hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,010 Commits 1,672 Branches 157 Tags
updateExterns
Commit Graph

174 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
3bad75dae5 better support for forms in js/xss-through-dom 2020-12-03 16:57:41 +01:00
Erik Krogh Kristensen
49be7e959f Merge branch 'main' into jwt 2020-11-12 21:36:09 +01:00
Erik Krogh Kristensen
e75259d3a6 model the verify function in jsonwebtoken 2020-11-10 10:41:39 +01:00
Erik Krogh Kristensen
6732493377 add model for jwt-decode 2020-11-10 10:41:36 +01:00
Asger Feldthaus
24714c41be JS: Update test output after rebase 2020-11-06 09:14:03 +00:00
Asger Feldthaus
7bf21d80b2 JS: Shift line numbers in test file 2020-11-06 09:13:52 +00:00
Asger Feldthaus
9418c6c8fe JS: Add support for dateformat package 2020-11-06 09:13:52 +00:00
Asger Feldthaus
790526b529 JS: Some fixes and address review comments 2020-11-06 09:06:20 +00:00
Asger Feldthaus
8a3fba05e9 JS: Add steps through date-formatting functions 2020-11-06 09:06:18 +00:00
Erik Krogh Kristensen
e124ba66b4 moving jsdom sink to js/xss 2020-11-05 16:10:33 +01:00
CodeQL CI
4a59e69722 Merge pull request #4564 from asgerf/js/react-hooks 
Approved by esbena
 2020-10-30 21:00:31 +00:00
Asger Feldthaus
469767d279 JS: Fix test output 2020-10-28 17:00:05 +00:00
Asger Feldthaus
f99db23e7b JS: Add test and fix for contextType 2020-10-28 16:23:36 +00:00
Asger Feldthaus
3d86e855f3 JS: Add model of classnames and clsx 2020-10-28 13:56:35 +00:00
Asger Feldthaus
d116b424f4 JS: Add model of react hooks and react-router 2020-10-28 11:57:11 +00:00
Asger Feldthaus
8779b7c1ce JS: Update expected output after rebase 2020-10-20 11:10:30 +01:00
Asger Feldthaus
28a73c1e18 JS: Add test case 2020-10-20 10:53:15 +01:00
Asger Feldthaus
6aac353777 JS: Update test output 2020-10-20 10:53:12 +01:00
Asger Feldthaus
50a015c73e JS: Move $() sink into separate dataflow config 2020-10-20 10:52:33 +01:00
Asger Feldthaus
4137d3f971 JS: Split CWE-079 tests into their own folders 2020-10-16 17:32:36 +01:00
Asger Feldthaus
4337c5adaf JS: Workaround ascii PR check 2020-10-16 07:12:29 +01:00
Asger Feldthaus
afd82e202d JS: Add Angular2 model 2020-10-16 07:12:29 +01:00
Erik Krogh Kristensen
fd05156298 clarifying comment on the last jQuery inconsistency 2020-09-04 10:30:42 +02:00
Erik Krogh Kristensen
b18f51806c regain the lost property presence result 2020-09-04 10:30:38 +02:00
Erik Krogh Kristensen
6fccf5aa70 use isLikelyIntentionalHtmlSink in the sink instead of in the where clause 2020-09-04 09:26:03 +02:00
Erik Krogh Kristensen
3952553953 adjust comment about inconsistency for XSS in typeahead 2020-09-03 10:50:40 +02:00
CodeQL CI
a4f8b19ae4 Merge pull request #3876 from erik-krogh/CWE078-Correctness 
Approved by esbena
 2020-08-03 15:38:51 +01:00
Erik Krogh Kristensen
442ee8d1cc add consistency-checking for CWE-089 2020-07-06 19:02:50 +02:00
Erik Krogh Kristensen
2a8b37e004 update consistency comments in unsafe-jquery-plugin.js 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-07-06 14:15:23 +02:00
Erik Krogh Kristensen
c986f3bb7c add consistency checking for CWE-079 2020-07-06 13:42:35 +02:00
Erik Krogh Kristensen
261821b32c Merge remote-tracking branch 'upstream/master' into queryStuff 2020-07-02 16:08:05 +02:00
Erik Krogh Kristensen
bace2994c3 add test for type-tracking req.params 2020-07-01 11:38:54 +02:00
Asger Feldthaus
03c91a66c5 JS: Update expected output 2020-06-29 07:52:25 +01:00
Asger Feldthaus
9ca25d5bef JS: Support .hash extraction via a few more methods 2020-06-28 01:38:59 +01:00
Asger Feldthaus
19db418395 JS: Add missing store step in Xss query 2020-06-28 01:26:11 +01:00
Erik Krogh Kristensen
cc2e61531e update expected output 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
6bc821b1ab add tests for dominating writes 2020-06-25 23:00:52 +02:00
Asger Feldthaus
b867512db4 JS: Update test 2020-06-25 11:01:10 +01:00
semmle-qlci
0d61443915 Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing 
Approved by erik-krogh
 2020-06-23 13:01:41 +01:00
Asger Feldthaus
1edb2a1892 JS: Rephrase XSS queries that use exception/dom text as source 2020-06-22 10:44:46 +01:00
Asger Feldthaus
4bb2e8b637 JS: Update test externs and include array indices 2020-06-11 09:53:55 +01:00
semmle-qlci
70131e6ac8 Merge pull request #3598 from asger-semmle/js/regexp-test 
Approved by esbena
 2020-06-04 09:05:21 +01:00
Asger Feldthaus
945db4d86c JS: Fix test output 2020-06-02 16:38:21 +01:00
Esben Sparre Andreasen
f9ed64fc45 Merge branch 'master' into js/membershiptest 2020-06-02 08:54:44 +02:00
Asger Feldthaus
707b0f33a0 JS: Use in ContainsHTMLGuard 2020-06-01 12:06:40 +01:00
Erik Krogh Kristensen
5bb308dc8f sanitize variables used in an HTML escaping switch-case 2020-05-28 12:37:41 +02:00
Erik Krogh Kristensen
1a2db10a90 recognize barrier guard where the result is stored in a variable 2020-05-28 10:24:42 +02:00
Erik Krogh Kristensen
562a38cdd5 add ContainsHTMLGuard 2020-05-28 10:24:42 +02:00
Erik Krogh Kristensen
33da82d884 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566 2020-05-27 12:21:14 +00:00
Erik Krogh Kristensen
319363f56c update expected output 2020-05-26 18:47:37 +02:00