codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	78371894f4	update import after rebasing on main	2021-10-27 20:47:06 +02:00
Erik Krogh Kristensen	a9a9e34265	recognize delete expresssions as a sink for js/prototype-polluting-assignment	2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen	1243c736dd	use ConcatenationNode::isCoercion	2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen	2dedfb302a	remove paths without unmatched returns from `js/prototype-polluting-assignment`	2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen	0c9c9bbde7	detect library input when the arguments object is converted to an array	2021-10-27 20:37:41 +02:00
Erik Krogh Kristensen	fa9e9dd847	split out predicates in `ClassifyFiles` to avoid unnecessary computations	2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen	3d124cf95e	add change-note	2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen	d1238dfd8b	update alert message to distinguish between library input and remote flow	2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen	6e183af383	ignore test files for the `prototypeLessObject' predicate	2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen	e94b0f5913	recognize inclusion based sanitizers for `js/prototype-polluting-assignment`	2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen	2a808b2cd6	track taint through string coercions for `js/prototype-polluting-assignment`	2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen	2d65aa17db	recognize exported functions that use the `arguments` object	2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen	78774233c7	add library input as source to `js/prototype-polluting-assignment`	2021-10-27 20:35:36 +02:00
Erik Krogh Kristensen	0372ccce02	simplify regexp Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-10-27 20:04:24 +02:00
Erik Krogh Kristensen	af64b319ee	update documentation strings Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-10-27 19:54:52 +02:00
Erik Krogh Kristensen	71cca6d644	Merge branch 'main' into ldap	2021-10-27 19:06:06 +02:00
Erik Krogh Kristensen	2e912ee28e	rename LDAP to Ldap	2021-10-27 19:05:56 +02:00
Erik Krogh Kristensen	c1ab49fe8a	rename LDapFilterStep to TaintPreservingLDapFilterStep	2021-10-27 19:05:00 +02:00
Erik Krogh Kristensen	44afa34e37	Merge branch 'main' of github.com:github/codeql into htmlReg	2021-10-26 14:46:27 +02:00
CodeQL CI	e5e1046c81	Merge pull request #6962 from asgerf/js/template-db-constraint-err Approved by erik-krogh	2021-10-26 13:43:57 +01:00
Erik Krogh Kristensen	8ba545999e	add change-note	2021-10-26 14:13:56 +02:00
Anders Schack-Mulligen	90bebaa5a9	Merge pull request #6960 from erik-krogh/useSetLiteral use set literal instead of big disjunction of literals	2021-10-26 14:06:05 +02:00
Erik Krogh Kristensen	090fb2df10	Merge pull request #6857 from erik-krogh/fixPipes JS: skip pipes and other special files when determining which files to extract	2021-10-26 13:59:40 +02:00
Erik Krogh Kristensen	9c8a51bca6	cache `SensitiveExpr`	2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen	038438edca	assume that setting the secure/httpOnly flag to some unknown value is good	2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen	5228196f79	fix typos and update docs	2021-10-26 13:47:21 +02:00
Erik Krogh Kristensen	311df4d2b7	add test for the `cookie` npm package	2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen	92d59aa11c	refactor most of the `isSensitive` predicates into a common helper predicate	2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen	834d5ec6ad	add session{key,id} as sensitive info	2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen	1e1e549847	update tests so it's clear which cookies are insecure	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	283b8231cb	add more cookie models	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	2cb3d2c53f	documentation overhaul on client-exposed-cookie (and restricting it to server-side)	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	ab23ffff3d	documentation overhaul for clear-text-cookie	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	f36accf3e6	only report clear-text cookies for sensitive cookies	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	53b4337795	combine test files	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	9193984f1b	delete the experimental query library for cookie queries	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	6858acc6a9	port experimental cookie models to non-experimental	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	26a24a3895	prepare move to non-experimental	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	44db920f10	refactor, cleanup, and improvements in experimental cookie queries	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	a3c55c2aec	use set literal instead of big disjunction of literals	2021-10-26 12:55:25 +02:00
Erik Krogh Kristensen	dbd1148bd6	apply range pattern patch to javascript	2021-10-25 19:38:00 +02:00
Henry Mercer	7e0e35f364	Rename ATM query pack for consistency with other packs	2021-10-25 17:32:25 +01:00
CodeQL CI	b5554da496	Merge pull request #6924 from asgerf/js/skip-files-with-unsupported-encoding Approved by esbena	2021-10-25 14:48:38 +01:00
Asger Feldthaus	bfb1da55d6	JS: Bump extractor version string	2021-10-25 11:49:56 +02:00
Asger Feldthaus	f3e2b0b946	JS: Avoid using non-existent attribute as parent	2021-10-25 11:49:56 +02:00
Asger Feldthaus	ac62379b17	JS: Add TRAP test	2021-10-25 11:49:39 +02:00
Henry Mercer	02b1fe27d2	Merge pull request #6907 from github/henrymercer/add-experimental-atm-libraries JS: [Internal only] Add experimental libraries and queries for adaptive threat modeling	2021-10-22 11:02:09 +01:00
Asger Feldthaus	fa0ce5380b	JS: Skip files with unsupported file encoding	2021-10-20 12:16:50 +02:00
Henry Mercer	548a344d34	JS: Implement suggestions from review Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>	2021-10-19 12:00:40 +01:00
Henry Mercer	4d7a8285ad	JS: Initial commit of Adaptive Threat Modeling	2021-10-18 17:24:24 +01:00

... 2 3 4 5 6 ...

6774 Commits