hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,672 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

3044 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
291134be66 add failing test 2020-05-04 09:48:29 +02:00
Erik Krogh Kristensen
efbd74a4a4 remove more spurious jQuery objects by using externs 2020-05-01 18:54:32 +02:00
Erik Krogh Kristensen
87365357ba remove spurious jQuery objects 2020-05-01 15:19:54 +02:00
semmle-qlci
2b055de4d6 Merge pull request #3154 from erik-krogh/ImplicitConv 
Approved by asgerf
 2020-04-29 16:05:19 +01:00
Esben Sparre Andreasen
04b5a794f1 Merge pull request #3313 from esbena/js/typical-bad-sanitizer 
New query: Incomplete HTML attribute sanitization
 2020-04-27 14:31:13 +02:00
semmle-qlci
cbe417f5eb Merge pull request #3336 from erik-krogh/MoarJQuery 
Approved by esbena
 2020-04-25 15:17:55 +01:00
semmle-qlci
28cfe548d5 Merge pull request #3325 from erik-krogh/MoreEventClasses 
Approved by asgerf
 2020-04-24 09:02:27 +01:00
Esben Sparre Andreasen
89613dbd23 JS: add query for incomplete HTML attribute sanitization 2020-04-24 09:17:46 +02:00
Jonas Jensen
d98e956c2b Merge pull request #3322 from felicitymay/merge-124-master 
Merge rc/1.24 into master
 2020-04-24 08:48:54 +02:00
Erik Krogh Kristensen
ee43db1b58 slightly expand the $().each model 2020-04-23 16:49:47 +02:00
Erik Krogh Kristensen
448ed150df allow the empty string to flow to a JQuery XSS sink 2020-04-23 16:45:37 +02:00
Erik Krogh Kristensen
ce106981b3 add tests 2020-04-23 14:24:33 +02:00
semmle-qlci
36b28386f8 Merge pull request #3332 from erik-krogh/JGrowl 
Approved by esbena
 2020-04-23 13:06:00 +01:00
semmle-qlci
801ce89c67 Merge pull request #3099 from esbena/js/introduce-poi-utility 
Approved by erik-krogh
 2020-04-23 12:14:00 +01:00
Erik Krogh Kristensen
d8c498bd15 add NOT OK comment 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 12:17:25 +02:00
Erik Krogh Kristensen
e1423b0fa5 add test for jGrowl 2020-04-23 11:58:06 +02:00
semmle-qlci
da3292606c Merge pull request #3191 from erik-krogh/XssDom 
Approved by esbena, mchammer01
 2020-04-23 09:17:07 +01:00
Erik Krogh Kristensen
6ada588dd1 add support for util.inherits 2020-04-22 22:55:12 +02:00
Erik Krogh Kristensen
957e4073b0 use getABoundCallbackParameter in SocketIO 2020-04-22 21:56:34 +02:00
Erik Krogh Kristensen
40822e10b4 add SocketIO test case 2020-04-22 21:55:20 +02:00
Felicity Chapman
89bf35cd43 Merge branch 'rc/1.24' into merge-124-master 
Conflicts:
	change-notes/1.24/analysis-javascript.md
    Resolved in favor of the rc/1.24 branch
 2020-04-22 19:01:47 +01:00
Esben Sparre Andreasen
a0e6562208 JS: address review feedback 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
2747e2a0c7 JS: formatting 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
2186ca7efc JS: address non-semantic review feedback 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
27e5fce0ed JS: make the default PoIConfiguration/enabled inclusive 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
3b45bcd285 JS: remove the standard PoI configurations 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
dd6378f1d0 JS: address PoI review comments 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
a386d2dcee JS: add missing expected output 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
607d46e2f9 JS: improve PoI tests 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
e4ea089a0b JS: add experimental PoI module 2020-04-22 14:24:34 +02:00
Erik Krogh Kristensen
ac26741816 reuse existing SanitizerGuard from UnsafeJQueryPlugin 2020-04-22 14:16:15 +02:00
Erik Krogh Kristensen
8811455d49 Merge remote-tracking branch 'upstream/master' into XssDom 2020-04-22 10:20:40 +02:00
semmle-qlci
2fb711e460 Merge pull request #3169 from erik-krogh/Maps 
Approved by asgerf, esbena
 2020-04-21 12:12:06 +01:00
Erik Krogh Kristensen
59b94b3d1b revert back to having 2 separate cases in JQuery::MethodCall 2020-04-21 13:08:06 +02:00
semmle-qlci
53abf83229 Merge pull request #3304 from asger-semmle/js/typescript-unary-type-expr 
Approved by erik-krogh
 2020-04-21 10:38:59 +01:00
Asger Feldthaus
883846dfb6 JS: Fix extraction of negative number literal types 2020-04-20 16:17:15 +01:00
Asger Feldthaus
4fc79e38ec JS: Also fix typo in test case 2020-04-20 15:24:51 +01:00
Erik Krogh Kristensen
12f4ce8111 merge two cases of jQuery method calls 2020-04-20 13:28:55 +02:00
Erik Krogh Kristensen
8b254f7b49 Merge remote-tracking branch 'upstream/master' into Maps 2020-04-20 13:00:39 +02:00
Erik Krogh Kristensen
2632699397 Merge branch 'master' of git.semmle.com:Semmle/ql into Mispelled 2020-04-18 17:58:57 +02:00
Erik Krogh Kristensen
427c32f211 report a local variable as the misspelling if there any many occourances of the global 2020-04-17 11:25:23 +02:00
Erik Krogh Kristensen
14b551f887 Xss through DOM 2020-04-17 10:54:14 +02:00
Erik Krogh Kristensen
eca98b42d2 basic support for util.promisify for NodeJSFileSystemAccess 2020-04-17 09:54:37 +02:00
Erik Krogh Kristensen
69a16af152 Merge branch 'master' into Maps 2020-04-15 20:41:22 +02:00
Erik Krogh Kristensen
e8dc77d508 add support for util.promisify with child_process calls 2020-04-15 19:16:30 +02:00
Asger F
34d40b5035 Merge pull request #3237 from asger-semmle/js/sparse-capture 
JS: Add CapturedVariableNode to avoid N^2 edges
 2020-04-15 10:42:48 +01:00
Asger Feldthaus
3515a2b412 JS: Update test output 2020-04-14 10:31:31 +01:00
Pavel Avgustinov
6737e99d65 Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
Asger Feldthaus
c070416fbe JS: Update test output 2020-04-09 12:24:11 +01:00
semmle-qlci
404f7225a1 Merge pull request #3196 from asger-semmle/js/unnecessary-source-node-range 
Approved by esbena
 2020-04-08 18:44:02 +01:00