hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
101d4358a9 detect DOM nodes from event callbacks 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
be9636491b add source for react-hook-form in xss-through-dom 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
65d93c9061 detect for DOM elements from DOM events in React 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
458dda9d25 add xss-through-dom source from react-final-form 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
ff3950ce98 add model for formik 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
d1087d4e41 move sources from XssThroughDom into a customizations file 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
0ca2310594 add model for htmlparser2 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
e2a66bf3ed add model for xml-js 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
73f7cd149f add model for sax 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
c43025d7b3 add model for xml2js 2021-02-10 14:16:30 +01:00
Erik Krogh Kristensen
44ca2e26a6 add taint-step to XML parsers 2021-02-10 14:16:08 +01:00
CodeQL CI
475d216f8e Merge pull request #5087 from erik-krogh/immutable 
Approved by asgerf
 2021-02-09 12:43:19 +00:00
CaptainFreak
503b339a1f remove hbs specific checks 2021-02-09 07:35:35 +05:30
alexet
9d06c75aed Javascript: improve performance of ExplicitInvokeNode::getArgument 2021-02-04 15:55:51 +00:00
Erik Krogh Kristensen
6cbf7b3267 add of Set, Stack and similar to the Immutable model 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
b74df66463 implement Immutable merge 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
c0de6a3af2 add support for Immutable Record 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
609b16b1f7 implement Immutable OrderedMap 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
2e7bf9b53c implement Immutable lists 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
a5c9492c87 add support for fromJS in the Immutable model 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
6cbe4caecc support toJS() by using plain property names instead of pseudoproperties. 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
b1f092f052 add support for map.set in Immutable model 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
b77dd54618 implement basic map get/set for immutable.js 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
d016ba2252 rename name dataflow configuration in js/template-object-injection 2021-02-03 12:29:23 +01:00
Erik Krogh Kristensen
a5bde53bfe use the TaintedObject library in js/template-object-injection 2021-02-03 12:26:37 +01:00
Erik Krogh Kristensen
c6a22844e2 add test for js/template-object-injection 2021-02-03 12:16:57 +01:00
CaptainFreak
12ee497485 move query to src, rename and refactor 2021-02-03 15:48:02 +05:30
CodeQL CI
653c900d62 Merge pull request #4987 from erik-krogh/defensiveFunctions 
Approved by esbena
 2021-02-02 14:47:23 -08:00
CodeQL CI
209fe8d7e5 Merge pull request #5049 from erik-krogh/singleQuote 
Approved by esbena
 2021-02-02 13:48:42 -08:00
CodeQL CI
4fdbda3543 Merge pull request #5056 from erik-krogh/react 
Approved by asgerf
 2021-02-02 01:40:08 -08:00
Erik Krogh Kristensen
ca435763b0 separate message for double and single quotes 2021-02-01 23:54:12 +01:00
CaptainFreak
3363f5e6db JS: add query for Express-HBS LFR 2021-02-01 18:01:34 +05:30
Esben Sparre Andreasen
9678534f25 JS: add tests for some syntactic XSS vector obfuscations 2021-02-01 10:20:23 +01:00
Erik Krogh Kristensen
aae69c6537 update expected output 2021-02-01 09:33:52 +01:00
CodeQL CI
c9537f2639 Merge pull request #5029 from asgerf/js/silence-angular-template-fps 
Approved by erik-krogh
 2021-01-29 06:06:37 -08:00
Erik Krogh Kristensen
c9ec983cd8 add js/client-side-unvalidated-url-redirection test for script tags inside react code 2021-01-29 12:50:43 +01:00
Erik Krogh Kristensen
39591687ba add js/code-injection sink for script tags in React 2021-01-29 12:50:17 +01:00
Erik Krogh Kristensen
3f1e81533c support html attribute concatenations with single quotes 2021-01-29 10:37:37 +01:00
CodeQL CI
6d952bda27 Merge pull request #5020 from asgerf/js/getaqlclass-test 
Approved by esbena
 2021-01-27 03:48:57 -08:00
Asger Feldthaus
1637b72092 JS: Ignore Angular templates in a few non-security queries 2021-01-27 11:02:19 +00:00
Henning Makholm
54f00de3e0 Add "tests" fields to test qlpacks 
This will allow `codeql resolve tests --ignore-dubious-cases`
(and thus the VSCode extension) to recognize all `.ql` files in those
packs as test cases, even if they don't have accompanying `.expected`
files.

CLI versions prior to 2.1.0 will choke on this, but it's almost 10
months since that came out.
 2021-01-26 18:15:22 +01:00
Asger Feldthaus
c69a051292 JS: Add test that depends on getAQlClass 2021-01-26 15:16:27 +00:00
CodeQL CI
76e1e4d668 Merge pull request #4712 from asgerf/js/api-graph-tweaks 
Approved by max-schaefer
 2021-01-26 04:04:05 -08:00
CodeQL CI
0be0929693 Merge pull request #4958 from asgerf/js/angular2 
Approved by erik-krogh
 2021-01-26 02:53:33 -08:00
Asger Feldthaus
e6d9cd1905 JS: Add clause to getReturn/getInstance 2021-01-26 10:14:12 +00:00
Asger Feldthaus
d59ccb7687 JS: Remove unhelpful mat-table load step 2021-01-26 09:27:48 +00:00
Asger Feldthaus
89225e222c JS: Remove confusing comment 2021-01-26 09:25:12 +00:00
CodeQL CI
4601eb9c7c Merge pull request #4706 from max-schaefer/issue-247 
Approved by asgerf
 2021-01-25 07:11:35 -08:00
Erik Krogh Kristensen
0ba610f7db Merge pull request #5013 from erik-krogh/asmWhitespace 
JS: remove benign result for js/whitespace-contradicts-precedence related to " | 0" expressions
 2021-01-25 13:29:07 +01:00
Erik Krogh Kristensen
d86705fe7a remove benign result for js/whitespace-contradicts-precedence related to " | 0" expressions 2021-01-25 10:43:39 +01:00