hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
semmle-qlci
f81fc77e9e Merge pull request #3782 from erik-krogh/promiseSteps 
Approved by asgerf
 2020-06-26 10:11:10 +01:00
semmle-qlci
92cc59b47b Merge pull request #3800 from esbena/js/npmlog 
Approved by erik-krogh
 2020-06-26 07:54:08 +01:00
Erik Krogh Kristensen
7cb6516bc4 make internal predicates within DominatingPaths smaller. 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
1ec2c549d2 autoformat 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
8b3ca73c1c autoformat 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
081b03c8f4 add tests that access-path domination can happen within a statement 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
47d52870f2 Use a ControlFlowNode based API to determine domination 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
926f2c139f require that a write must dominate the enclosing stmt of a read 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
55565a51df don't use getEnclosingStmt 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
34d6a4dcf8 use Rhs of a prop-write 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
cc2e61531e update expected output 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
f7c42ca1b5 autoformat 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
252f805db4 performance improvement 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
21e5a522b0 give the same rank to all expressions inside a single stmt 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
e467d3ccbf use dominating write check in js/path-injection 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
6bc821b1ab add tests for dominating writes 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
2b2d691e45 don't treated a property from a tainted object as tainted when there exists a dominating write 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
5e4acfbe19 implement predicate for finding dominating writes to an access-path 2020-06-25 23:00:52 +02:00
semmle-qlci
056e1a8c4b Merge pull request #3599 from asger-semmle/js/nameditem 
Approved by esbena
 2020-06-25 17:34:14 +01:00
Erik Krogh Kristensen
690bde47aa remove a .getALocalSource() that isn't needed 2020-06-25 16:51:10 +02:00
Asger Feldthaus
e28284bd01 JS: Fix javadoc 2020-06-25 15:39:00 +01:00
Asger Feldthaus
ad48c4e54d JS: Always prepare package.json files 2020-06-25 15:38:20 +01:00
Asger Feldthaus
675c64d9d4 JS: Prefer extracting file with tsconfig that included it 2020-06-25 15:38:19 +01:00
Asger Feldthaus
4c4acd50bd JS: Factor out loading of tsconfig files 2020-06-25 15:38:19 +01:00
Asger Feldthaus
cc3e62f535 JS: Move stack trace limit to top of file 2020-06-25 15:38:19 +01:00
Asger Feldthaus
cf78475799 JS: Only extract included files with a given tsconfig 2020-06-25 15:38:19 +01:00
Asger Feldthaus
6ff81377d5 JS: Also sort files in legacy extractor 2020-06-25 15:38:18 +01:00
Asger Feldthaus
6d15397fdc JS: Ensure we never write outside the scratch dir 2020-06-25 15:38:18 +01:00
Asger Feldthaus
ba5d6bb2e9 JS: Actually set fields 2020-06-25 15:38:18 +01:00
Asger Feldthaus
dceb211021 JS: Pass source root to Node.js process 2020-06-25 15:38:18 +01:00
Asger Feldthaus
aaf141782f JS: Fix source root 2020-06-25 15:38:17 +01:00
Asger Feldthaus
cb0a2498b0 JS: Sort files 2020-06-25 15:38:17 +01:00
semmle-qlci
cf0cd00458 Merge pull request #3627 from asger-semmle/js/unneeded-defensive-return 
Approved by erik-krogh
 2020-06-25 15:28:57 +01:00
semmle-qlci
c39dce4d66 Merge pull request #3781 from asger-semmle/js/deprecate-type-member-lookup 
Approved by erik-krogh
 2020-06-25 14:56:17 +01:00
Erik Krogh Kristensen
c3b52fadcc add missing qldoc 2020-06-25 15:54:36 +02:00
Erik Krogh Kristensen
09d969a8ad recognize sensitive files by file-system writes 2020-06-25 15:19:42 +02:00
Erik Krogh Kristensen
8f5a3e9f4f add support for getASavePath() to js/insecure-download 2020-06-25 15:18:31 +02:00
Erik Krogh Kristensen
dafca8fd81 introduce flow-labels to js/insecure-download 2020-06-25 15:17:57 +02:00
Erik Krogh Kristensen
9bdedb3f48 introduce getASavePath to ClientRequest 2020-06-25 15:17:19 +02:00
Asger Feldthaus
f9b796231b JS: Add regression tests 2020-06-25 11:10:27 +01:00
Esben Sparre Andreasen
4bfce4b8a3 JS: model npmlog (and recognize the "verbose" log level) 2020-06-25 12:06:51 +02:00
semmle-qlci
b24fba8df0 Merge pull request #3734 from dellalibera/loginjection 
Approved by esbena
 2020-06-25 11:06:25 +01:00
Asger Feldthaus
ea3560fe07 JS: Ignore document.all checks explicitly 2020-06-25 11:03:06 +01:00
Asger Feldthaus
b867512db4 JS: Update test 2020-06-25 11:01:10 +01:00
Erik Krogh Kristensen
2d7feb794f Refactor Promises.qll to use PreCallGraphStep 2020-06-25 10:41:08 +02:00
Asger F
090a685d86 Merge pull request #3751 from toufik-airane/master 
[javascript] CWE-347: JWT Missing Secret Or Public Key Verification
 2020-06-24 21:09:41 +01:00
ubuntu
d9a0dc0982 Remove check for console().getAMethodCall 2020-06-24 19:31:23 +02:00
ubuntu
65eba0272d Merge remote-tracking branch 'upstream/master' into loginjection 2020-06-24 19:15:27 +02:00
semmle-qlci
daeb13d9fd Merge pull request #3779 from asger-semmle/js/metric-queries 
Approved by esbena
 2020-06-24 15:37:03 +01:00
Asger Feldthaus
42f32bf76c JS: Recognize calls to .item and .namedItem 2020-06-24 15:11:18 +01:00