hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
b2116dc5b4 add more tests for polynomial/exponential redos 2020-12-18 13:19:17 +01:00
CodeQL CI
41ef7a3fce Merge pull request #4733 from erik-krogh/args 
Approved by esbena
 2020-12-16 06:51:26 -08:00
CodeQL CI
287954e0d8 Merge pull request #4686 from erik-krogh/buildFp 
Approved by esbena
 2020-12-16 06:42:41 -08:00
Erik Krogh Kristensen
94e07bb91c add change note 2020-12-16 15:10:03 +01:00
Erik Krogh Kristensen
99af484042 move the "commander" source 2020-12-16 15:05:59 +01:00
Erik Krogh Kristensen
2ae0400922 update docstring for dashdash 2020-12-16 15:00:44 +01:00
Erik Krogh Kristensen
3d03e7192c Update javascript/ql/src/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-12-16 14:57:20 +01:00
Erik Krogh Kristensen
d377a02825 add change note 2020-12-16 14:53:23 +01:00
CodeQL CI
9ae8880bd0 Merge pull request #4802 from max-schaefer/js/external-remote-flow-sources 
Approved by asgerf, jf205
 2020-12-16 00:34:40 -08:00
CodeQL CI
66f4120cdd Merge pull request #4721 from github/nextReDoS 
Approved by asgerf
 2020-12-14 01:48:12 -08:00
Max Schaefer
be35e85639 JavaScript: Add change note. 2020-12-12 11:42:55 +00:00
Max Schaefer
9f8508fdc7 JavaScript: Allow specifying additional remote flow sources through JSON. 2020-12-12 11:42:55 +00:00
CodeQL CI
9ff6d68a9b Merge pull request #4778 from asgerf/js/more-prototype-pollution 
Approved by erik-krogh, mchammer01
 2020-12-11 13:58:09 -08:00
Max Schaefer
0ccfe4f135 JavaScript: Teach autobuilder to include codeql-javascript-*.json files. 2020-12-09 11:35:51 +00:00
Asger F
ed729a1963 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-12-09 09:59:55 +00:00
Asger Feldthaus
fd293d07d7 JS: Address doc review 2020-12-09 09:58:52 +00:00
CodeQL CI
8129d0c0ac Merge pull request #4762 from asgerf/js/template-sinks-in-code-injection 
Approved by erik-krogh, mchammer01
 2020-12-07 04:35:11 -08:00
Asger Feldthaus
04f51bef5e JS: Add missing qldoc 2020-12-07 10:52:38 +00:00
Asger Feldthaus
f96c425a72 JS: Deny -> block 2020-12-07 10:50:01 +00:00
Asger Feldthaus
254ac7f963 JS: Fix TypeofCheck 2020-12-07 10:46:00 +00:00
Asger Feldthaus
0496642b0b JS: Add test for captured flow into callback 2020-12-07 10:34:27 +00:00
Asger Feldthaus
355cfaaf42 JS: Autoformat 2020-12-07 10:16:39 +00:00
Asger Feldthaus
1b0bec9143 JS: Remove magic from barrier guard predicates 2020-12-07 10:16:39 +00:00
Asger Feldthaus
fe86465a0b JS: Refactor store/load flow a bit 2020-12-07 10:16:38 +00:00
Asger Feldthaus
f132b4a279 JS: Add type confusion sink for prototype pollution checks 2020-12-07 10:16:38 +00:00
Asger Feldthaus
e10a22ec26 JS: Restrict size of some predicates 2020-12-07 10:16:38 +00:00
Asger Feldthaus
daab3c1437 JS: Add tests and fix some bugs 2020-12-07 10:16:38 +00:00
Asger Feldthaus
0a7513fdfb JS: Move and rename test cases as well 2020-12-07 10:16:38 +00:00
Asger Feldthaus
479dcf56ad JS: Update to use more inclusive language 2020-12-07 10:16:38 +00:00
Asger Feldthaus
544b3d9631 JS: Change note 2020-12-07 10:16:38 +00:00
Asger Feldthaus
e42ca881a3 JS: Update security suite after move to CWE-915 2020-12-07 10:16:38 +00:00
Asger Feldthaus
ca38a1c8b9 JS: Update CWE tags 2020-12-07 10:16:38 +00:00
Asger Feldthaus
25161ed338 JS: Move all prototype pollution queries to CWE-915 2020-12-07 10:16:38 +00:00
Asger Feldthaus
877b4b0752 JS: Move and rename other prototype pollution queries 2020-12-07 10:16:38 +00:00
Asger Feldthaus
972c4d61e5 JS: Add PrototypePollutingAssignment 2020-12-07 10:16:38 +00:00
Asger Feldthaus
ef52c46aed JS: Add spread step in TaintedObject 2020-12-07 10:16:37 +00:00
Sauyon Lee
17e450f227 JavaScript: Factor out HTML extractor 2020-12-06 05:04:10 -08:00
CodeQL CI
0f5f0ed99e Merge pull request #4776 from asgerf/js/electron-openshell 
Approved by erik-krogh
 2020-12-04 09:12:44 +00:00
Asger Feldthaus
f0516dd9e0 JS: Address review comments 2020-12-04 09:07:44 +00:00
Erik Krogh Kristensen
cc98c41dd6 revert marking repetitions with possibly empty body as forks 2020-12-03 20:08:07 +01:00
Erik Krogh Kristensen
47488f86b5 update test 2020-12-03 16:58:08 +01:00
Erik Krogh Kristensen
3bad75dae5 better support for forms in js/xss-through-dom 2020-12-03 16:57:41 +01:00
Asger Feldthaus
20d9848f07 JS: Add test case 2020-12-03 15:08:43 +00:00
Asger Feldthaus
68d2bc861d JS: Update test expectations 2020-12-03 15:01:50 +00:00
Asger Feldthaus
e66a49bea6 JS: Change note 2020-12-03 13:58:40 +00:00
Asger Feldthaus
ec6b8d6d3a JS: Remove old workaround for template literals in import 2020-12-03 13:58:40 +00:00
Asger Feldthaus
757398f5fd JS: Add upgrade script and stats 2020-12-03 13:58:39 +00:00
Asger Feldthaus
3b3052d792 JS: Autoformat 2020-12-03 13:58:39 +00:00
Asger Feldthaus
5676891e44 JS: Add TemplateLiteralTypeExpr 2020-12-03 13:58:39 +00:00
Asger Feldthaus
9da5c5cc70 JS: Update to TypeScript 4.1.2 2020-12-03 13:58:39 +00:00