hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
38db731e0b add change note and new test for js/incomplete-url-scheme-check 2020-05-05 13:38:27 +02:00
Erik Krogh Kristensen
3568439769 change getAnElementRead to getASubstringRead 2020-05-05 13:33:21 +02:00
Erik Krogh Kristensen
8711a8744c update expected output 2020-05-05 13:27:32 +02:00
Erik Krogh Kristensen
fe02137d0b change naming of StringSplitCall methods 2020-05-05 13:27:14 +02:00
Erik Krogh Kristensen
4a26c293c1 fix number of arguments for String.prototype.split 2020-05-05 13:22:35 +02:00
Erik Krogh Kristensen
f586639703 change getSplitAt to getSeparator 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-05 13:22:21 +02:00
monkey-junkie
056566ecc1 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:05:01 +03:00
monkey-junkie
3a4ea82ae2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:02:46 +03:00
monkey-junkie
8310c96b97 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:59:06 +03:00
monkey-junkie
25df6e1664 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:49 +03:00
monkey-junkie
700a070a15 Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjection.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:40 +03:00
monkey-junkie
d8fb552097 Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjectionSafe.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:28 +03:00
Esben Sparre Andreasen
304b013f88 JS: query and tests for unsafe HTML expansion 2020-05-05 10:32:16 +02:00
Geoffrey White
a70f534458 Sync identical files. 2020-05-05 09:18:05 +01:00
Erik Krogh Kristensen
4b8b0cb379 update expected output 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
7af19559d4 add test case for location.split("?")[0] for DomBasedXss 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
4dcf944ccd use StringSplitCall in TaintedPath 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
22ec12b130 use split("?")[0] sanitizer is both DomBasedXSS and ClientSideUrlRedirect 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
89f45372d1 introduce StringSplitCall and use it 2020-05-05 09:13:15 +02:00
John Doe
337be9c2e0 ssti query and help updated 2020-05-05 03:58:29 +03:00
John Doe
09922e5bb4 Merge branch 'master' of github.com:monkey-junkie/codeql 2020-05-05 03:44:23 +03:00
John Doe
895aa622bf ssti updated 2020-05-05 03:37:43 +03:00
monkey-junkie
cd18842aa5 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 02:15:58 +03:00
monkey-junkie
a60660617f Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 02:15:00 +03:00
Erik Krogh Kristensen
eb7e0d6a62 still flag single-expression files that contain a function 2020-05-04 18:37:26 +02:00
semmle-qlci
a805a63443 Merge pull request #3357 from erik-krogh/YetAnotherPerformancePatch 
Approved by asgerf, esbena
 2020-05-04 10:05:34 +01:00
semmle-qlci
a0800cecc4 Merge pull request #3386 from erik-krogh/lessJQueryChaining 
Approved by asgerf
 2020-05-04 09:16:17 +01:00
Erik Krogh Kristensen
659d40e08d add test to make sure sanitizer is not too broad 2020-05-04 09:49:14 +02:00
Erik Krogh Kristensen
c56063f857 recognize more split("?") sanitizers 2020-05-04 09:48:50 +02:00
Erik Krogh Kristensen
291134be66 add failing test 2020-05-04 09:48:29 +02:00
Erik Krogh Kristensen
cee986fa76 skip expressions that are alone in a file for js/useless-expression 2020-05-04 09:08:41 +02:00
John Doe
68b57502f9 JS SSTI CWE-094 2020-05-03 02:42:45 +03:00
semmle-qlci
c66ec3c981 Merge pull request #3380 from asger-semmle/js/cache-amd 
Approved by erik-krogh
 2020-05-02 20:18:22 +01:00
Erik Krogh Kristensen
efbd74a4a4 remove more spurious jQuery objects by using externs 2020-05-01 18:54:32 +02:00
Erik Krogh Kristensen
2a1095abcc autoformat, and apply naming suggestion 2020-05-01 18:35:34 +02:00
Erik Krogh Kristensen
87365357ba remove spurious jQuery objects 2020-05-01 15:19:54 +02:00
Erik Krogh Kristensen
16823143dd refactor getAPropertyUsedInLoadStore 2020-05-01 09:58:11 +02:00
Erik Krogh Kristensen
1a42c9fd80 make predicates private 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-01 09:42:09 +02:00
semmle-qlci
2b055de4d6 Merge pull request #3154 from erik-krogh/ImplicitConv 
Approved by asgerf
 2020-04-29 16:05:19 +01:00
Erik Krogh Kristensen
2ef13ef6e8 cousing -> sibling 2020-04-29 14:30:03 +02:00
Erik Krogh Kristensen
8af08756b9 split store-steps into backwards and forwards, and prune even more. 2020-04-29 09:16:22 +02:00
Erik Krogh Kristensen
7aa421fd8a prune clearly infeasible store steps 2020-04-29 09:15:32 +02:00
Erik Krogh Kristensen
8cf71e59ce prune infeasible load steps 2020-04-29 09:13:49 +02:00
Erik Krogh Kristensen
435b5cf42d refactor how exploratoryFlowStep is used 2020-04-29 09:11:26 +02:00
Asger Feldthaus
9b014c36df JS: Avoid lots of unhelpful magic 2020-04-28 08:56:27 +01:00
Asger Feldthaus
a8283593a9 JS: Make PropWrite not depend on SourceNode 2020-04-28 08:56:27 +01:00
Asger Feldthaus
e3440c1410 JS: Cache AMD modules 2020-04-28 08:56:27 +01:00
Asger Feldthaus
aa2a49d189 JS: Rewrite mayHaveStringValue to avoid misoptimization 2020-04-28 08:56:27 +01:00
Esben Sparre Andreasen
04b5a794f1 Merge pull request #3313 from esbena/js/typical-bad-sanitizer 
New query: Incomplete HTML attribute sanitization
 2020-04-27 14:31:13 +02:00
Esben Sparre Andreasen
c0250894de Apply suggestions from code review 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-27 12:37:39 +02:00