hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
semmle-qlci
85ee5fc988 Merge pull request #2955 from erik-krogh/BetterHeader 
Approved by asgerf
 2020-03-05 08:24:43 +00:00
semmle-qlci
98034aaa53 Merge pull request #2988 from asger-semmle/js/autoformat-again-again 
Approved by esbena
 2020-03-04 21:20:52 +00:00
semmle-qlci
c6e3d8df49 Merge pull request #2969 from esbena/js/process-as-event-emitter 
Approved by erik-krogh
 2020-03-04 20:24:12 +00:00
Asger Feldthaus
53569453ba JS: Autoformat again 2020-03-04 19:28:24 +00:00
semmle-qlci
c5d39039bc Merge pull request #2962 from erik-krogh/YetAnotherSanitizer 
Approved by asgerf
 2020-03-04 15:27:09 +00:00
Asger Feldthaus
c2f7cdce25 JS: Change precision to very-high 2020-03-04 15:06:10 +00:00
Esben Sparre Andreasen
db335ae89b JS: add default/chaining for request 2020-03-04 12:36:49 +01:00
Esben Sparre Andreasen
92b3e8c060 JS: add default/chaining tests for request 2020-03-04 12:25:23 +01:00
Asger Feldthaus
af0df6c369 JS: Lower severity of js/syntax-error 2020-03-04 11:16:59 +00:00
Esben Sparre Andreasen
ae43e90a67 JS: model process as an EventEmitter 2020-03-04 09:49:16 +01:00
Esben Sparre Andreasen
4625217a68 Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules 2020-03-03 15:07:51 +01:00
Esben Sparre Andreasen
dfa07130b5 JS: add process EventEmitter test 2020-03-03 14:26:03 +01:00
Erik Krogh Kristensen
f03c67266a add taint step for replace call that only removes dots 2020-03-03 12:58:06 +01:00
Erik Krogh Kristensen
95819c8731 use RegExpTerm to generalize predicate 2020-03-03 12:34:18 +01:00
Asger Feldthaus
a2042094cf JS: Restrict reachableFromStoreBase 2020-03-03 11:32:23 +00:00
Asger Feldthaus
98524556c3 JS: Add some tests 2020-03-03 11:32:23 +00:00
Erik Krogh Kristensen
622a2fcfdc use regexp term instead of char class 2020-03-03 12:24:13 +01:00
semmle-qlci
57b3e6addf Merge pull request #2958 from erik-krogh/InnerPrefix 
Approved by asgerf
 2020-03-03 11:10:44 +00:00
Erik Krogh Kristensen
bc13204193 refactor header checks to be based on dominance 2020-03-03 12:04:31 +01:00
semmle-qlci
7f3f629d39 Merge pull request #2913 from asger-semmle/js/prototype-pollution-path 
Approved by erik-krogh
 2020-03-03 10:29:47 +00:00
semmle-qlci
b3cbf8baa8 Merge pull request #2960 from erik-krogh/OverloadsWithThis 
Approved by asgerf
 2020-03-03 10:10:00 +00:00
Esben Sparre Andreasen
adddebf039 Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules 2020-03-03 10:55:16 +01:00
semmle-qlci
e1c5449885 Merge pull request #2867 from erik-krogh/UselessCat 
Approved by esbena
 2020-03-03 09:10:25 +00:00
Erik Krogh Kristensen
9016f43d80 update expected output 2020-03-03 10:04:57 +01:00
Erik Krogh Kristensen
1781179e25 doc fixes 2020-03-03 09:50:02 +01:00
Erik Krogh Kristensen
c4ebd66b34 fix capitalization of predicate 2020-03-03 09:29:04 +01:00
Erik Krogh Kristensen
d2d5af42bf add IndirectInclusionTest and IndirectEndsWith 2020-03-02 21:42:08 +01:00
Erik Krogh Kristensen
97c16929ca implement getPolarity and forward to inner StartsWith 2020-03-02 21:38:22 +01:00
Erik Krogh Kristensen
53d1cd33f6 support sanitizers that remove all forward slashes 2020-03-02 21:34:40 +01:00
Erik Krogh Kristensen
68fb8c52e9 check the type of the this-type, instead of the AST-node 2020-03-02 16:35:16 +01:00
Erik Krogh Kristensen
e0fcc4af6a handle this parameters when finding unreachable overloads 2020-03-02 16:26:00 +01:00
Erik Krogh Kristensen
019266e537 change name of Useless cat 2020-03-02 13:06:08 +01:00
Erik Krogh Kristensen
26fd17bf39 recognize utility functions implementing a StartsWith check 2020-03-02 13:00:58 +01:00
Erik Krogh Kristensen
391b6a833c add link to The Useless Use of Cat Award 2020-03-02 12:28:51 +01:00
Asger Feldthaus
e405a9769c JS: Really autoformat everything 2020-03-02 10:48:33 +00:00
Erik Krogh Kristensen
c14a485ca7 recognize more HttpResponseSink by restricting the hasNonHtmlHeader check 2020-03-02 10:10:34 +01:00
Erik Krogh Kristensen
71ff32e930 recognize another prefix check for js/path-injection 2020-02-28 14:55:41 +01:00
Esben Sparre Andreasen
a589061bee JS: add type-tracking to the fs-module and model the original-fs 2020-02-28 12:54:59 +01:00
Esben Sparre Andreasen
5a3a1c480d JS: add tests for the fs-module and friends 2020-02-28 12:21:10 +01:00
Erik Krogh Kristensen
5e0ae7b4d0 add end </p> tag 2020-02-28 10:23:03 +01:00
Erik Krogh Kristensen
ce9cd53bf1 Merge remote-tracking branch 'upstream/master' into UselessCat 2020-02-28 09:56:23 +01:00
Erik Krogh Kristensen
d8a96dd771 change name to suggestion from previous code review 2020-02-28 09:55:15 +01:00
Erik Krogh Kristensen
922779e049 remove double a/an and adjust line lenghts 2020-02-28 09:48:07 +01:00
Erik Krogh Kristensen
17f1974e05 Apply suggestions from code review 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-02-28 09:43:32 +01:00
semmle-qlci
ec90627a64 Merge pull request #2909 from yo-h/experimental 
Approved by aschackmull, jbj, max-schaefer, tausbn
 2020-02-28 03:15:58 +00:00
Asger Feldthaus
52ebe49a0b JS: Flag deep assignments in prototype pollution query 2020-02-27 12:17:55 +00:00
Erik Krogh Kristensen
a872d7c5c5 add comment about negative optionsArg 2020-02-27 12:42:22 +01:00
Erik Krogh Kristensen
bb911bbbf1 Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-27 12:38:06 +01:00
Asger Feldthaus
fefcf1a7a6 JS: Autoformat everything 2020-02-27 09:41:01 +00:00
Erik Krogh Kristensen
9c06c48dc7 Merge pull request #2884 from esbena/js/practically-exploitable-redos 
JS: add query js/exploitable-polynomial-redos
 2020-02-27 10:19:17 +01:00