hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

2263 Commits

Author SHA1 Message Date
Asger Feldthaus
4c536dde20 JS: Propagate locally returned functions out of calls 2020-06-12 10:07:37 +01:00
Erik Krogh Kristensen
908edb39b9 unsecure -> insecure 2020-06-12 11:02:26 +02:00
Erik Krogh Kristensen
86b23b239e Merge pull request #3656 from erik-krogh/destruct-yargs 
JS: support rest-patterns inside property patterns
 2020-06-12 10:57:24 +02:00
Asger Feldthaus
6531db3cca JS: Add test 2020-06-12 09:56:38 +01:00
Erik Krogh Kristensen
9780fcf8fe fix ftp protocol regexp 2020-06-12 10:54:56 +02:00
Erik Krogh Kristensen
3f957103ed improve alert message - and autoformat 2020-06-12 10:53:19 +02:00
Erik Krogh Kristensen
02c4a0477d add tests for js/build-artifact-leak 2020-06-12 10:21:37 +02:00
Esben Sparre Andreasen
1bdae109c5 Merge pull request #3686 from esbena/js/insecure-http-options 
JS: add query js/disabling-certificate-validation
 2020-06-12 08:40:12 +02:00
semmle-qlci
5c2f1169d0 Merge pull request #3679 from asger-semmle/js/dom-value-ref-restriction 
Approved by erik-krogh, esbena
 2020-06-12 07:39:26 +01:00
Esben Sparre Andreasen
243e3ad9e3 Merge pull request #3672 from esbena/js/server-crashing-route-handler 
JS: add initial version of ServerCrash.ql
 2020-06-12 08:38:37 +02:00
Erik Krogh Kristensen
5b491313ad add simple query for detecting sensitive files downloaded over unsecure connection 2020-06-11 23:19:28 +02:00
Erik Krogh Kristensen
ef72c03ca9 use simpler taint-step for DestructingPattern 2020-06-11 23:16:46 +02:00
Esben Sparre Andreasen
bc7f02156b JS: replace class with two predicates (and improve alert message) 2020-06-11 13:20:46 +02:00
Erik Krogh Kristensen
7c7af8d841 less heuristics when flagging division that is rounded 2020-06-11 12:55:13 +02:00
Esben Sparre Andreasen
2e059376fd JS: add query js/disabling-certificate-validation 2020-06-11 12:32:01 +02:00
Erik Krogh Kristensen
c375a0c611 fix compilation and update expected output 2020-06-11 11:16:38 +02:00
Erik Krogh Kristensen
1124816f73 fixing FPs in js/biased-cryptographic-random 2020-06-11 11:06:02 +02:00
Asger Feldthaus
4bb2e8b637 JS: Update test externs and include array indices 2020-06-11 09:53:55 +01:00
Erik Krogh Kristensen
aa3482cbae improve detection of duplicate results with js/code-injection 2020-06-10 22:58:02 +02:00
Esben Sparre Andreasen
d6ae905eac JS: remove speculative property access sink from js/server-crash 2020-06-10 21:40:12 +02:00
Erik Krogh Kristensen
373a437d71 add query to detect improperly sanitized code 2020-06-10 19:50:12 +02:00
Erik Krogh Kristensen
5c31b94761 autoformat and update expected output 2020-06-10 18:00:56 +02:00
Asger Feldthaus
f23c6030aa JS: Restrict domValueRef to known DOM property names 2020-06-10 15:14:23 +01:00
Asger Feldthaus
bb2b7fb6fb JS: Add test with class stored in global variable 2020-06-10 15:14:23 +01:00
Asger Feldthaus
36c4803694 JS: Add test 2020-06-10 14:08:33 +01:00
semmle-qlci
df79f2adc5 Merge pull request #3655 from asger-semmle/js/string-ops-regexp-test-fix 
Approved by esbena
 2020-06-10 13:35:22 +01:00
Esben Sparre Andreasen
1d396524a3 JS: add initial version of ServerCrash.ql 2020-06-10 14:25:56 +02:00
Erik Krogh Kristensen
c4f61134f1 include the source of cryptographically random number in alert message 2020-06-10 13:32:46 +02:00
Erik Krogh Kristensen
7e8fd80327 use steps from InsecureRandomness, and use small-steps 2020-06-10 12:27:50 +02:00
Erik Krogh Kristensen
9189f23403 add support for secure-random 2020-06-10 10:39:02 +02:00
Erik Krogh Kristensen
16ec405724 add explanations about modulo by power of 2 2020-06-10 10:38:47 +02:00
Erik Krogh Kristensen
111f6d406c introduce query to detect biased random number generators 2020-06-10 10:00:10 +02:00
Erik Krogh Kristensen
b8a9ac39f4 add lValueFlowStep for rest-pattern nested inside a property-pattern (and removed old incorrect approach) 2020-06-09 18:16:00 +02:00
Erik Krogh Kristensen
b6e0e6645f Merge pull request #3645 from erik-krogh/infExposure 
JS: add query to detect accidential leak of private files
 2020-06-09 17:38:31 +02:00
Erik Krogh Kristensen
b510e470b1 support rest-patterns inside property patterns 2020-06-09 13:28:56 +02:00
Erik Krogh Kristensen
b04d7015ae fix test 2020-06-09 11:23:46 +02:00
Asger Feldthaus
0345036420 JS: Fix 'match' call in StringOps::RegExpTest 2020-06-09 10:07:36 +01:00
Esben Sparre Andreasen
2d2468463b JS: initial version of IncompleteMultiCharacterSanitization.ql 2020-06-09 08:59:59 +02:00
Erik Krogh Kristensen
167239e745 add query to detect accidential leak of private files 2020-06-08 23:41:14 +02:00
Erik Krogh Kristensen
0f06f04e32 extend support for yargs for js/indirect-command-line-injection 2020-06-08 16:45:09 +02:00
Asger Feldthaus
53280a6b11 JS: Add test demonstrating new flow 2020-06-08 14:25:21 +01:00
Esben Sparre Andreasen
872ee13ba6 JS: formatting 2020-06-08 10:04:37 +02:00
Esben Sparre Andreasen
fa35a6a694 JS: formatting 2020-06-08 08:13:58 +02:00
semmle-qlci
ff6936caa7 Merge pull request #3625 from erik-krogh/CVE714 
Approved by asgerf
 2020-06-05 12:21:10 +01:00
semmle-qlci
69a1e11c06 Merge pull request #3609 from erik-krogh/CredFN 
Approved by asgerf, esbena
 2020-06-05 10:49:01 +01:00
Erik Krogh Kristensen
f70453c544 autoformat 2020-06-05 10:10:57 +02:00
Erik Krogh Kristensen
815671f5d0 add sanitizer guard for typeof undefined 2020-06-04 21:32:26 +02:00
Erik Krogh Kristensen
5ce2987cb2 adjust comments to reflect that tainted-path have no array-steps 2020-06-04 16:15:37 +02:00
Esben Sparre Andreasen
f618d430e7 JS: simplify HTTP::ContainerCollection, and improve expressivity(!) 2020-06-04 14:34:52 +02:00
Esben Sparre Andreasen
44ebf84f4c JS: more express tests 2020-06-04 14:33:03 +02:00