hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,893 Commits 1,672 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

2691 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
c14a485ca7 recognize more HttpResponseSink by restricting the hasNonHtmlHeader check 2020-03-02 10:10:34 +01:00
Erik Krogh Kristensen
71ff32e930 recognize another prefix check for js/path-injection 2020-02-28 14:55:41 +01:00
Esben Sparre Andreasen
a589061bee JS: add type-tracking to the fs-module and model the original-fs 2020-02-28 12:54:59 +01:00
Esben Sparre Andreasen
5a3a1c480d JS: add tests for the fs-module and friends 2020-02-28 12:21:10 +01:00
Erik Krogh Kristensen
ce9cd53bf1 Merge remote-tracking branch 'upstream/master' into UselessCat 2020-02-28 09:56:23 +01:00
Asger Feldthaus
52ebe49a0b JS: Flag deep assignments in prototype pollution query 2020-02-27 12:17:55 +00:00
Erik Krogh Kristensen
9c06c48dc7 Merge pull request #2884 from esbena/js/practically-exploitable-redos 
JS: add query js/exploitable-polynomial-redos
 2020-02-27 10:19:17 +01:00
Esben Sparre Andreasen
1b73cee692 JS: add js/exploitable-polynomial-redos 2020-02-27 08:42:43 +01:00
Erik Krogh Kristensen
dc6bfad023 Merge remote-tracking branch 'upstream/master' into CVE481 2020-02-25 16:25:03 +01:00
semmle-qlci
03b882381a Merge pull request #2723 from esbena/js/support-path-is-inside 
Approved by asgerf
 2020-02-25 11:21:24 +00:00
Erik Krogh Kristensen
87d283aa6c add tests for third party command execution libraries (and two small fixes) 2020-02-25 10:50:59 +01:00
Asger F
160fc48803 Merge pull request #2896 from asger-semmle/typescript-3.8 
TS: Support Typescript 3.8
 2020-02-25 08:19:01 +00:00
Esben Sparre Andreasen
5baba62154 JS: model path-is-inside+is-path-inside for js/path-injection 2020-02-24 23:10:15 +01:00
Esben Sparre Andreasen
86b836cd29 JS: add tests for js/path-injection 2020-02-24 23:03:42 +01:00
semmle-qlci
317356e591 Merge pull request #2898 from asger-semmle/js/prototype-pollution-isobject-sanitizers 
Approved by erik-krogh
 2020-02-24 13:35:32 +00:00
Erik Krogh Kristensen
fb94af9764 remove the last dependency on PrettyPrinting 2020-02-24 13:18:15 +01:00
Erik Krogh Kristensen
473787a426 refactor the getOptionsArg predicate into the SystemCommandExecution class 2020-02-24 12:59:20 +01:00
Asger Feldthaus
260b243c28 TS: Add test case to DeclBeforeUse 2020-02-24 11:40:27 +00:00
Asger Feldthaus
f923b24bc5 JS: Fix test 2020-02-24 11:19:23 +00:00
Erik Krogh Kristensen
44db0f4e5d better printing of the options arg 2020-02-21 15:39:49 +01:00
Asger Feldthaus
d1df251b92 JS: Proto pollution: Add is-plain-object sanitizer 2020-02-21 14:38:33 +00:00
Erik Krogh Kristensen
90e5671d98 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE481 2020-02-21 15:25:07 +01:00
Erik Krogh Kristensen
75410e5760 big refactor of UselessUseOfCal 2020-02-21 14:26:42 +01:00
Erik Krogh Kristensen
b1cbfce50b use SystemCommandExecution and a few small fixes 2020-02-20 14:17:37 +01:00
Erik Krogh Kristensen
03e295ef11 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74 2020-02-20 12:19:32 +01:00
semmle-qlci
f6af5da7f7 Merge pull request #2778 from erik-krogh/FalsySanitizer 
Approved by asgerf
 2020-02-20 11:17:03 +00:00
Erik Krogh Kristensen
63036aa444 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74 2020-02-20 12:09:06 +01:00
Erik Krogh Kristensen
12c0291dde require that an options object has a known set of properties 2020-02-20 11:35:11 +01:00
Erik Krogh Kristensen
b5ef45e6c2 add isSync predicate to SystemCommandExecution 2020-02-20 11:30:23 +01:00
Erik Krogh Kristensen
a193cb110e support arrow functions in the callbacks 2020-02-20 11:13:39 +01:00
Erik Krogh Kristensen
56f3e431f9 update expected output 2020-02-20 10:28:53 +01:00
Erik Krogh Kristensen
bdab9ee12b change useless cat query to only flag instances that can be re-written to 2020-02-19 16:59:28 +01:00
Asger Feldthaus
77105f6572 JS: Do not flag void operands MissingAwait 2020-02-19 09:30:03 +00:00
Erik Krogh Kristensen
344060e139 accept IO redirections as OK 2020-02-19 10:12:24 +01:00
Erik Krogh Kristensen
73a7d406a5 add query for useless use of cat 2020-02-18 19:18:45 +01:00
Esben Sparre Andreasen
abe7aeef7c Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
Erik Krogh Kristensen
56e5bd50f6 update expected output 2020-02-17 14:55:08 +01:00
Erik Krogh Kristensen
2885d48ad0 changes based on review 2020-02-17 14:44:10 +01:00
Erik Krogh Kristensen
d1a58f1d17 Merge remote-tracking branch 'upstream/master' into CVE74 2020-02-17 13:18:52 +01:00
Erik Krogh Kristensen
5375604109 calling pop or shift on a SplitPath returns a PosixPath 2020-02-17 13:15:46 +01:00
Erik Krogh Kristensen
46cbeb0bc6 add more steps to the SplitPath label 2020-02-17 12:58:27 +01:00
Erik Krogh Kristensen
a6d644bac0 add support for path.normalize(path.realtive(...)) 2020-02-14 13:10:35 +01:00
Erik Krogh Kristensen
94814fa721 fix typos in the test 2020-02-14 13:03:35 +01:00
Erik Krogh Kristensen
d765a33b8d add support for "../" prefixes in sanitizer 2020-02-14 12:36:54 +01:00
Erik Krogh Kristensen
3a146514ce add sanitizer for relative ".." in js/path-injection 2020-02-14 10:51:48 +01:00
semmle-qlci
da566a4484 Merge pull request #2828 from erik-krogh/CVE24 
Approved by esbena
 2020-02-14 09:12:48 +00:00
semmle-qlci
769dce511b Merge pull request #2788 from erik-krogh/CVE42-sink 
Approved by esbena
 2020-02-14 08:00:00 +00:00
Erik Krogh Kristensen
897bb4d801 add test for chrome-remote-interface 2020-02-13 15:12:45 +01:00
Erik Krogh Kristensen
0f511c92b4 Merge remote-tracking branch 'upstream/master' into FalsySanitizer 2020-02-10 09:54:58 +01:00
Erik Krogh Kristensen
06e13cb3a1 Merge branch 'master' of git.semmle.com:Semmle/ql into FalsySanitizer 2020-02-07 16:13:02 +01:00