codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Max Schaefer	ecab17a626	JavaScript: Teach API graphs to handle `promisify`. Following a suggestion by Asger, we track use nodes through calls to `promisify`. When we see a call to a promisified function, we introduce a new synthetic API-graph node representing the callback argument synthesised by the promisification, and track the result of the call to an `await` (or other promise resolution), which is then considered to be a use of the first parameter of the synthetic callback (the zeroth parameter being an error code, which we do not model yet).	2021-01-11 13:53:46 +00:00
Esben Sparre Andreasen	2dbd762bd9	JS: reintroduce reverted js/server-crash This reverts commit `0a8d15ccc4`.	2021-01-11 14:13:41 +01:00
Esben Sparre Andreasen	580a24e982	JS: rewrite js/incomplete-multi-character-sanitization	2021-01-11 11:26:45 +01:00
CodeQL CI	807fc94627	Merge pull request #4921 from erik-krogh/moreShellSan Approved by esbena	2021-01-08 00:58:26 -08:00
CodeQL CI	c193d9f375	Merge pull request #4823 from erik-krogh/furtherReDoS Approved by esbena	2021-01-07 05:24:07 -08:00
Erik Krogh Kristensen	2aa59a3f8b	support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input	2021-01-07 13:58:25 +01:00
Erik Krogh Kristensen	bfd8d1b1e9	Merge branch 'main' into revertSum	2021-01-06 23:04:08 +01:00
CodeQL CI	9d4cd0aa85	Merge pull request #4862 from erik-krogh/shellSanitizer Approved by esbena	2021-01-06 11:16:12 -08:00
Erik Krogh Kristensen	f1cee70e82	add class-field flowstep to js/shell-command-constructed-from-input	2021-01-06 14:37:00 +01:00
Erik Krogh Kristensen	3d98732136	support nested stars in js/ReDoS	2021-01-06 10:37:35 +01:00
Erik Krogh Kristensen	77967c3e63	undo unsound optimization in js/ReDoS	2021-01-06 10:36:21 +01:00
Erik Krogh Kristensen	b42aac17d5	add more tests for js/ReDoS	2021-01-06 10:34:06 +01:00
CodeQL CI	a5e28ac6d6	Merge pull request #4847 from erik-krogh/afterReDoS Approved by esbena	2021-01-05 01:51:27 -08:00
Erik Krogh Kristensen	ce8cc2368b	improve precision of intersect	2021-01-04 11:55:51 +01:00
Erik Krogh Kristensen	530a4aea35	Merge branch 'main' into shellSanitizer	2020-12-22 13:57:15 +01:00
CodeQL CI	2bb96369f1	Merge pull request #4868 from erik-krogh/boundShell Approved by esbena	2020-12-22 03:35:42 -08:00
CodeQL CI	7c6b4d7324	Merge pull request #4865 from esbena/js/fix-execa-model Approved by erik-krogh	2020-12-22 03:32:26 -08:00
Erik Krogh Kristensen	da9a4e5267	add test	2020-12-22 11:22:25 +01:00
Esben Sparre Andreasen	34a09ff522	JS: add js/conditional-bypass example as a test case	2020-12-22 09:34:25 +01:00
Esben Sparre Andreasen	ab4f3ea259	JS: fixup for execa.shell and execa.shellSync models	2020-12-22 09:06:18 +01:00
Esben Sparre Andreasen	ba714a1214	JS: add execa.shell tests	2020-12-22 09:01:43 +01:00
Erik Krogh Kristensen	876ba7ef2d	add typeof sanitizer to js/shell-command-constructed-from-input	2020-12-21 14:16:55 +01:00
Erik Krogh Kristensen	cbad705029	general performance improvements in the ReDoS utility library	2020-12-21 11:49:21 +01:00
Erik Krogh Kristensen	05569187b4	improve performance of suffix checking	2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen	6369374224	implement new algorithm for detecting superlinear backtracking in regular expressions	2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen	7ce91e9146	introduce cannonical representatives of RegExpTerms to decrease the number of InputSymbols in the NFA	2020-12-18 17:21:11 +01:00
Erik Krogh Kristensen	b2116dc5b4	add more tests for polynomial/exponential redos	2020-12-18 13:19:17 +01:00
CodeQL CI	41ef7a3fce	Merge pull request #4733 from erik-krogh/args Approved by esbena	2020-12-16 06:51:26 -08:00
CodeQL CI	287954e0d8	Merge pull request #4686 from erik-krogh/buildFp Approved by esbena	2020-12-16 06:42:41 -08:00
CodeQL CI	9ae8880bd0	Merge pull request #4802 from max-schaefer/js/external-remote-flow-sources Approved by asgerf, jf205	2020-12-16 00:34:40 -08:00
CodeQL CI	66f4120cdd	Merge pull request #4721 from github/nextReDoS Approved by asgerf	2020-12-14 01:48:12 -08:00
Max Schaefer	9f8508fdc7	JavaScript: Allow specifying additional remote flow sources through JSON.	2020-12-12 11:42:55 +00:00
CodeQL CI	9ff6d68a9b	Merge pull request #4778 from asgerf/js/more-prototype-pollution Approved by erik-krogh, mchammer01	2020-12-11 13:58:09 -08:00
CodeQL CI	8129d0c0ac	Merge pull request #4762 from asgerf/js/template-sinks-in-code-injection Approved by erik-krogh, mchammer01	2020-12-07 04:35:11 -08:00
Asger Feldthaus	254ac7f963	JS: Fix TypeofCheck	2020-12-07 10:46:00 +00:00
Asger Feldthaus	0496642b0b	JS: Add test for captured flow into callback	2020-12-07 10:34:27 +00:00
Asger Feldthaus	f132b4a279	JS: Add type confusion sink for prototype pollution checks	2020-12-07 10:16:38 +00:00
Asger Feldthaus	daab3c1437	JS: Add tests and fix some bugs	2020-12-07 10:16:38 +00:00
Asger Feldthaus	0a7513fdfb	JS: Move and rename test cases as well	2020-12-07 10:16:38 +00:00
CodeQL CI	0f5f0ed99e	Merge pull request #4776 from asgerf/js/electron-openshell Approved by erik-krogh	2020-12-04 09:12:44 +00:00
Erik Krogh Kristensen	cc98c41dd6	revert marking repetitions with possibly empty body as forks	2020-12-03 20:08:07 +01:00
Erik Krogh Kristensen	47488f86b5	update test	2020-12-03 16:58:08 +01:00
Erik Krogh Kristensen	3bad75dae5	better support for forms in js/xss-through-dom	2020-12-03 16:57:41 +01:00
Asger Feldthaus	20d9848f07	JS: Add test case	2020-12-03 15:08:43 +00:00
Asger Feldthaus	68d2bc861d	JS: Update test expectations	2020-12-03 15:01:50 +00:00
Asger Feldthaus	3b3052d792	JS: Autoformat	2020-12-03 13:58:39 +00:00
Asger Feldthaus	5676891e44	JS: Add TemplateLiteralTypeExpr	2020-12-03 13:58:39 +00:00
CodeQL CI	edbbc846d0	Merge pull request #4753 from max-schaefer/js/more-nosql-query-args Approved by asgerf, mchammer01	2020-12-03 08:46:47 +00:00
Asger Feldthaus	6211fe718b	JS: Add test	2020-12-01 17:05:48 +00:00
Erik Krogh Kristensen	9a31ed13ac	add test case	2020-12-01 09:18:40 +01:00

... 12 13 14 15 16 ...

3044 Commits