hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

85 Commits

Author SHA1 Message Date
Napalys Klicius
6cfc950159 JS: Model GraphQLObjectType resolve params as sources 2025-09-19 14:39:36 +02:00
Napalys Klicius
d88bc8e408 JS: Add test case for GraphQLObjectType 2025-09-19 14:23:40 +02:00
Napalys Klicius
7affcf40c2 JS: Add variableValues to the previous summaryModel to enchance the flow. 2025-09-17 12:24:14 +02:00
Napalys Klicius
6c18b4de40 JS: Add test case for graph ql variableValues injection 2025-09-17 12:21:21 +02:00
Napalys Klicius
4282005e32 JS: Add summary model for graphql's rootValue 2025-09-17 11:48:44 +02:00
Napalys Klicius
a6d728a66d JS: Add test case with missing alert using graphql 2025-09-17 11:23:49 +02:00
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Asger F
61887beae0 JS: Add test case for false positive 2025-06-23 16:03:41 +02:00
Napalys Klicius
71f1b82a56 Added support for fastify.all 2025-04-30 14:54:09 +02:00
Napalys Klicius
6d61766366 Added test case for fastify.all 2025-04-30 14:50:35 +02:00
Napalys
fdfdcc0d93 Undo unnecessary name tracking for request, response objects 2025-04-22 14:16:45 +02:00
Asger F
00661b62dc JS: Add isMiddlewareSetup() hook to Routing model 2025-04-22 12:00:02 +02:00
Napalys
5c3556da66 Add user-controlled property tracking and update code injection alerts in Fastify hooks 2025-04-15 09:41:52 +02:00
Napalys
9b194ea613 Added addHook to RouteSetup thus now it is recognized now as rouute handler 2025-04-15 09:37:13 +02:00
Napalys
c175081698 Added test cases for fastify.addHook 2025-04-15 09:33:41 +02:00
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
64d39da5f8 JS: Accept Sources/Sink tags 2025-02-28 13:29:30 +01:00
Asger F
e026b9e048 JS: Mark regressions due to lack of local field steps 2025-02-28 13:27:52 +01:00
Asger F
10a7294327 JS: Accept trivial test changes 
This adds Alert annotations for alerts that seem intentional by the test
but has not been annotated with 'NOT OK', or the comment was in the wrong
place.

In a few cases I included 'Source' expectations to make it easier to see
what happened. Other 'Source' expectations will be added in bulk a later
commit.
 2025-02-28 13:27:43 +01:00
Asger F
0453ded338 JS: Add query ID to some alerts 2025-02-28 13:27:41 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
426edd55f2 JS: Update output after line number change 
Some OK-style comments had to be moved to the following line, shifting line numbers.

In selected range also included the comments themselves.

Lastly, the result sets were reordered by the CLI in some cases.
 2025-02-28 13:27:31 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
Asger F
d79f429978 JS: Update changes to nodes/edges/subpaths 
No changes in actual alerts
 2025-02-17 10:36:05 +01:00
Asger F
52ba91a7f8 JS: Updates to nodes/edges in tests 
Only changes to nodes/edges for various reasons, no actual result changes
 2024-10-29 08:32:13 +01:00
Asger F
2e2181be2c JS: Update test output that only affects nodes/edges/subpaths 2024-08-27 11:35:33 +02:00
Asger F
2473274681 JS: Benign test output changes 2024-06-27 09:06:45 +02:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
9b46c4596c JS: Update HeuristicSoruceCodeInjection test 2023-10-13 13:15:08 +02:00
Asger F
32022ccbda JS: Port UnsafeCodeConstruction 2023-10-13 13:15:05 +02:00
Asger F
9128722627 JS: Port ImproperCodeSanitization 2023-10-13 13:15:05 +02:00
Asger F
fcfab5238e JS: Port CodeInjection 2023-10-13 13:15:03 +02:00
jorgectf
2ac334bf15 Adapt Webix modeling to support HTML use-cases 2023-06-28 15:26:30 +02:00
jorgectf
1e663b8889 Update HeuristicSourceCodeInjection.expected 2023-06-26 13:32:20 +02:00
Jorge
08b9a5e2b2 Add missing ; 2023-06-23 23:10:06 +02:00
jorgectf
6947e99c15 Add models for webix 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-06-22 01:07:33 +02:00
Asger F
1a9956354e JS: Restrict getInput to indirect command injection query 2023-05-03 16:10:03 +02:00
Asger F
08785a4063 JS: Add sources from actions/core 2023-05-01 11:42:17 +02:00
Asger F
cb95dbfa14 JS: Add tests 2023-05-01 11:42:17 +02:00
erik-krogh
34fe1a8f5e use SSA in the GetLaterAccess module 2023-03-21 15:19:15 +01:00
erik-krogh
6192544fb4 add test for express-ws as a source 2023-02-13 15:26:50 +01:00
erik-krogh
02da718786 add code-injection sink for node-pty 2023-01-30 15:14:25 +01:00
erik-krogh
fc38bf0429 Merge branch 'main' into aliasFlow 2022-11-07 09:46:48 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
erik-krogh
dcdff7a995 Merge branch 'main' into aliasFlow 2022-09-22 16:01:31 +02:00
erik-krogh
843fce4bcd expand localFieldStep to use access-paths, and build access-paths in more cases 2022-09-13 21:43:06 +02:00
erik-krogh
a35fe1ffab Merge branch 'main' into js-followMsg 2022-09-08 13:09:15 +02:00
erik-krogh
6447234428 recognize calls to Function where spread arguments are used 2022-09-07 22:55:51 +02:00
erik-krogh
e829387cdb add failing test for call the Function with a spread argument 2022-09-07 22:54:21 +02:00