hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,671 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

6853 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
ab53f3b380 add array.filter() as a taint-step 2021-05-05 12:03:14 +02:00
Erik Krogh Kristensen
e333267e69 require that the factory function is in a main module file 2021-05-05 12:00:38 +02:00
Erik Krogh Kristensen
fc3f5adbbb more source code examples in PackageExports.qll 2021-05-05 11:48:41 +02:00
Erik Krogh Kristensen
28eef264e5 recognize the define(..) call in PackageExports.qll 2021-05-05 11:23:25 +02:00
Erik Krogh Kristensen
3ca670146e remove outdated comment 2021-05-05 11:10:45 +02:00
Rasmus Wriedt Larsen
dc4a0c1d38 Python/JS: Fix typo 2021-05-05 10:13:54 +02:00
CodeQL CI
b160badbf6 Merge pull request #5768 from erik-krogh/cacheMore 
Approved by esbena
 2021-05-04 04:16:15 -07:00
Erik Krogh Kristensen
aaf754ebf5 recognize more library input 2021-05-04 10:06:14 +02:00
CodeQL CI
6931d9a6f7 Merge pull request #5785 from edvraa/httponlyjs 
Approved by esbena
 2021-05-03 23:14:26 -07:00
edvraa
6fa2f1e653 update test message 2021-05-04 00:32:01 +03:00
Edwin
27c680e28b Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-03 16:41:09 +03:00
edvraa
cef845ac47 Support string expressions 2021-05-03 13:46:56 +03:00
edvraa
ea38f0d3bd a new test for simple flow 2021-05-03 12:19:05 +03:00
edvraa
000826af11 typo 2021-05-03 12:18:43 +03:00
edvraa
65183cde80 Move to experimental 2021-05-03 09:59:52 +03:00
edvraa
bd99114cd6 Comments added 2021-05-03 09:55:04 +03:00
edvraa
a24c1c8114 fix comment 2021-05-03 00:36:38 +03:00
edvraa
fa94fedfc3 simple dataflow for sensitive name 2021-05-03 00:36:26 +03:00
edvraa
97bc7e38d2 check for sensitive property name 2021-05-03 00:31:29 +03:00
edvraa
7ab91bb185 Inline getOptionsArgument 2021-05-03 00:09:15 +03:00
Rasmus Wriedt Larsen
af0723c185 Merge pull request #5656 from asgerf/js/files-diagnostics 
JS: Add file diagnostics queries
 2021-04-29 11:53:11 +02:00
CodeQL CI
3240536d0e Merge pull request #5798 from erik-krogh/trackLoc 
Approved by esbena
 2021-04-29 00:45:21 -07:00
Erik Krogh Kristensen
dfd63e5d5a track window object to where .location is read 2021-04-28 18:52:00 +02:00
Erik Krogh Kristensen
902a4368a1 assume that all pipe elements that return something, return outputs 2021-04-28 12:36:07 +02:00
Erik Krogh Kristensen
2f14a6218a generalize RxJS pipes 2021-04-28 12:26:02 +02:00
Rasmus Wriedt Larsen
8b9c5f8228 Python/JS: Remove "Only added to aid with internal rewrite" 2021-04-28 11:50:06 +02:00
Erik Krogh Kristensen
d5450f1df6 use isWildcardLike in MetacharEscapeSanitizer 2021-04-28 11:46:50 +02:00
Erik Krogh Kristensen
d07c71c99d unlimited repetition of a wildcard is also a wildcard 2021-04-28 11:46:35 +02:00
Erik Krogh Kristensen
160fa148f1 move InfiniteRepetitionQuantifier to Regexp.qll 2021-04-28 11:39:28 +02:00
Erik Krogh Kristensen
e60628d463 add global replacements using inverted char classes as a sanitizer for DOM based XSS 2021-04-28 11:29:30 +02:00
CodeQL CI
2b9fb79b1d Merge pull request #5786 from erik-krogh/anser 
Approved by esbena
 2021-04-27 14:40:48 -07:00
Erik Krogh Kristensen
9178f4b1c5 add support for the anser library 2021-04-27 15:57:17 +02:00
edvraa
3aec9c1a41 Cookies without HttpOnly 2021-04-27 16:28:32 +03:00
Erik Krogh Kristensen
4e8ae77b6f cache more predicates 2021-04-26 08:57:20 +02:00
Chris Smowton
78b9682a4e Fix dead links in JS externs too 2021-04-23 15:46:48 +01:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Asger Feldthaus
71e3041370 JS: Fewer spurious reflected xss sinks 2021-04-23 13:15:35 +01:00
Asger Feldthaus
4f53a1ab40 JS: Cache ClassNode::Range 2021-04-23 13:15:35 +01:00
Asger Feldthaus
d0b8b32345 JS: Add change notes 2021-04-23 13:15:35 +01:00
Asger Feldthaus
671e968936 JS: Model NestJS 2021-04-23 13:15:35 +01:00
Asger Feldthaus
109d1ad27f JS: Model fs.promises 2021-04-23 11:59:48 +01:00
Asger Feldthaus
822d4525af JS: Drive-by change in LogInjection 2021-04-23 11:59:48 +01:00
Asger Feldthaus
ad12f383d9 JS: Reduce reliance on RouteHandler in Express model 2021-04-23 11:59:48 +01:00
CodeQL CI
635fb4c25a Merge pull request #5685 from erik-krogh/markdownIt 
Approved by asgerf
 2021-04-22 14:55:31 -07:00
CodeQL CI
bdb41423e2 Merge pull request #5748 from asgerf/js/rate-limiting-fixes 
Approved by erik-krogh
 2021-04-22 05:56:50 -07:00
Asger Feldthaus
fe8deeaf6b JS: Autoformat 2021-04-21 23:13:57 +01:00
Asger Feldthaus
e98bfe921e JS: QLDoc 2021-04-21 22:14:50 +01:00
Asger Feldthaus
bb7934b381 JS: Change note 2021-04-21 21:20:12 +01:00
Asger Feldthaus
c113cfd8b7 JS: Autoformat 2021-04-21 21:13:07 +01:00
Asger Feldthaus
2c9a6e7bef JS: Cache function-wrapping steps in type-tracking stage 2021-04-21 13:45:58 +01:00