hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
7722d77c86 JS: add the NoSQL $where as a sink for js/code-injection 2020-05-13 08:30:22 +02:00
Esben Sparre Andreasen
20cf04442c JS: model marsdb and minimongo 2020-05-13 08:28:59 +02:00
jcreedcmu
3c233c762c Merge pull request #3431 from jcreedcmu/jcreed/jump-to-def-langs 
Java, Javascript, Csharp: Add jump-to-definition queries
 2020-05-12 10:54:11 -04:00
semmle-qlci
6fb047aef6 Merge pull request #3451 from erik-krogh/fstreamWrite 
Approved by esbena
 2020-05-12 14:58:02 +01:00
semmle-qlci
ee848328ab Merge pull request #3442 from erik-krogh/SmallPerfs 
Approved by esbena
 2020-05-12 14:36:34 +01:00
Erik Krogh Kristensen
d46148c045 add test case 2020-05-12 14:23:28 +02:00
Erik Krogh Kristensen
3707792cfd recognize reading/wrinting calls to fstream methods 2020-05-12 14:18:07 +02:00
Jonas Jensen
451ae7b762 Merge pull request #3444 from dbartol/codeql-c-analysis-team/68 
Rename `sanity` -> `consistency`
 2020-05-12 12:33:08 +02:00
Erik Krogh Kristensen
bd768cbd7e autoformat 2020-05-12 12:28:02 +02:00
Erik Krogh Kristensen
2fbdeceae7 add getContainedNode constraint to charpred of IndirectInclusionTest, and refactor two getEnclosingExpr() 2020-05-12 10:19:06 +02:00
semmle-qlci
8ce9c9d57e Merge pull request #3441 from erik-krogh/BabelDirectives 
Approved by esbena
 2020-05-12 08:57:20 +01:00
Jason Reed
66da91fe59 Java, Javascript, Csharp: Restrict definitions predicates 
Only expose definition-use relation itself, and getEncodedFile.
 2020-05-11 15:14:16 -04:00
Dave Bartolomeo
3987267f26 Rename sanity -> consistency 2020-05-11 13:46:26 -04:00
Dave Bartolomeo
06783938d3 JavaScript: Rename sanity -> consistency 2020-05-11 13:46:12 -04:00
Asger F
86a774d912 Merge pull request #3394 from monkey-junkie/master 
JS SSTI CWE-094
 2020-05-11 15:06:17 +01:00
Erik Krogh Kristensen
970ddcac7b autoformat 2020-05-11 15:38:45 +02:00
Erik Krogh Kristensen
3ce60733cc add test case 2020-05-11 13:11:24 +02:00
Erik Krogh Kristensen
acb0f2e54f exclude "@babel/helpers - .." from js/unknown-directive 2020-05-11 12:42:18 +02:00
Erik Krogh Kristensen
f8de69156e inline basicFlowStep into flowStep 2020-05-10 22:15:37 +02:00
Erik Krogh Kristensen
87167900d1 deduplicate - and slightly optimize IndirectInclusionTest 2020-05-10 22:15:37 +02:00
Erik Krogh Kristensen
6d05b40d23 eliminate recursion from GuardControlFlowNode::dominates 2020-05-10 22:15:34 +02:00
Jason Reed
48e4079c64 JS: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for javascript source archives.
 2020-05-07 12:44:36 -04:00
Erik Krogh Kristensen
945fe45b6f all split()[0] are safe for url-redirect 2020-05-07 10:55:17 +02:00
Erik Krogh Kristensen
a3fb13882b Merge branch 'master' into SplitFPs 2020-05-07 10:51:11 +02:00
monkey-junkie
4594aa470d Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 18:18:06 +03:00
semmle-qlci
b2f1008a00 Merge pull request #3420 from max-schaefer/js/fix-missing-triple-backtick 
Approved by asgerf
 2020-05-06 13:52:18 +01:00
Esben Sparre Andreasen
7cc3a5a242 JS: qhelp fixups 2020-05-06 14:46:34 +02:00
Esben Sparre Andreasen
69191577d6 JS: qhelp for js/unsafe-html-expansion 2020-05-06 14:03:27 +02:00
monkey-junkie
5ce9e0d0a2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 14:32:55 +03:00
Asger F
5725814774 Merge pull request #3403 from asger-semmle/js/getcontainer 
JS: Move getContainer to single rootdef (+fixes)
 2020-05-06 12:06:44 +01:00
Max Schaefer
9335a6cb79 JavaScript: Fix missing triple backtick in qldoc comment. 2020-05-06 11:40:00 +01:00
monkey-junkie
122354a81a Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 12:54:50 +03:00
Esben Sparre Andreasen
344f0c36b0 JS: update expected output 2020-05-06 11:18:14 +02:00
monkey-junkie
3314dd0614 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-06 11:17:41 +03:00
semmle-qlci
9210660ea0 Merge pull request #3401 from erik-krogh/jsonLike 
Approved by esbena
 2020-05-06 08:00:44 +01:00
Asger F
b2da4fe491 Update javascript/ql/src/semmle/javascript/internal/StmtContainers.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 07:59:04 +01:00
Asger Feldthaus
926e79d272 JS: Autoformat 2020-05-06 07:59:04 +01:00
Asger Feldthaus
f51e846439 JS: Fix ClosureModule implementation 2020-05-06 07:59:04 +01:00
Asger Feldthaus
0f870a4992 JS: Use TCapturedVariableNode as starting point of callInputStep 2020-05-06 07:59:04 +01:00
Asger Feldthaus
4d6da19173 JS: Improve performance of getExceptionTarget 2020-05-06 07:59:04 +01:00
Asger Feldthaus
639f04386c JS: Avoid bad join ordering in ClosureModule 2020-05-06 07:59:04 +01:00
Asger Feldthaus
e52e1b26c6 JS: Upgrade script 2020-05-06 07:59:04 +01:00
Asger Feldthaus
5f710bc881 JS: Move definition of getContainer() to a single rootdef 2020-05-06 07:59:04 +01:00
Erik Krogh Kristensen
52392f2a6d autoformat 2020-05-05 22:33:53 +02:00
monkey-junkie
560674b670 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:36:11 +03:00
monkey-junkie
758e85dd3e Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:34:57 +03:00
monkey-junkie
a8019705b5 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:24 +03:00
monkey-junkie
0aaa8af3bd Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:10 +03:00
Esben Sparre Andreasen
99e5db407f JS: address review comments 2020-05-05 14:04:05 +02:00
Erik Krogh Kristensen
bffb12725b add test and change-note to prototype-polution 2020-05-05 13:49:11 +02:00