hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,671 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

247 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
76aca02752 change the pseudo-property on URL to a two-stage process 2020-02-05 10:27:03 +01:00
Erik Krogh Kristensen
8d37c03209 using pseudo-properties to model URL parsing 2020-02-04 16:30:07 +01:00
Esben Sparre Andreasen
c70997febf JS: address review comments for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
2ad9b843ae JS: fix FP for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
cfd567f01d JS: fix FP for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
9e247921fc JS: add FP tests for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
fef918ac13 JS: add query "Unsafe jQuery plugin" 2020-01-31 19:33:04 +01:00
Erik Krogh Kristensen
162c19c348 changes based on review 2020-01-30 14:04:04 +01:00
Erik Krogh Kristensen
6494649125 fix a number of FPs in js/exception-xss 2020-01-20 15:11:57 +01:00
Erik Krogh Kristensen
bf56797ad7 update expected output of tests 2019-12-17 16:27:55 +01:00
Erik Krogh Kristensen
7c931452d9 autoformat 2019-12-16 13:45:42 +01:00
Erik Krogh Kristensen
904976c7ac update tests after removing control-flow checks from error-callbacks 2019-12-16 08:30:21 +01:00
Erik Krogh Kristensen
e164f46330 changes based on review feedback 2019-12-13 11:44:31 +01:00
Erik Krogh Kristensen
f35dc5d274 Merge remote-tracking branch 'upstream/master' into moarExceptions 2019-12-12 16:13:52 +01:00
Erik Krogh Kristensen
08d0cb795b revert the introduction of getEnclosingCall 2019-12-12 15:14:02 +01:00
Erik Krogh Kristensen
62512dd3e9 expand the js/exception-xss to handle more types of exceptional flow 2019-12-11 10:43:50 +01:00
Asger F
2acd616e6f JS: Review comments 2019-12-06 11:53:06 +00:00
Asger F
a6e75259d6 JS: More fine-grained regexp-based sanitizer guards 2019-12-06 11:49:59 +00:00
Erik Krogh Kristensen
ea9d6189de update expected test outpu 2019-12-02 12:52:39 +01:00
Erik Krogh Kristensen
c6c1ebe81a Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-12-02 08:41:49 +01:00
Erik Krogh Kristensen
d212394058 update expected output 2019-11-27 15:21:47 +01:00
Erik Krogh Kristensen
34e44e89fd Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-27 15:19:06 +01:00
Erik Krogh Kristensen
9351cd44e4 Merge remote-tracking branch 'githubsemmle/master' into HEAD 2019-11-27 13:45:59 +01:00
Erik Krogh Kristensen
42fbcbf007 update expected test output 2019-11-27 11:14:04 +01:00
Asger F
605c8834c6 JS: Avoid redundant window.name sources 2019-11-27 06:15:12 +00:00
Erik Krogh Kristensen
7b262fa9cf update expected output 2019-11-26 14:39:09 +01:00
Erik Krogh Kristensen
5a0cabb039 Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-26 14:37:40 +01:00
Erik Krogh Kristensen
4a94c49d37 changes based on review feedback 2019-11-26 13:40:48 +01:00
Erik Krogh Kristensen
f284b3a2bb Merge remote-tracking branch 'upstream/master' into exceptionXss 2019-11-26 10:54:04 +01:00
Erik Krogh Kristensen
c7235bb372 add sources and sinks for typeahead.js 2019-11-25 10:46:54 +01:00
Erik Krogh Kristensen
7d825af9a3 Added an XSS sink for Handlebars.SafeString 2019-11-22 15:56:21 +01:00
Erik Krogh Kristensen
f40d79271d cleanup module imports and update expected outputs 2019-11-22 13:55:47 +01:00
Erik Krogh Kristensen
94e9c0203d add test for exceptional taint-flow 2019-11-21 17:16:13 +01:00
Erik Krogh Kristensen
1ba777a45d remove deep taint of objects 2019-11-19 15:50:50 +01:00
Erik Krogh Kristensen
9fa7393d56 add support for try-statements with no catch block 2019-11-19 13:37:35 +01:00
Erik Krogh Kristensen
91674f681b refactoring to remove duplicated code and simplify the ExceptionXss query 2019-11-19 08:54:51 +01:00
Erik Krogh Kristensen
1b81526691 Merge remote-tracking branch 'upstream/master' into exceptionXss 2019-11-17 09:29:54 +01:00
Erik Krogh Kristensen
4073dfaf24 remove redundant code 2019-11-15 16:17:18 +01:00
Erik Krogh Kristensen
d36312cf9f update expected output 2019-11-15 16:08:13 +01:00
Erik Krogh Kristensen
3edd65f9ab changed the exceptional taint-steps to step through each call-site 2019-11-15 16:05:15 +01:00
Erik Krogh Kristensen
e95cceef1d import all the shared XSS sources and sinks 2019-11-15 15:41:53 +01:00
Erik Krogh Kristensen
65a018ceed use flow labels to avoid dual configurations 2019-11-15 14:37:46 +01:00
Erik Krogh Kristensen
8d2ae136b0 move String.prototype.match taint step to a general AdditionalTaintStep 2019-11-15 12:52:54 +01:00
Erik Krogh Kristensen
7137a64b7d Added query for detecting XSS that happens through an exception 2019-11-14 17:04:00 +01:00
Esben Sparre Andreasen
cc768345d0 JS: add security tests for malicious torrents 2019-11-14 13:54:19 +01:00
semmle-qlci
2a3980222b Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes 
Approved by asger-semmle
 2019-10-31 10:47:30 +00:00
semmle-qlci
a778efe71e Merge pull request #2216 from asger-semmle/xss-encodeURIComponent 
Approved by max-schaefer
 2019-10-30 11:49:31 +00:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00