hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Asger Feldthaus
88e5348da9 JS: Move RemotePropertyInjection test into subfolder 2021-03-02 13:56:39 +00:00
Asger Feldthaus
5d27cd934d JS: Move Source def into customizations lib 2021-03-02 13:52:33 +00:00
Asger Feldthaus
d916118ea4 JS: Move ExceptionXss source into Xss.qll 2021-03-02 13:16:10 +00:00
Erik Krogh Kristensen
47f4faa4e2 use local dataflow instead of type-inference for mayHaveBooleanValue 2021-03-02 14:06:38 +01:00
Erik Krogh Kristensen
ae56285331 use callgraph instead of type-inference for array taint-steps 2021-03-02 14:06:09 +01:00
Erik Krogh Kristensen
b20ce8bfca use callgraph instead of TypeInference in Testing.qll 2021-03-02 14:04:23 +01:00
Asger Feldthaus
fd9604c5ef JS: Update expected output for poly ReDoS 2021-03-02 12:39:05 +00:00
Asger Feldthaus
31721b5fe3 JS: Fix missing qldoc 2021-03-02 12:39:05 +00:00
Asger Feldthaus
05594f2936 JS: Change note 2021-03-02 12:39:05 +00:00
Asger Feldthaus
0bd60c1989 JS: Autoformat 2021-03-02 12:39:05 +00:00
Asger Feldthaus
12079cd1e4 JS: Recognize RegExps in JSON schemas 2021-03-02 12:39:04 +00:00
Asger Feldthaus
7afa755597 JS: Add ajv error as source of ExceptionXss 2021-03-02 12:39:04 +00:00
Asger Feldthaus
24199a5499 JS: Add query for resource exhaustion from deep object handling 2021-03-02 12:39:04 +00:00
Asger Feldthaus
b978359803 JS: Add schema validation as TaintedObject sanitizer 2021-03-02 12:39:04 +00:00
Erik Krogh Kristensen
55985c969b add change note 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
ecccb8a409 only flag React elements in ClientSideUrlRedirect if it's a HTML element, or known link class 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
36049f05f8 update Next.js xss example such that the attack is viable 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
1f02594ccc rename and move getAPropertyNameInterpretedAsJavaScriptUrl 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
5b5baced9a add support for replace in Next.js router 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
97032f8627 add ClientSideUrlRedirect sink for Next.js routers 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a79c30a818 support NextJS API endpoints 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
0e7e3e6178 support Next.js pages that export React components 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
1fdbbb682d support Next.js page request/response objects 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a5cf024c9f add support for getServerSideProps in Next.js 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
af262a035d add support for getInitialProps in Next.js 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
d63fcaf7f1 add step from getStaticProps to the component render function 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
9d7bb57d8a add parameter values from Next as a RemoteFlowSource 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
41a0c0b55e support React links in js/client-side-unvalidated-url-redirection 2021-03-02 12:25:49 +01:00
CodeQL CI
79839d2304 Merge pull request #5267 from erik-krogh/httpProxy 
Approved by asgerf
 2021-03-02 02:46:50 -08:00
CodeQL CI
2957131853 Merge pull request #5258 from erik-krogh/nextPerf 
Approved by asgerf
 2021-03-02 02:04:20 -08:00
CodeQL CI
9ea8f8201c Merge pull request #5265 from erik-krogh/cacheRemote 
Approved by asgerf
 2021-03-02 02:03:09 -08:00
Asger Feldthaus
26924a3378 JS: Regenerate stats for tuple_type_rest_index 2021-03-01 16:30:09 +00:00
Rasmus Wriedt Larsen
443780f27e Python/JS: Share modeling of cryptographic algorithms 
I didn't quite know where to place it for JS, so I tried my best :)

The canonical Python version might be changed in the future, but I wanted to
keep this change small.
 2021-02-27 11:39:35 +01:00
Erik Krogh Kristensen
af7a188bbd add change note 2021-02-26 17:18:30 +01:00
Erik Krogh Kristensen
214aa072b9 support host for http-proxy client requests 2021-02-26 17:18:29 +01:00
Erik Krogh Kristensen
cc48172fd8 add support for events in http-proxy 2021-02-26 17:17:47 +01:00
Erik Krogh Kristensen
ede1a40a02 add ClientRequst models for http-proxy 2021-02-26 17:17:46 +01:00
CodeQL CI
b7c0d18c4a Merge pull request #5278 from erik-krogh/formData 
Approved by asgerf
 2021-02-26 08:13:41 -08:00
Erik Krogh Kristensen
ae051af9d8 remove redundant code 2021-02-26 14:15:30 +01:00
CodeQL CI
0e70b58a41 Merge pull request #5205 from erik-krogh/ts42 
Approved by asgerf
 2021-02-26 05:06:40 -08:00
Erik Krogh Kristensen
c59e6fef80 add model for form-data 2021-02-26 10:54:46 +01:00
Erik Krogh Kristensen
00cfc77fc0 Revert "fix file lookup for exclude patterns" 
This reverts commit 74630b0fd8.
 2021-02-26 10:28:20 +01:00
Erik Krogh Kristensen
4ec3289ecc update relation name in .stats file 2021-02-26 10:26:08 +01:00
Erik Krogh Kristensen
bd19d5a93c remove is_abstract_signature.ql 2021-02-26 10:24:40 +01:00
Erik Krogh Kristensen
1cac692b1d Update javascript/ql/src/semmle/javascript/TypeScript.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-26 10:23:01 +01:00
Geoffrey White
0c4a5f5e2a Merge pull request #5266 from geoffw0/isis 
JS: Fix 'is, is' and 'is is'.
 2021-02-25 18:55:41 +00:00
CodeQL CI
1bd12e6fdf Merge pull request #5199 from asgerf/js/vue-router 
Approved by erik-krogh
 2021-02-25 07:32:57 -08:00
Geoffrey White
0e071b7b79 JS: Fix 'is, is' and 'is is'. 2021-02-25 14:16:25 +00:00
Max Schaefer
f93937f40a Add change note. 2021-02-25 10:51:01 +00:00
Max Schaefer
3fe249f25c Address review comments. 2021-02-25 10:48:23 +00:00