hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
8664908f78 JS: split PrototypePollution.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
289c29828f JS: split UnvalidatedDynamicMethodCall.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
9e675d9973 JS: split TaintedFormatString.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
26c29cbde5 JS: split TypeConfusionThroughParameterTampering.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
8225d9923c JS: split ClientSideUrlRedirect.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
c3973c061e JS: split ZipSlip.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
29e69b32b0 JS: split XpathInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
48b655f1c7 JS: split CommandInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ccc171ce18 JS: split RemotePropertyInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
063abb5af9 JS: split PostMessageStar.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
3ad46cd5bf JS: split HardcodedCredentials.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ec6d233180 JS: split CleartextLogging.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
813253e0ac JS: split BrokenCryptoAlgorithm.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
27d0caed3e JS: split RegExpInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
c8a60f74f0 JS: split StackTraceExposure.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
f2b3fa57eb JS: split RequestForgery.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
6f6887993c JS: split Xxe.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
9d670f7d39 JS: split CleartextStorage.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
013f471cf6 JS: split TaintedPath.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
2bb702ceea JS: split SqlInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
2972c28e58 JS: split NosqlInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
057b18c316 JS: split ServerSideUrlRedirect.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
a89a073623 JS: split FileAccessToHttp.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
efe7ba4f3d JS: split InsecureRandomness.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
b85d3756b0 JS: split DifferentKindsComparisonBypass.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
56172317ed JS: split HardCodedDataInterpretedAsCode.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
d786f36120 JS: split CorsMisconfigurationForCredentials.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
1f54f3269d JS: split HttpToFileAccess.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ee6003655a JS: split UnsafeDynamicMethodAccess.qll 2019-07-04 22:42:55 +02:00
semmle-qlci
298aa92814 Merge pull request #1543 from xiemaisi/js/reflective-call-flow 
Approved by asger-semmle
 2019-07-04 12:02:24 +01:00
Max Schaefer
91a718cfe5 JavaScript: Fix data flow out of reflective calls. 
We were previously missing a data-flow edge from reflected calls to the corresponding reflective call, that is, for `f.call(...)` we didn't have a flow edge from the implicit call to `f` to the result of `f.call(...)`.
 2019-07-04 08:29:04 +01:00
Esben Sparre Andreasen
bb452bea45 JS: split UnsafeDeserialization.qll 2019-07-04 08:39:10 +02:00
Esben Sparre Andreasen
626f3fa598 JS: split ConditionalBypass.qll 2019-07-04 08:33:39 +02:00
semmle-qlci
40f7e6f514 Merge pull request #1540 from esben-semmle/js/bump-prototype-pollution-lodash 
Approved by xiemaisi
 2019-07-04 07:19:45 +01:00
semmle-qlci
6cda33c39e Merge pull request #511 from esben-semmle/js/classify-minified-by-variable-names 
Approved by xiemaisi
 2019-07-03 16:31:43 +01:00
semmle-qlci
b07a3e6725 Merge pull request #1439 from esben-semmle/js/configuration-node-separation 
Approved by asger-semmle, xiemaisi
 2019-07-03 16:31:10 +01:00
semmle-qlci
7fbc730b05 Merge pull request #1517 from asger-semmle/instance-type-tracking-final 
Approved by xiemaisi
 2019-07-03 08:26:16 +01:00
semmle-qlci
44823ca46d Merge pull request #1522 from asger-semmle/ts-stringify-recursive-type-alias 
Approved by xiemaisi
 2019-07-03 08:25:50 +01:00
Esben Sparre Andreasen
051c6ca31f JS: split CodeInjection.qll into two parts 2019-07-03 09:18:27 +02:00
Esben Sparre Andreasen
ecf367fa65 JS: bump vulnerable lodash version for prototype pollution 
See https://github.com/lodash/lodash/pull/4336
 2019-07-03 08:18:16 +02:00
Asger F
70cbecaf1b JS: Update more test outputs 2019-07-02 21:08:13 +01:00
Asger F
52a5bce10d TS: Update test affected by new stringification 2019-07-02 21:01:47 +01:00
Asger F
329ff0db1b JS: Add an use getAPropertySource() 2019-07-02 10:09:06 +01:00
Asger F
5ce08e2c78 JS: Address review comments 2019-07-02 10:09:06 +01:00
Asger F
408fd3e106 JS: Augment call graph using type-tracked class instances 2019-07-02 10:09:06 +01:00
Asger F
779d98a143 JS: Prevent bad join in hasOwnProperty 2019-07-02 10:09:05 +01:00
Max Schaefer
bfb236f56d JavaScript: Add more default source nodes. 
In particular, `await`, `yield` and dynamic `import` expressions are now source nodes, as well as a few other experimental and legacy language features involving non-local flow.
 2019-07-02 08:10:28 +01:00
semmle-qlci
71c86fa69b Merge pull request #1527 from esben-semmle/js/classify-more-generated-and-tests 
Approved by asger-semmle
 2019-07-02 07:38:10 +01:00
semmle-qlci
26fd1b91cf Merge pull request #1485 from esben-semmle/js/fix-yaml-strings 
Approved by xiemaisi
 2019-07-02 07:00:43 +01:00
semmle-qlci
b0b152aaaa Merge pull request #1529 from xiemaisi/js/getter-summaries 
Approved by asger-semmle
 2019-07-02 06:16:34 +01:00