codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
CodeQL CI	502faa7d1c	Merge pull request #4494 from erik-krogh/callLimit Approved by asgerf	2020-10-19 11:03:25 -07:00
CodeQL CI	5ead4244fe	Merge pull request #4450 from asgerf/js/angular Approved by erik-krogh	2020-10-19 07:25:59 -07:00
Erik Krogh Kristensen	ce95676130	add express.csrf as an CSRF protecting middleware	2020-10-19 15:39:02 +02:00
CodeQL CI	d644a30b19	Merge pull request #4434 from erik-krogh/printAST Approved by asgerf	2020-10-19 04:42:42 -07:00
Erik Krogh Kristensen	ca0870da53	update expected output from InterfaceDefinition -> InterfaceDeclaration change	2020-10-19 12:36:48 +02:00
CodeQL CI	2e52cbeb4a	Merge pull request #4499 from max-schaefer/js/module_compile Approved by asgerf	2020-10-19 03:06:21 -07:00
Erik Krogh Kristensen	8f6165cd5f	print synthetic constructors in PrintAst.ql	2020-10-19 11:10:14 +02:00
Erik Krogh Kristensen	5b1ed97d68	Update javascript/ql/src/semmle/javascript/TypeScript.qll Co-authored-by: Asger F <asgerf@github.com>	2020-10-19 11:01:06 +02:00
Erik Krogh Kristensen	8c44392638	add local dataflow to js/template-syntax-in-string-literal	2020-10-19 10:58:40 +02:00
Max Schaefer	e1d90e90ad	JavaScript: Add modelling for `Module.prototype._compile`.	2020-10-19 09:42:17 +01:00
Asger Feldthaus	f0034138ce	JS: Fix DefaultFlowLabels test	2020-10-16 18:13:13 +01:00
Asger Feldthaus	4137d3f971	JS: Split CWE-079 tests into their own folders	2020-10-16 17:32:36 +01:00
Erik Krogh Kristensen	8cf21e3b2b	autoformat	2020-10-16 16:56:35 +02:00
Erik Krogh Kristensen	27a2cd310d	inline `value` in `nodeLeadingToCsrfWrite`	2020-10-16 14:21:49 +02:00
Erik Krogh Kristensen	017c73dce3	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2020-10-16 14:20:40 +02:00
Erik Krogh Kristensen	c2338b218f	Update javascript/ql/src/semmle/javascript/dataflow/Nodes.qll Co-authored-by: Asger F <asgerf@github.com>	2020-10-16 14:12:36 +02:00
CodeQL CI	1d9b0ce059	Merge pull request #4460 from max-schaefer/js/unsafe-shell-command-construction-infeasible-paths Approved by asgerf	2020-10-16 05:05:29 -07:00
Erik Krogh Kristensen	b3d5f9c4dd	support throttle like calls as partial calls	2020-10-16 13:33:02 +02:00
Asger Feldthaus	287ec0cbbb	JS: Add test for default flow labels	2020-10-16 07:16:02 +01:00
Asger Feldthaus	583f3d7fd9	JS: Also materialize labels in ZipSlip	2020-10-16 07:12:30 +01:00
Asger Feldthaus	4337c5adaf	JS: Workaround ascii PR check	2020-10-16 07:12:29 +01:00
Asger Feldthaus	b3d8b95433	JS: Autoformat	2020-10-16 07:12:29 +01:00
Asger Feldthaus	42fc4ff78c	JS: Don't create new flow labels in *Customizations.qll files	2020-10-16 07:12:29 +01:00
Asger Feldthaus	28b449226c	JS: Do not import UrlConcatenation from customizations libraries	2020-10-16 07:12:29 +01:00
Asger Feldthaus	afd82e202d	JS: Add Angular2 model	2020-10-16 07:12:29 +01:00
Erik Krogh Kristensen	9112d417e4	avoid using getFirstToken for sorting	2020-10-15 20:57:29 +02:00
Erik Krogh Kristensen	8206933e85	add test for home grown CSRF protection	2020-10-15 14:51:02 +02:00
Erik Krogh Kristensen	4d1a9740f0	add support for home made CSRF protection middlewares in js/missing-token-validation	2020-10-15 14:50:59 +02:00
Erik Krogh Kristensen	11ee7c7946	update expected output	2020-10-15 12:06:17 +02:00
Erik Krogh Kristensen	f9f29f53cf	remove locations where we have no exact location	2020-10-15 11:59:51 +02:00
Erik Krogh Kristensen	2bb8b78a29	remove "</>" from the end when printing HTML	2020-10-15 11:56:00 +02:00
Erik Krogh Kristensen	a019312953	improve printing of JS object literals	2020-10-15 11:47:45 +02:00
Erik Krogh Kristensen	ab7542c0d2	improve printing of JSON values	2020-10-15 11:05:22 +02:00
Erik Krogh Kristensen	1ebd49b0eb	remove location from "mapping i" print node	2020-10-15 10:51:34 +02:00
Erik Krogh Kristensen	3e2d266343	improve YAMLMapping printing	2020-10-15 10:49:37 +02:00
Erik Krogh Kristensen	1b908ce030	improve printing of DeclStmt, and remove escaped whitespace chars from printed output	2020-10-15 10:43:32 +02:00
Erik Krogh Kristensen	c033ae9b7f	add one more case to `getAPrimaryQlClass`	2020-10-15 10:05:07 +02:00
Erik Krogh Kristensen	ab10c28cc4	change the default sorting order for print children to be location based	2020-10-15 09:53:52 +02:00
Erik Krogh Kristensen	74243d39aa	remove location for arguments/parameters print node	2020-10-15 09:48:55 +02:00
Max Schaefer	4100ab2919	JavaScript: Add another test to show that flow through functions still works.	2020-10-14 10:03:27 +01:00
Max Schaefer	1c04c07f07	JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction.	2020-10-14 10:03:04 +01:00
Erik Krogh Kristensen	96db3459d0	remove stray todo	2020-10-13 11:48:06 +02:00
CodeQL CI	e2b0c60627	Merge pull request #4449 from max-schaefer/js/api-graphs-type-handling-improvements Approved by erik-krogh	2020-10-12 11:41:21 -07:00
Max Schaefer	9ac70e3044	JavaScript: Clarify the relationship between `MkCanonicalName{Def,Use}` with an upper-case `M` and `mkCanonicalName{Def,Use}` with a lower-case `m`.	2020-10-12 16:29:11 +01:00
Max Schaefer	cd33d358aa	JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths. The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path.	2020-10-12 14:50:47 +01:00
CodeQL CI	8eb84b2599	Merge pull request #4391 from max-schaefer/js/api-graph-reexport Approved by asgerf	2020-10-12 05:26:53 -07:00
CodeQL CI	6d1634ef8f	Merge pull request #4329 from erik-krogh/DVSA Approved by esbena	2020-10-12 05:23:29 -07:00
Erik Krogh Kristensen	2fb19f0b11	refactor into a single regular expression with two capture groups	2020-10-09 14:50:16 +02:00
Erik Krogh Kristensen	f6f8bbd1d8	Update javascript/ql/src/semmle/javascript/frameworks/ServerLess.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-10-09 14:46:31 +02:00
Erik Krogh Kristensen	3b328baaef	changes based on review	2020-10-08 21:54:23 +02:00

... 18 19 20 21 22 ...

5849 Commits