codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	c6668da02e	expand how indirectCommandArguments are found	2020-02-07 15:00:05 +01:00
Esben Sparre Andreasen	736ccb98c2	JS: model the `send` library for `js/path-injection`	2020-02-07 12:45:32 +01:00
Erik Krogh Kristensen	8ea6070120	add indirect command injection sink for a concatenated array	2020-02-07 11:04:34 +01:00
Asger Feldthaus	f84af74d1d	JS: Handle more libraries	2020-02-06 14:59:52 +00:00
Asger Feldthaus	c559ab13e7	JS: Add test and handle parameter with source object	2020-02-06 14:59:52 +00:00
Erik Krogh Kristensen	1f7dda7fbc	add dataflow barrier for if(xrandr)	2020-02-06 12:55:44 +01:00
Erik Krogh Kristensen	d8a30c48a3	update expected output of TaintedPath tests	2020-02-06 09:47:15 +01:00
semmle-qlci	163285bee7	Merge pull request #2735 from asger-semmle/prototype-pollution-manual-dataflow Approved by esbena	2020-02-05 12:52:59 +00:00
semmle-qlci	53763c789f	Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path Approved by erik-krogh	2020-02-05 10:53:39 +00:00
semmle-qlci	52f34d7178	Merge pull request #2715 from erik-krogh/PrivateFields Approved by asgerf	2020-02-05 10:20:28 +00:00
Erik Krogh Kristensen	ffc6fddddd	update expected test output	2020-02-05 10:52:40 +01:00
Erik Krogh Kristensen	76aca02752	change the pseudo-property on URL to a two-stage process	2020-02-05 10:27:03 +01:00
Erik Krogh Kristensen	8d37c03209	using pseudo-properties to model URL parsing	2020-02-04 16:30:07 +01:00
Asger Feldthaus	c185cededf	JS: More pruning and more data flow	2020-02-04 15:06:42 +00:00
Erik Krogh Kristensen	15e26666cd	add declaration for private field in syntax error test	2020-02-04 14:05:09 +01:00
semmle-qlci	bd51ef35b7	Merge pull request #2731 from erik-krogh/CVE527 Approved by esbena	2020-02-04 08:38:26 +00:00
Esben Sparre Andreasen	bbd60f52ba	JS: add additional flow steps to js/path-injection	2020-02-03 16:36:25 +01:00
Erik Krogh Kristensen	e3189aaa47	raise syntax error on declaration of private method, and add syntax tests for private fields	2020-02-03 16:00:25 +01:00
Esben Sparre Andreasen	c70997febf	JS: address review comments for js/unsafe-jquery-plugin	2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen	2ad9b843ae	JS: fix FP for js/unsafe-jquery-plugin	2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen	cfd567f01d	JS: fix FP for js/unsafe-jquery-plugin	2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen	9e247921fc	JS: add FP tests for js/unsafe-jquery-plugin	2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen	fef918ac13	JS: add query "Unsafe jQuery plugin"	2020-01-31 19:33:04 +01:00
Erik Krogh Kristensen	e6d46b9279	add test for new prefix check on TaintedPath	2020-01-31 12:35:03 +01:00
Erik Krogh Kristensen	162c19c348	changes based on review	2020-01-30 14:04:04 +01:00
Erik Krogh Kristensen	7637ebcc03	Merge remote-tracking branch 'upstream/master' into exceptionFPs	2020-01-30 10:56:41 +01:00
Asger Feldthaus	b98db62e82	JS: Recognize req.user a cookie access	2020-01-24 09:44:20 +00:00
Asger Feldthaus	a68bb9ffd1	JS: Ignore calls and csrf/captcha access	2020-01-23 15:32:05 +00:00
Asger Feldthaus	b1ec3e1bf2	JS: Add test and dont check predecessors	2020-01-23 14:59:03 +00:00
Erik Krogh Kristensen	6494649125	fix a number of FPs in js/exception-xss	2020-01-20 15:11:57 +01:00
semmle-qlci	4efc418e2c	Merge pull request #2617 from asger-semmle/prototype-pollution-utility Approved by esbena, mchammer01	2020-01-16 13:02:07 +00:00
Asger Feldthaus	6d9306366c	JS: ignore useless-expr in first stmt in try block	2020-01-15 11:49:23 +00:00
semmle-qlci	3c4749be88	Merge pull request #2624 from asger-semmle/js-duplicate-alert-strict-mode Approved by max-schaefer	2020-01-14 11:59:45 +00:00
Asger F	2c05ee8ab8	JS: Add regression test	2020-01-14 10:53:00 +00:00
Asger F	9bd3c4a11c	JS: Add sanitizer for "in" exprs	2020-01-14 10:53:00 +00:00
Asger Feldthaus	7ac30e2289	JS: Add test for rephinement nodes	2020-01-14 10:53:00 +00:00
Asger F	a447645c10	JS: Add test with typeof on value	2020-01-14 10:52:59 +00:00
Asger F	bd9405ab84	JS: Guard against more FPs	2020-01-14 10:52:59 +00:00
Asger F	f7543aec95	JS: Support Reflect.ownKeys	2020-01-14 10:52:59 +00:00
Asger F	8af233307a	JS: Support enumeration through Object.entries	2020-01-14 10:52:59 +00:00
Asger F	96bf9db200	JS: Add another test and more barriers	2020-01-14 10:52:59 +00:00
Asger F	bc7871078a	JS: Fix FPs from Object.create(null)	2020-01-14 10:52:59 +00:00
Asger F	c889420dd3	JS: Add qhelp samples to test suite	2020-01-14 10:52:59 +00:00
Asger F	654f145772	JS: Add PrototypePollutionUtility query	2020-01-14 10:52:59 +00:00
Asger Feldthaus	73e60a7400	JS: Ignore strict-mode-call-stack-introspection for expr stmts	2020-01-13 16:03:03 +00:00
semmle-qlci	f1f69ef85d	Merge pull request #2589 from esbena/js/ignore-duplicate-params-for-empty-functions Approved by erik-krogh	2020-01-09 11:58:04 +00:00
Max Schaefer	308da0774d	Merge pull request #2525 from asger-semmle/promise-missing-await JS: New query: missing await	2020-01-08 15:29:45 +00:00
Asger Feldthaus	66a16d21a9	JS: Fix buggy test cases	2020-01-07 10:19:09 +00:00
Asger Feldthaus	2d534163d0	JS: Add test for empty regex	2020-01-07 10:10:29 +00:00
Asger Feldthaus	9f6e04887b	JS: Fix FP from word boundaries	2020-01-07 10:09:17 +00:00

... 38 39 40 41 42 ...

2691 Commits