hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Asger Feldthaus
42e6c7eb2e JS: Remove field from InvokeNode 2021-03-22 15:19:31 +00:00
Asger Feldthaus
c03e9d6c75 JS: Address review comments 2021-03-22 15:19:31 +00:00
Asger Feldthaus
5bfdca895b JS: Remove recursive def of SourceNode::Range 2021-03-22 15:07:38 +00:00
Asger Feldthaus
230b9cf5d3 JS: Avoid recursion in SourceNode::Range 2021-03-22 15:07:38 +00:00
Asger Feldthaus
54a91c73b0 JS: Tweak summarizedHigherOrderCall 2021-03-22 10:56:03 +00:00
Asger Feldthaus
a54e810804 JS: Include accessor-calls in CallGraph.ql 2021-03-20 13:59:38 +00:00
Asger Feldthaus
f4a476ea4e JS: Change type ValueNode -> Node 2021-03-20 09:05:04 +00:00
Erik Krogh Kristensen
b565e3de91 expand outDir support in tsconfig files 2021-03-19 23:13:51 +01:00
Erik Krogh Kristensen
84e9229386 Merge branch 'main' into koa 2021-03-19 16:56:15 +01:00
Asger Feldthaus
ea8c8df653 JS: Fix bad join orders in summarizedHigherOrderCall 2021-03-19 15:30:49 +00:00
Erik Krogh Kristensen
8949b9eb0a add shell interpreted arrays as sinks for js/shell-command-constructed-from-input 2021-03-19 15:59:06 +01:00
Erik Krogh Kristensen
79feb3b689 Merge pull request #5454 from asgerf/js/fix-untrusted-checkout-id 
JS: Fix query ID for UntrustedCheckout
 2021-03-19 14:32:52 +01:00
CodeQL CI
3b117f5218 Merge pull request #5419 from erik-krogh/forgery 
Approved by asgerf
 2021-03-19 12:56:53 +00:00
Asger Feldthaus
42c4b22ea1 JS: Fix query ID for UntrustedCheckout 2021-03-19 12:41:34 +00:00
Asger Feldthaus
01fd00de56 JS: Fix join order in argumentPassing 2021-03-19 11:49:06 +00:00
Asger F
2f3d516413 JS: Track flow into ES accessors 2021-03-19 11:11:25 +00:00
Asger F
4f46908224 JS: Add test with ES getters/setters 2021-03-19 11:07:15 +00:00
Erik Krogh Kristensen
36b0ab1de5 Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-03-19 10:29:38 +01:00
CodeQL CI
fc7f19f900 Merge pull request #5433 from erik-krogh/clientSocket 
Approved by esbena
 2021-03-19 02:12:19 -07:00
Erik Krogh Kristensen
a28a36ab29 add change-note 2021-03-19 10:10:56 +01:00
Erik Krogh Kristensen
e90fb1a225 reuse classes modelling standard library functions 2021-03-19 10:09:33 +01:00
Erik Krogh Kristensen
d489d63b8e recognize object transformations in module.exports when looking for library inputs 2021-03-18 20:54:33 +01:00
Erik Krogh Kristensen
28ad667578 add model for async-execute 2021-03-18 19:40:46 +01:00
Erik Krogh Kristensen
58617c5c59 recognize client websockets as ClientRequests 2021-03-18 19:08:39 +01:00
Erik Krogh Kristensen
ed8e0fb593 remove CannonicalName API nodes 2021-03-18 15:34:17 +01:00
Erik Krogh Kristensen
7180a1ed52 add Type to MkHasUnderlyingType 2021-03-18 15:16:31 +01:00
Erik Krogh Kristensen
af5a61782c also look for main modules in a lib folder 2021-03-18 14:51:11 +01:00
Erik Krogh Kristensen
6bab41ce8b Merge pull request #5350 from JarLob/actions 
github actions queries
 2021-03-18 14:46:25 +01:00
Erik Krogh Kristensen
f94f82a0dc use getAChainedMethodCall 2021-03-18 14:35:10 +01:00
Erik Krogh Kristensen
38a9c71380 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-18 14:33:13 +01:00
Erik Krogh Kristensen
0e98ea0c10 remove spurious import of PackageExports 2021-03-18 14:09:08 +01:00
Erik Krogh Kristensen
67a5831ac0 update expected output 2021-03-18 13:59:44 +01:00
Erik Krogh Kristensen
c0bb169342 recognize a src/index.js file as a main module for a package 2021-03-18 13:41:36 +01:00
Erik Krogh Kristensen
add0c88530 loosen the requirement that the package.json file must be the top-most package.json 2021-03-18 13:39:12 +01:00
Erik Krogh Kristensen
d998d06b94 add link to source in alert-message for js/shell-command-constructed-from-input 2021-03-18 13:37:18 +01:00
Asger Feldthaus
e30fa89405 JS: Update more test expectations 2021-03-18 10:04:39 +00:00
Erik Krogh Kristensen
8b931626ce add edge from root type MkHasUnderlyingType 2021-03-18 11:04:08 +01:00
Jaroslav Lobačevski
a9ed3317bf Fix regex per suggestion 2021-03-18 11:54:55 +02:00
Erik Krogh Kristensen
40ec23cf13 refactor MkHasUnderlyingType to use Label::instance() 2021-03-18 10:47:38 +01:00
Erik Krogh Kristensen
b2d6982318 add change note 2021-03-17 19:17:23 +01:00
Erik Krogh Kristensen
3995ff322d add models for koa-route and koa-router 2021-03-17 19:17:20 +01:00
Jaroslav Lobačevski
7b6773c96a Update javascript/ql/src/experimental/semmle/javascript/Actions.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-17 19:49:03 +02:00
Jaroslav Lobačevski
e3bf308952 Removed positive lookbehind 2021-03-17 17:32:10 +02:00
Asger Feldthaus
ae410aabd6 JS: Add change note 2021-03-17 15:24:10 +00:00
Asger Feldthaus
e4d891cab5 JS: Add tests for flow through replace 2021-03-17 15:20:40 +00:00
Asger Feldthaus
9cfbb90591 JS: Add test case for insufficient replace-sanitizer 2021-03-17 15:20:40 +00:00
Asger Feldthaus
198bdcab26 JS: Make XSS MetacharEscapeSanitizer more precise 2021-03-17 15:20:40 +00:00
Asger Feldthaus
effa52f9e1 JS: Step through string replace callbacks 2021-03-17 15:15:49 +00:00
CodeQL CI
7c20c4a664 Merge pull request #5396 from asgerf/js/shared-taint-step 
Approved by erik-krogh, esbena
 2021-03-17 08:07:20 -07:00
CodeQL CI
d95b295e52 Merge pull request #5400 from erik-krogh/replaceCallbacks 
Approved by asgerf
 2021-03-17 06:42:34 -07:00