hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
semmle-qlci
6f2e485ace Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible 
Approved by esben-semmle
 2019-09-19 12:45:45 +01:00
Erik Krogh Kristensen
7671b6759b import DataFlow::PathGraph from the ql file instead of the qll file 2019-09-19 11:59:45 +02:00
Erik Krogh Kristensen
bbf7e56e47 remove unused import in query 2019-09-19 11:49:20 +02:00
Max Schaefer
4e1e7bc127 JavaScript: Apply review suggestion. 
Co-Authored-By: Esben Sparre Andreasen <42067045+esben-semmle@users.noreply.github.com>
 2019-09-19 09:40:28 +01:00
Esben Sparre Andreasen
b631bfc8eb Merge branch 'master' into node-js-classification 2019-09-19 09:42:26 +02:00
Asger F
71763af2d5 JS: Further restrict receiver type inference 2019-09-18 16:18:10 +01:00
Asger F
e724f92ee8 JS: Also summarize loads 2019-09-18 16:18:10 +01:00
Asger F
ffc69cb61e JS: Summarize functions in type tracking 2019-09-18 16:17:59 +01:00
Asger F
3479f02082 JS: Add test showing lack of flow out of inner function 2019-09-18 16:17:22 +01:00
Asger F
76438f98ad JS: Add DomValuesRefs metric 2019-09-18 16:17:21 +01:00
Asger F
0924de4c56 JS: Simplify call graph metric 2019-09-18 16:17:21 +01:00
semmle-qlci
57a6c0c20d Merge pull request #1918 from esben-semmle/js/improve-getAResponseDataNode 
Approved by asger-semmle
 2019-09-18 14:03:45 +01:00
semmle-qlci
479fca9e30 Merge pull request #1946 from xiemaisi/js/top-level-await 
Approved by asger-semmle
 2019-09-18 12:32:09 +01:00
semmle-qlci
b4b7314757 Merge pull request #1941 from xiemaisi/js/fix-incorrect-suffix-check-performance 
Approved by asger-semmle
 2019-09-18 12:31:46 +01:00
Max Schaefer
3970ead7ab JavaScript: Add support for rate-limiter-flexible package. 2019-09-18 12:25:33 +01:00
Max Schaefer
9ff5c7007a JavaScript: Add support for top-level await. 2019-09-18 09:56:21 +01:00
Esben Sparre Andreasen
ac6554b7da Merge branch 'master' into js/improve-getAResponseDataNode 2019-09-17 13:18:41 +02:00
Max Schaefer
df739e0fca JavaScript: Fix performance regression in IncorrectSuffixCheck. 2019-09-16 15:25:17 +01:00
Esben Sparre Andreasen
a5645e168a JS: exclude keys from whitelist 2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen
0e2d2f8662 JS: whitelist some hardcoded dummy-passwords in two queries 2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen
aa3f4a7048 JS: change passwords in tests 2019-09-16 10:09:59 +02:00
Asger F
a8e8ae868a JS: Update extractor version string 2019-09-13 15:48:31 +01:00
Asger F
173f32d2ba JS: Recognize 'require' calls in more cases 2019-09-13 15:48:31 +01:00
Asger F
3b7ecd5ccf JS: Add NumModules metric 2019-09-13 15:48:31 +01:00
Erik Krogh Kristensen
9dc9adda64 fix capitalization in test case 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:54:18 +01:00
Erik Krogh Kristensen
3fb64abb09 fix consistency and spelling in the documentation 
suggestions from the documentation team

Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:52:11 +01:00
Erik Krogh Kristensen
c4f27ed4cc rename TaintedLength to LoopBoundInjection 2019-09-13 11:12:01 +01:00
Erik Krogh Kristensen
673e883c21 use superscript to denote the size of the tainted object 2019-09-13 11:00:11 +01:00
semmle-qlci
d0d3882121 Merge pull request #1919 from esben-semmle/js/fixup-1 
Approved by asger-semmle, xiemaisi
 2019-09-13 10:40:38 +01:00
semmle-qlci
1313821a25 Merge pull request #1904 from erik-semmle/passportModel 
Approved by asger-semmle, esben-semmle
 2019-09-13 10:38:14 +01:00
Erik Krogh Kristensen
5b2b60f132 change DOS to DoS, and other small documentation fixes 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2019-09-13 10:26:01 +01:00
Erik Krogh Kristensen
c2efb0afe7 two tiny qldoc changes 2019-09-12 16:58:07 +01:00
Erik Krogh Kristensen
119b1ffb80 changes based on review from max 2019-09-12 16:30:42 +01:00
Erik Krogh Kristensen
dc891dc420 added js/loop-bound-injection to javascript security suite 2019-09-12 15:50:50 +01:00
Erik Krogh Kristensen
3d359bc8dc Merge remote-tracking branch 'upstream/master' into taintedLength 2019-09-12 15:24:36 +01:00
Erik Krogh Kristensen
30f1bcf5bc updated query ID and expected output 2019-09-12 15:24:33 +01:00
Erik Krogh Kristensen
2db0cdf4e2 two small qhelp fixes 2019-09-12 10:00:08 +01:00
semmle-qlci
72db219c13 Merge pull request #1910 from xiemaisi/js/unused-index-variable 
Approved by esben-semmle, shati-semmle
 2019-09-11 14:33:32 +01:00
Erik Krogh Kristensen
493a31d98d more fixes based on review 2019-09-11 12:53:59 +01:00
Max Schaefer
500cde68c3 JavaScript: Add new query UnusedIndexVariable. 2019-09-11 11:36:50 +01:00
Esben Sparre Andreasen
9aa0e711b2 JS: update expected output 2019-09-11 12:33:41 +02:00
Erik Krogh Kristensen
bec522f0df small changes based on review feedback 2019-09-11 11:26:59 +01:00
Esben Sparre Andreasen
086c473c18 JS: sharpen js/http-to-file-access 2019-09-11 12:05:33 +02:00
Esben Sparre Andreasen
0e31cad027 JS: simplify this.getStringValue() to getStringValue() 2019-09-11 10:56:49 +02:00
Esben Sparre Andreasen
ee106ccff9 JS: simplify asExpr().getStringValue() calls 2019-09-11 10:56:57 +02:00
Esben Sparre Andreasen
aab17850d1 JS: eliminate redundant ConstantString casts 2019-09-11 10:56:49 +02:00
semmle-qlci
16c95d8c5e Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting 
Approved by xiemaisi
 2019-09-11 09:16:57 +01:00
Esben Sparre Andreasen
f3de75ae07 JS: update a js/code-injection test 2019-09-11 09:45:54 +02:00
Esben Sparre Andreasen
e41080fb40 JS: add RemoteServerResponse as a heuristic remote flow source 2019-09-11 09:38:18 +02:00
Esben Sparre Andreasen
f7bfc472c1 JS: treat server responses as untrusted for command injections 2019-09-11 09:38:18 +02:00