hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

2691 Commits

Author SHA1 Message Date
Asger Feldthaus
3242f5ed94 JS: Include qhelp example in test suite 2020-06-15 17:37:26 +01:00
Asger Feldthaus
7091a9f704 JS: Special-case alert message for type annotations 2020-06-15 17:17:47 +01:00
Asger Feldthaus
c8ab69af11 JS: Avoid duplicate alerts 2020-06-15 16:57:54 +01:00
Asger Feldthaus
f380898126 JS: Add test showing duplicate alerts 2020-06-15 16:40:37 +01:00
Asger Feldthaus
51d143d6f1 JS: Add test with destructuring pattern that looks like type annotations 2020-06-15 16:35:36 +01:00
Erik Krogh Kristensen
3ef5dc74a1 add backtracking to find division that end up being rounded 2020-06-15 17:10:10 +02:00
Asger F
d844e0025a Merge pull request #3651 from esbena/js/bad-multicharacter-sanitization 
JS: initial version of IncompleteMultiCharacterSanitization.ql
 2020-06-12 16:25:22 +01:00
Erik Krogh Kristensen
01c51eea89 Merge pull request #3680 from erik-krogh/bad-code-sanitizer 
JS: Add query to detect bad code sanitizers
 2020-06-12 14:00:21 +02:00
Erik Krogh Kristensen
c9fc1a378d Merge pull request #3663 from erik-krogh/bad-crypto 
JS: Introduce query to detect biased random number generators
 2020-06-12 11:32:12 +02:00
Erik Krogh Kristensen
908edb39b9 unsecure -> insecure 2020-06-12 11:02:26 +02:00
Erik Krogh Kristensen
86b23b239e Merge pull request #3656 from erik-krogh/destruct-yargs 
JS: support rest-patterns inside property patterns
 2020-06-12 10:57:24 +02:00
Erik Krogh Kristensen
9780fcf8fe fix ftp protocol regexp 2020-06-12 10:54:56 +02:00
Erik Krogh Kristensen
3f957103ed improve alert message - and autoformat 2020-06-12 10:53:19 +02:00
Erik Krogh Kristensen
02c4a0477d add tests for js/build-artifact-leak 2020-06-12 10:21:37 +02:00
Esben Sparre Andreasen
1bdae109c5 Merge pull request #3686 from esbena/js/insecure-http-options 
JS: add query js/disabling-certificate-validation
 2020-06-12 08:40:12 +02:00
semmle-qlci
5c2f1169d0 Merge pull request #3679 from asger-semmle/js/dom-value-ref-restriction 
Approved by erik-krogh, esbena
 2020-06-12 07:39:26 +01:00
Esben Sparre Andreasen
243e3ad9e3 Merge pull request #3672 from esbena/js/server-crashing-route-handler 
JS: add initial version of ServerCrash.ql
 2020-06-12 08:38:37 +02:00
Erik Krogh Kristensen
5b491313ad add simple query for detecting sensitive files downloaded over unsecure connection 2020-06-11 23:19:28 +02:00
Erik Krogh Kristensen
ef72c03ca9 use simpler taint-step for DestructingPattern 2020-06-11 23:16:46 +02:00
Esben Sparre Andreasen
bc7f02156b JS: replace class with two predicates (and improve alert message) 2020-06-11 13:20:46 +02:00
Erik Krogh Kristensen
7c7af8d841 less heuristics when flagging division that is rounded 2020-06-11 12:55:13 +02:00
Esben Sparre Andreasen
2e059376fd JS: add query js/disabling-certificate-validation 2020-06-11 12:32:01 +02:00
Erik Krogh Kristensen
c375a0c611 fix compilation and update expected output 2020-06-11 11:16:38 +02:00
Erik Krogh Kristensen
1124816f73 fixing FPs in js/biased-cryptographic-random 2020-06-11 11:06:02 +02:00
Asger Feldthaus
4bb2e8b637 JS: Update test externs and include array indices 2020-06-11 09:53:55 +01:00
Erik Krogh Kristensen
aa3482cbae improve detection of duplicate results with js/code-injection 2020-06-10 22:58:02 +02:00
Esben Sparre Andreasen
d6ae905eac JS: remove speculative property access sink from js/server-crash 2020-06-10 21:40:12 +02:00
Erik Krogh Kristensen
373a437d71 add query to detect improperly sanitized code 2020-06-10 19:50:12 +02:00
Erik Krogh Kristensen
5c31b94761 autoformat and update expected output 2020-06-10 18:00:56 +02:00
Esben Sparre Andreasen
1d396524a3 JS: add initial version of ServerCrash.ql 2020-06-10 14:25:56 +02:00
Erik Krogh Kristensen
c4f61134f1 include the source of cryptographically random number in alert message 2020-06-10 13:32:46 +02:00
Erik Krogh Kristensen
7e8fd80327 use steps from InsecureRandomness, and use small-steps 2020-06-10 12:27:50 +02:00
Erik Krogh Kristensen
9189f23403 add support for secure-random 2020-06-10 10:39:02 +02:00
Erik Krogh Kristensen
16ec405724 add explanations about modulo by power of 2 2020-06-10 10:38:47 +02:00
Erik Krogh Kristensen
111f6d406c introduce query to detect biased random number generators 2020-06-10 10:00:10 +02:00
Erik Krogh Kristensen
b8a9ac39f4 add lValueFlowStep for rest-pattern nested inside a property-pattern (and removed old incorrect approach) 2020-06-09 18:16:00 +02:00
Erik Krogh Kristensen
b6e0e6645f Merge pull request #3645 from erik-krogh/infExposure 
JS: add query to detect accidential leak of private files
 2020-06-09 17:38:31 +02:00
Erik Krogh Kristensen
b510e470b1 support rest-patterns inside property patterns 2020-06-09 13:28:56 +02:00
Erik Krogh Kristensen
b04d7015ae fix test 2020-06-09 11:23:46 +02:00
Esben Sparre Andreasen
2d2468463b JS: initial version of IncompleteMultiCharacterSanitization.ql 2020-06-09 08:59:59 +02:00
Erik Krogh Kristensen
167239e745 add query to detect accidential leak of private files 2020-06-08 23:41:14 +02:00
Erik Krogh Kristensen
0f06f04e32 extend support for yargs for js/indirect-command-line-injection 2020-06-08 16:45:09 +02:00
semmle-qlci
ff6936caa7 Merge pull request #3625 from erik-krogh/CVE714 
Approved by asgerf
 2020-06-05 12:21:10 +01:00
semmle-qlci
69a1e11c06 Merge pull request #3609 from erik-krogh/CredFN 
Approved by asgerf, esbena
 2020-06-05 10:49:01 +01:00
Erik Krogh Kristensen
815671f5d0 add sanitizer guard for typeof undefined 2020-06-04 21:32:26 +02:00
Erik Krogh Kristensen
5ce2987cb2 adjust comments to reflect that tainted-path have no array-steps 2020-06-04 16:15:37 +02:00
Max Schaefer
9549b01e3c JavaScript: Turn on experimental language features for two tests. 
All other tests already pass with experimental features turned on, so once this is merged we can do so by default.
 2020-06-04 11:27:31 +01:00
Erik Krogh Kristensen
60320a9d78 update TaintedPath to use new consistency checking 2020-06-04 11:00:40 +02:00
Erik Krogh Kristensen
c7c46ea3d6 update test comments to be consistent 2020-06-04 10:55:09 +02:00
Erik Krogh Kristensen
550c578c3c use MemberShipTest in TaintedPath 2020-06-04 10:51:08 +02:00