
Asger F
65862c922c JS: Update tests 2019-09-09 10:53:13 +01:00
Asger F
631ff27d31 JS: Use ValueNode for all ImportSpecifiers 2019-09-09 10:53:13 +01:00
Asger F
61e1d793df JS: Fixes in DeadStoreOfLocal 2019-09-09 10:51:21 +01:00
Asger F
5573279580 JS: regression test for DeadStoreOfLocal 2019-09-09 10:51:21 +01:00
Asger F
3b962dce22 JS: Add explicit type tracking test 2019-09-09 10:51:21 +01:00
Asger F
afcdc12e7b JS: Use ValueNode, not SSA node, to model NamedImportSpecifier 2019-09-09 10:51:17 +01:00
Erik Krogh Kristensen
2729566bbf add setAttributeNS('xlink', 'href',..) example in XSS test 2019-09-09 09:41:08 +01:00
Esben Sparre Andreasen
2a22471975 JS: address review comments 2019-09-09 10:31:40 +02:00
Esben Sparre Andreasen
5d6997c1c9 JS: additional extraction metrics cleanup 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
03d38ca54b JS: simplify cache interaction 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
6dbe827dd3 JS: add QL classes for the extraction metrics 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
7fcde4c130 JS: add extraction metrics to the dbscheme 2019-09-09 09:05:12 +02:00
Erik Krogh Kristensen
c780956f0d add setAttributeNS method in the XSS test 2019-09-06 21:56:29 +01:00
Asger F
7007698de4 JS: Fix the FP 2019-09-06 15:39:40 +01:00
Asger F
ebd7875cae JS: Add regression test 2019-09-06 15:38:55 +01:00
Erik Krogh Kristensen
ccdc821c5d add xlink:href as xss target when using setAttribute 2019-09-06 14:43:47 +01:00
Asger F
f7654d6f1c JS: Add test 2019-09-06 14:42:07 +01:00
Asger F
fa95871f46 JS: Add event handler sink to code injection 2019-09-06 14:33:00 +01:00
Anders Schack-Mulligen
ca45fb5a60 JavaScript: Autoformat. 2019-09-06 09:04:51 +02:00
semmle-qlci
33329f95c2 Merge pull request #1874 from asger-semmle/express-types 
Approved by esben-semmle, xiemaisi
 2019-09-05 16:42:28 +01:00
semmle-qlci
fd2e8486e4 Merge pull request #1862 from asger-semmle/prototype-pollution-angular-merge 
Approved by esben-semmle
 2019-09-05 12:50:58 +01:00
semmle-qlci
e6bfe2bd5d Merge pull request #1873 from asger-semmle/type-inf-consistency 
Approved by xiemaisi
 2019-09-05 12:46:59 +01:00
Asger F
61c4d30dd6 JS: Use express module instead 2019-09-05 12:09:24 +01:00
Esben Sparre Andreasen
a9665f53b8 JS: whitelist quote stripping for js/incomplete-sanitization 2019-09-05 09:47:49 +01:00
Asger F
0e4c34bd81 JS: Add deprecated predicate alias 2019-09-04 16:14:51 +01:00
Asger F
27567e41c5 JS: Add angular.fromJson as JSON parser 2019-09-04 16:14:51 +01:00
Asger F
5aa948cd17 JS: Add angular.merge sink to prototype pollution query 2019-09-04 16:14:51 +01:00
Asger F
9f8bf90424 JS: Update Express test 2019-09-04 11:43:21 +01:00
Asger F
744f0b1aa3 JS: Use type info to recognize routers 2019-09-04 11:43:21 +01:00
Asger F
c06fd451d6 JS: Handle router chaining in type tracking predicate 2019-09-04 11:43:21 +01:00
Asger F
f3aea0706a JS: Use type info in Express Request/Response 2019-09-04 11:43:21 +01:00
semmle-qlci
6778f28424 Merge pull request #1854 from asger-semmle/prototype-pollution-precision 
Approved by esben-semmle, xiemaisi
 2019-09-03 10:50:24 +01:00
semmle-qlci
e4d59c361a Merge pull request #1856 from asger-semmle/ts-base-types 
Approved by xiemaisi
 2019-09-03 10:12:30 +01:00
Asger F
7790d4b667 JS: Make getALocalValue overriders include super 2019-09-02 16:45:06 +01:00
Asger F
2006826101 JS: Avoid breaking local object analysis 2019-09-02 16:45:06 +01:00
Asger F
9f2f10fa15 JS: Make type inference flow go through ssa definition node 2019-09-02 16:45:06 +01:00
Asger F
8737dbb73d JS: Add test 2019-09-02 14:31:40 +01:00
Asger F
54d47f60da JS: Include base types in TypeName 2019-09-02 14:18:48 +01:00
Asger F
a41a23fdba JS: Raise precision of prototype-pollution query 2019-09-02 11:00:24 +01:00
Max Schaefer
91e46cd6fd JavaScript: Fix parsing of asynchronous generator methods. 2019-09-02 09:56:42 +01:00
semmle-qlci
6d55d1f7c0 Merge pull request #1707 from asger-semmle/canonical-name-call-graph 
Approved by xiemaisi
 2019-09-02 09:45:24 +01:00
Asger F
89b91af6db JS: Make getDocumentation handle chain assignments 2019-08-30 18:20:54 +01:00
Asger F
3926436bd4 JS: Explain use of t.call() 2019-08-30 18:19:19 +01:00
Asger F
d6578e10c8 JS: Handle constructor calls to avoid regression 2019-08-30 18:19:19 +01:00
Asger F
1b6cc4ebcc JS: Update test 2019-08-30 18:19:19 +01:00