hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,672 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

32 Commits

Author SHA1 Message Date
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
64d39da5f8 JS: Accept Sources/Sink tags 2025-02-28 13:29:30 +01:00
Asger F
86932c51bc JS: Move some alerts to their correct location 
One of the diffs look confusing but:
Previously parameter {2,3} where flagged, now parameter {1,2} are flagged.

Note that for command injection, the SystemCommandExecution is flagged
despite the test file claiming otherwise.
 2025-02-28 13:27:40 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
Asger F
8818fcc207 JS: Benign test output changes 2024-11-26 15:47:13 +01:00
Asger F
d52bc971b8 Merge branch 'main' into js/shared-dataflow-merge-main 2024-11-20 14:05:03 +01:00
Napalys
70cf1a57bc Now catches usage of RegExp. after matchAll usage. 2024-11-08 08:59:31 +01:00
Napalys
c2baf0bd6d Added test where RegExp. is used after matchAll but it not flagged as potential issue 2024-11-08 08:56:12 +01:00
Napalys
dbd57e3870 Fixed issue where TaintTracking was not catching matchAll vulnerability 2024-11-07 13:40:10 +01:00
Napalys
a4fe728af2 Added matchAll test which is not marked as vulnurability by CodeQL 2024-11-07 13:35:09 +01:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
e9189f965f JS: Port LogInjection 2023-10-13 13:15:04 +02:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
erik-krogh
aa56ca37ae make the alert messages of taint-tracking queries more consistent 2022-09-05 14:04:52 +02:00
Erik Krogh Kristensen
178d3de824 Merge branch 'main' into logs 2021-07-16 11:21:25 +02:00
Erik Krogh Kristensen
e13d53f001 support pino logging calls on request objects 2021-07-13 14:32:50 +02:00
Erik Krogh Kristensen
cce15bed1d add basic support for the pino library 2021-07-13 14:00:01 +02:00
Erik Krogh Kristensen
1792c9a611 add taint step through the prettyjson library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
fa02651542 add taint step through the strip-ansi library 2021-06-23 09:13:03 +02:00
Erik Krogh Kristensen
fe76341820 add taint step through the chalk library 2021-06-23 09:12:48 +02:00
Erik Krogh Kristensen
053d9b5564 add taint step through the kleur library 2021-06-23 09:12:25 +02:00
Erik Krogh Kristensen
6e2b92468f add taint step through the slice-ansi library 2021-06-22 23:14:14 +02:00
Erik Krogh Kristensen
35c513d38a add taint step through the cli-color library 2021-06-22 23:10:40 +02:00
Erik Krogh Kristensen
ec9c885908 add taint step through the cli-highlight library 2021-06-22 23:06:50 +02:00
Erik Krogh Kristensen
d114cdc6e5 add taint step through the colorette library 2021-06-22 23:02:01 +02:00
Erik Krogh Kristensen
e4427bb34a add taint step through the wrap-ansi library 2021-06-22 22:59:03 +02:00
Erik Krogh Kristensen
626a653401 add taint step through the colors library 2021-06-22 22:55:15 +02:00
Erik Krogh Kristensen
a21ebbbe8f add taint step through the ansi-colors library 2021-06-22 22:47:58 +02:00
Erik Krogh Kristensen
9a31ed13ac add test case 2020-12-01 09:18:40 +01:00