hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
8e316d2f05 add unary type-tracking predicates 2020-02-10 12:51:09 +01:00
Erik Krogh Kristensen
0f511c92b4 Merge remote-tracking branch 'upstream/master' into FalsySanitizer 2020-02-10 09:54:58 +01:00
semmle-qlci
37360e7d93 Merge pull request #2794 from esbena/js/move-EnumeratedPropName 
Approved by asgerf
 2020-02-07 21:31:37 +00:00
semmle-qlci
76ba48c6fb Merge pull request #2790 from esbena/js/model-send 
Approved by asgerf
 2020-02-07 21:30:54 +00:00
Asger Feldthaus
e4844bfad2 JS: Fix deprecated API usage 2020-02-07 17:17:48 +00:00
Asger Feldthaus
ad10414604 JS: Update expected output of existing test 2020-02-07 16:57:57 +00:00
Erik Krogh Kristensen
06e13cb3a1 Merge branch 'master' of git.semmle.com:Semmle/ql into FalsySanitizer 2020-02-07 16:13:02 +01:00
Erik Krogh Kristensen
c6668da02e expand how indirectCommandArguments are found 2020-02-07 15:00:05 +01:00
Asger Feldthaus
254af4f3a8 JS: Rewrite LodashUnderscore::AnalyzedThisInBoundCallback 2020-02-07 13:58:07 +00:00
Erik Krogh Kristensen
dd9e3d2fec expose TaintTracking::arrayFunctionTaintStep and add a step for "concat" 2020-02-07 14:57:32 +01:00
Asger Feldthaus
fea5a4331d JS: Rewrite React::AnalyzedThisInBoundCallback 2020-02-07 13:55:42 +00:00
Asger Feldthaus
3b28bdbeed JS: Rewrite AnalyzedThisInArrayIterationFunction 2020-02-07 13:55:36 +00:00
Asger Feldthaus
f942e69482 JS: Improve flow through partial invokes 2020-02-07 13:54:14 +00:00
Esben Sparre Andreasen
dcdaa96570 JS: remove unused imports 2020-02-07 14:10:50 +01:00
Esben Sparre Andreasen
cb30329b3d JS: make DynamicPropertyAccess.qll from PrototypePollutionUtility.ql 2020-02-07 13:57:52 +01:00
Erik Krogh Kristensen
1ece6b9afe update expected output of tests 2020-02-07 12:57:51 +01:00
semmle-qlci
125c6a071c Merge pull request #2787 from asger-semmle/js/lazy-cache-test-case 
Approved by esbena
 2020-02-07 11:53:04 +00:00
Esben Sparre Andreasen
736ccb98c2 JS: model the send library for js/path-injection 2020-02-07 12:45:32 +01:00
Erik Krogh Kristensen
8ea6070120 add indirect command injection sink for a concatenated array 2020-02-07 11:04:34 +01:00
Asger Feldthaus
a2fa6bb41f JS: Add test case for lazy-cache 2020-02-07 09:50:37 +00:00
Asger Feldthaus
a628f787e8 JS: Fix qldoc comment 2020-02-06 14:59:52 +00:00
Asger Feldthaus
f84af74d1d JS: Handle more libraries 2020-02-06 14:59:52 +00:00
Asger Feldthaus
c559ab13e7 JS: Add test and handle parameter with source object 2020-02-06 14:59:52 +00:00
Asger Feldthaus
34a9dce33d JS: Detect property enumeration through for-own 2020-02-06 14:59:52 +00:00
Asger Feldthaus
418f841749 JS: Handle imports through lazy-cache 2020-02-06 14:59:52 +00:00
semmle-qlci
180e9d4731 Merge pull request #2779 from asger-semmle/js/protopol-regression-fix 
Approved by esbena
 2020-02-06 14:58:19 +00:00
Erik Krogh Kristensen
75f23a189d update docstring 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-02-06 15:53:03 +01:00
Erik Krogh Kristensen
2865723059 add test for new barrier 2020-02-06 15:44:33 +01:00
Erik Krogh Kristensen
ade93e66e1 move the if(!x) from DataFLow to TaintTracking 2020-02-06 15:44:22 +01:00
Asger Feldthaus
7090124a1d JS: Implement type inference through export * as ns 2020-02-06 14:29:35 +00:00
Asger Feldthaus
a252a41459 JS: Rename/deprecate a predicate to loosen its return type 2020-02-06 14:27:23 +00:00
Asger Feldthaus
2b77c7969d JS: Add tests for 'export * as ns' 2020-02-06 14:04:12 +00:00
Asger Feldthaus
f5c805bad1 JS: Move tests into one file 2020-02-06 13:55:29 +00:00
Asger Feldthaus
54c521d41c JS: Fix typo in test query 2020-02-06 13:50:06 +00:00
Erik Krogh Kristensen
1f7dda7fbc add dataflow barrier for if(xrandr) 2020-02-06 12:55:44 +01:00
Asger Feldthaus
0345c48503 JS: Bump extractor version string 2020-02-06 11:04:59 +00:00
Asger Feldthaus
38ef07ce73 JS: Fix join ordering 2020-02-06 10:29:05 +00:00
Erik Krogh Kristensen
d8a30c48a3 update expected output of TaintedPath tests 2020-02-06 09:47:15 +01:00
semmle-qlci
5125dc7939 Merge pull request #2730 from esbena/js/model-path-parse 
Approved by asgerf
 2020-02-05 21:35:55 +00:00
semmle-qlci
163285bee7 Merge pull request #2735 from asger-semmle/prototype-pollution-manual-dataflow 
Approved by esbena
 2020-02-05 12:52:59 +00:00
Erik Krogh Kristensen
da28d3b971 add "hash" and "search" to URL taint step 2020-02-05 12:44:10 +01:00
semmle-qlci
a5e183bde3 Merge pull request #2619 from asger-semmle/ts-monorepo-deps 
Approved by erik-krogh, max-schaefer
 2020-02-05 10:57:55 +00:00
semmle-qlci
53763c789f Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path 
Approved by erik-krogh
 2020-02-05 10:53:39 +00:00
semmle-qlci
52f34d7178 Merge pull request #2715 from erik-krogh/PrivateFields 
Approved by asgerf
 2020-02-05 10:20:28 +00:00
Erik Krogh Kristensen
88bb1dc23d bind this in each of the step methods of UrlSearchParamsTaintStep 2020-02-05 10:58:13 +01:00
Erik Krogh Kristensen
30d5eb5a13 update docstrings 2020-02-05 10:53:34 +01:00
Erik Krogh Kristensen
ffc6fddddd update expected test output 2020-02-05 10:52:40 +01:00
Asger F
cf18bd7bb8 Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-05 09:48:16 +00:00
Asger Feldthaus
fd9975db85 JS: Address comments 2020-02-05 09:47:51 +00:00
Esben Sparre Andreasen
f6ad22dd1f Merge pull request #2758 from asger-semmle/js/string-concat-concat 
JS: Model concat() calls as string concatenation
 2020-02-05 10:41:02 +01:00