hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
ac44cb425e Merge branch 'master' into js/call-graph-exploration 2020-04-22 10:49:26 +02:00
Erik Krogh Kristensen
7bfea946fd update links in xss-through-dom qhelp 2020-04-22 10:23:03 +02:00
Erik Krogh Kristensen
8811455d49 Merge remote-tracking branch 'upstream/master' into XssDom 2020-04-22 10:20:40 +02:00
Erik Krogh Kristensen
76503d3536 user controlled -> user-controlled 2020-04-22 10:08:01 +02:00
Erik Krogh Kristensen
947e9828da Update javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-22 10:07:50 +02:00
semmle-qlci
9fae953969 Merge pull request #3262 from asger-semmle/js/api-deprecation-and-renaming 
Approved by erik-krogh
 2020-04-21 15:45:13 +01:00
semmle-qlci
2fb711e460 Merge pull request #3169 from erik-krogh/Maps 
Approved by asgerf, esbena
 2020-04-21 12:12:06 +01:00
Erik Krogh Kristensen
59b94b3d1b revert back to having 2 separate cases in JQuery::MethodCall 2020-04-21 13:08:06 +02:00
Asger Feldthaus
c04ba91a90 JS: Autoformat 2020-04-21 10:51:42 +01:00
Asger Feldthaus
39920c1b08 JS: Add forwarding libraries in old locations 2020-04-21 10:51:42 +01:00
Asger Feldthaus
9e4709148b JS: Move Forward/Backward exploration to explore folder 2020-04-21 10:51:41 +01:00
Asger Feldthaus
647a3d3a60 JS: Add note and debugging and exploration 2020-04-21 10:51:41 +01:00
Asger Feldthaus
ffeda7f45a JS: Expand on doc a bit 2020-04-21 10:51:41 +01:00
Asger Feldthaus
066549f682 JS: Fix typo in qldoc 2020-04-21 10:51:41 +01:00
Asger F
291ebccfef Update javascript/ql/src/semmle/javascript/explore/CallGraph.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-04-21 10:51:41 +01:00
Asger F
4c9ef8c570 Update javascript/ql/src/semmle/javascript/explore/CallGraph.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-04-21 10:51:41 +01:00
Asger Feldthaus
759e1dfe45 JS: Add helper library for call graph exploration 2020-04-21 10:51:40 +01:00
semmle-qlci
53abf83229 Merge pull request #3304 from asger-semmle/js/typescript-unary-type-expr 
Approved by erik-krogh
 2020-04-21 10:38:59 +01:00
Asger Feldthaus
1703ffe6a1 JS: Cache some SourceNode getter methods differently 2020-04-21 10:33:07 +01:00
Asger Feldthaus
997b44928e JS: Autoformat 2020-04-21 10:14:28 +01:00
semmle-qlci
2ecef33c9d Merge pull request #3299 from asger-semmle/js/flows-to-redundant-check 
Approved by esbena
 2020-04-21 10:00:34 +01:00
semmle-qlci
80c20cb66e Merge pull request #3297 from asger-semmle/js/isambient-refactor 
Approved by esbena
 2020-04-21 09:36:14 +01:00
Asger Feldthaus
883846dfb6 JS: Fix extraction of negative number literal types 2020-04-20 16:17:15 +01:00
Asger Feldthaus
4fc79e38ec JS: Also fix typo in test case 2020-04-20 15:24:51 +01:00
Asger Feldthaus
d4978905f8 JS: Use SendCallback/ReceiveCallback in getAck 2020-04-20 15:12:04 +01:00
Asger Feldthaus
ca60e8264e JS: Autoformat 2020-04-20 14:42:41 +01:00
Erik Krogh Kristensen
9fc29ee0f8 update qhelp 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
73b0aa4004 add more attributes potentially vulnerable to xss-through-dom 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
12f4ce8111 merge two cases of jQuery method calls 2020-04-20 13:28:55 +02:00
Erik Krogh Kristensen
8b254f7b49 Merge remote-tracking branch 'upstream/master' into Maps 2020-04-20 13:00:39 +02:00
Asger Feldthaus
bccc27f1e7 JS: Rephrase flowsTo to avoid redundant SourceNode::Range check 2020-04-20 10:57:52 +01:00
Erik Krogh Kristensen
2d3e42e6d6 update qhelp for xss-through-dom 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-20 11:50:46 +02:00
Erik Krogh Kristensen
c713ba7bfe fix typo 2020-04-20 10:51:42 +02:00
Asger Feldthaus
bb9fea5a27 JS: Refactor isAmbient computation 2020-04-19 22:45:19 +01:00
Erik Krogh Kristensen
2632699397 Merge branch 'master' of git.semmle.com:Semmle/ql into Mispelled 2020-04-18 17:58:57 +02:00
Erik Krogh Kristensen
4a93b91d59 make maybePromisified private 2020-04-17 11:47:03 +02:00
Erik Krogh Kristensen
4f32157a78 rename func to callback 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-17 11:36:48 +02:00
Erik Krogh Kristensen
427c32f211 report a local variable as the misspelling if there any many occourances of the global 2020-04-17 11:25:23 +02:00
Erik Krogh Kristensen
1b80f46f30 add QHelp for js/xss-through-dom query 2020-04-17 10:54:21 +02:00
Erik Krogh Kristensen
14b551f887 Xss through DOM 2020-04-17 10:54:14 +02:00
Erik Krogh Kristensen
55edfed1ee support jQuery().get() returning a DOM node 2020-04-17 10:32:53 +02:00
Erik Krogh Kristensen
dd9aec056c handle basic dynamic method dispatch for jQuery methods 2020-04-17 10:32:52 +02:00
Erik Krogh Kristensen
eca98b42d2 basic support for util.promisify for NodeJSFileSystemAccess 2020-04-17 09:54:37 +02:00
Erik Krogh Kristensen
ea0f6a367d refactor into maybePromisified predicate 2020-04-17 09:50:08 +02:00
Erik Krogh Kristensen
69a16af152 Merge branch 'master' into Maps 2020-04-15 20:41:22 +02:00
Erik Krogh Kristensen
fd51142200 change succ in storeStep to be a SourceNode 2020-04-15 20:40:58 +02:00
Erik Krogh Kristensen
e8dc77d508 add support for util.promisify with child_process calls 2020-04-15 19:16:30 +02:00
semmle-qlci
bfd80b42a7 Merge pull request #3260 from asger-semmle/js/location-tweaks 
Approved by erik-krogh
 2020-04-15 10:47:35 +01:00
Asger F
34d40b5035 Merge pull request #3237 from asger-semmle/js/sparse-capture 
JS: Add CapturedVariableNode to avoid N^2 edges
 2020-04-15 10:42:48 +01:00
Asger Feldthaus
679259944f JS: Address review comments 2020-04-15 10:27:32 +01:00