hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Asger Feldthaus
a03cb11257 JS: Include $().prop() source in XssThroughDom 2021-03-11 16:27:31 +00:00
Asger Feldthaus
2f3a76c43b JS: Handle global variable d3 2021-03-11 16:17:27 +00:00
Asger Feldthaus
3b11958e33 JS: Expand D3 model a bit 2021-03-11 16:13:02 +00:00
Erik Krogh Kristensen
3005439a6a cache the BasicBlock charpred 2021-03-11 16:09:47 +01:00
Erik Krogh Kristensen
5afb7e05ee cache AccessPath::getAnInstanceIn 2021-03-11 16:09:24 +01:00
Erik Krogh Kristensen
24b0469d74 cache two more predicates in the SSA stage 2021-03-11 16:09:00 +01:00
Erik Krogh Kristensen
e5b13d9db4 cache hasLocationInfo and Node::toString in the dataflow stage 2021-03-11 16:08:45 +01:00
Erik Krogh Kristensen
fa2e7fd498 cache prepend 2021-03-11 11:59:54 +01:00
Asger Feldthaus
3fb810b540 JS: Add @kind problem meta queries 2021-03-11 10:46:18 +00:00
Asger Feldthaus
773cf0dcdd JS: Autoformat 2021-03-11 10:44:33 +00:00
Asger Feldthaus
0c6e161277 JS: Add source to XssThroughDom 2021-03-11 10:05:05 +00:00
Asger Feldthaus
18cfe72e99 JS: Add model of d3 2021-03-11 10:05:05 +00:00
CodeQL CI
25f4b76788 Merge pull request #5045 from erik-krogh/bindRoute 
Approved by asgerf
 2021-03-11 01:39:26 -08:00
CodeQL CI
ad665b765f Merge pull request #5323 from erik-krogh/staging 
Approved by asgerf
 2021-03-11 00:50:51 -08:00
Erik Krogh Kristensen
ee9613fa79 import the Stages module from where it is used 2021-03-10 16:30:38 +01:00
Erik Krogh Kristensen
81efd726cb renamings - and simplifications of qldoc 2021-03-10 15:42:50 +01:00
Erik Krogh Kristensen
d3fca0a107 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-10 15:24:05 +01:00
Erik Krogh Kristensen
c993f9a3a3 add instance methods in the same class to localFieldStep 2021-03-10 15:19:07 +01:00
Erik Krogh Kristensen
ea6d3bde9c Update javascript/ql/src/semmle/javascript/dataflow/internal/CallGraphs.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-10 15:00:48 +01:00
CodeQL CI
2c4ba561bf Merge pull request #5360 from erik-krogh/regParse 
Approved by asgerf
 2021-03-10 05:57:19 -08:00
Asger Feldthaus
fbca06f4e1 JS: Move TaintMetrics.qll into internal folder 2021-03-10 11:53:44 +00:00
Erik Krogh Kristensen
49b1bfc41b add a step for referencing instance/static methods on classes 2021-03-10 10:57:28 +01:00
Erik Krogh Kristensen
518bfa4d41 move getAnInstanceMemberAccess to ClassNode 2021-03-09 16:37:36 +01:00
Erik Krogh Kristensen
e8afafca7a add another route-handler test 2021-03-09 16:37:36 +01:00
Erik Krogh Kristensen
c95a8e6776 add change note 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
11793800ad support subrouters, and engine registrations with file extensions 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
70b8cdee9b add qhelp 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
28951e98c4 add engine filter to js/template-object-injection 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
b30484dd69 behaviour preserving refactorization into modules 2021-03-09 16:17:29 +01:00
Erik Krogh Kristensen
caf1dbdc46 move TemplateObjectInjection out of experimental 2021-03-09 11:29:45 +01:00
Erik Krogh Kristensen
25ef3edb20 combine stages by introducing extended stages 2021-03-08 20:48:15 +01:00
Anders Schack-Mulligen
aeb13146d2 Merge pull request #5275 from Marcono1234/marcono1234/included-qhelp-files 
Use `.inc.qhelp` extension for included help files
 2021-03-08 16:26:32 +01:00
Erik Krogh Kristensen
29ae737475 update expected output for MalformedRegExp 2021-03-08 13:50:58 +01:00
Erik Krogh Kristensen
b3ee70f4f7 update expected output for trap test 2021-03-08 13:06:17 +01:00
Erik Krogh Kristensen
bff59a1aaa fix parse error in regular expressions 2021-03-08 12:04:11 +01:00
Jaroslav Lobačevski
673e64909a github actions queries 2021-03-06 10:27:11 +02:00
CodeQL CI
d7b9251b0d Merge pull request #5262 from max-schaefer/event-handler-receiver-is-dom-element 
Approved by asgerf
 2021-03-05 02:04:59 -08:00
Marcono1234
5a8ffa5a85 Use .inc.qhelp extension for included help files 2021-03-04 22:04:48 +01:00
CodeQL CI
15049ca853 Merge pull request #5183 from erik-krogh/next 
Approved by asgerf
 2021-03-04 04:57:43 -08:00
Anders Schack-Mulligen
45f52289ea Merge branch 'main' into java/merge-5226 2021-03-04 11:36:16 +01:00
CodeQL CI
342c7abd74 Merge pull request #5301 from asgerf/js/ajv-model 
Approved by erik-krogh
 2021-03-04 01:27:38 -08:00
Taus
c1fd48468a Merge pull request #5286 from RasmusWL/share-crypto-algorithms 
Python/JS: Share modeling of crypto algorithms
 2021-03-03 17:00:01 +01:00
Marcono1234
b9c0193022 Sync .qhelp file renaming to other languages 2021-03-03 15:38:08 +01:00
Rasmus Wriedt Larsen
c3175ae7b1 Python/JS: Sync CryptoAlgorithms.qll 2021-03-03 14:18:33 +01:00
Erik Krogh Kristensen
b9450c901a remove development comment 2021-03-03 11:18:09 +01:00
Erik Krogh Kristensen
95a1edcabc refactor FunctionStyleClass to get a better join-order 2021-03-02 15:22:38 +01:00
Erik Krogh Kristensen
4d33407f6c optimize getACalleeValue 2021-03-02 15:21:36 +01:00
Asger F
919ee38049 Update javascript/ql/src/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-02 14:02:35 +00:00
Asger F
6c884f86d2 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-02 14:01:59 +00:00
Asger Feldthaus
6e0322dc60 JS: Add DeepResourceExhaustion test 2021-03-02 13:56:43 +00:00