hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,672 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

6853 Commits

Author SHA1 Message Date
Asger Feldthaus
8848ee2d10 JS: Extract HTML from inline templates 2021-01-18 12:19:08 +00:00
Asger Feldthaus
6bf9345258 JS: Add test for class with locally-unused field 2021-01-18 12:19:08 +00:00
Asger Feldthaus
cc952bd2a4 JS: Reorganize test a bit 2021-01-18 12:19:08 +00:00
Asger Feldthaus
1ab36dc81f JS: Flow through *ngFor loops 2021-01-18 12:19:08 +00:00
Asger Feldthaus
29dd8470d5 JS: Fix offset of *ngFor snippet 2021-01-18 12:18:27 +00:00
Asger Feldthaus
0da207a5f9 JS: Update test with pipes 2021-01-18 12:18:27 +00:00
Asger Feldthaus
d80313be4f JS: Model pipe classes 2021-01-18 12:18:27 +00:00
Asger Feldthaus
debb5691a1 JS: Make PipeRefExpr a SourceNode 2021-01-18 12:18:27 +00:00
Asger Feldthaus
fcb8124376 JS: Expose data flow node for field declaration 2021-01-18 12:18:26 +00:00
Asger Feldthaus
9ee893c9c1 JS: Add data flow steps in Angular2 model 2021-01-18 12:16:13 +00:00
Asger Feldthaus
77fcf3d8a2 JS: Support postfix "!" operator in templates 2021-01-18 12:16:13 +00:00
Asger Feldthaus
c08ba1416d JS: Add new SourceType for angular templates 2021-01-18 12:16:13 +00:00
Asger Feldthaus
b1d45a6773 JS: Mark angular pipe refs as incomplete 2021-01-18 12:16:13 +00:00
Asger Feldthaus
4b5a861ee6 JS: Add TopLevelKind enum 2021-01-18 12:16:13 +00:00
Asger Feldthaus
9b99f56d44 JS: isAngularTemplateAttributeName 2021-01-18 12:16:13 +00:00
Asger Feldthaus
ed27c8b13f JS: Add test and fix bug in pipe parser 2021-01-18 12:16:13 +00:00
Asger Feldthaus
16a2a60b9a JS: Add AngularPipeRef 2021-01-18 12:16:13 +00:00
Asger Feldthaus
928a382ad5 JS: Add parser for angular expressions 2021-01-18 12:16:13 +00:00
Asger Feldthaus
3db6069372 JS: Add test for new sink 2021-01-18 10:55:34 +00:00
Asger Feldthaus
2752b4ba64 JS: Shift line numbers in test 2021-01-18 10:54:39 +00:00
Asger Feldthaus
ff1d0cc4c7 JS: Recognize DomSanitizer from @angular/core 2021-01-18 10:54:27 +00:00
Erik Krogh Kristensen
401e516654 update expected output, and update PackageExports test 2021-01-15 17:40:47 +01:00
Erik Krogh Kristensen
26783b6ab0 make getTopmostPackageJSON public again, and update PackageExports test 2021-01-15 16:05:49 +01:00
Asger Feldthaus
5fa3b17956 JS: Tolerate Angular-specific HTML attribute names 2021-01-15 14:51:10 +00:00
Asger Feldthaus
f33630aab6 JS: Reformat HTMLExtractor 2021-01-15 14:51:10 +00:00
Erik Krogh Kristensen
1506ac09e5 limit the number of characters produced by getAThreewayIntersect 2021-01-15 13:54:16 +01:00
Erik Krogh Kristensen
0117a0fac1 specialize the getAValueExportedBy predicate to only topmost package.jsons 2021-01-15 13:54:16 +01:00
Erik Krogh Kristensen
0c9d46a7f9 changes based on review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-15 13:54:05 +01:00
Erik Krogh Kristensen
c106b09d49 change-note 2021-01-14 14:17:32 +01:00
Erik Krogh Kristensen
c5595f4cbd improve alert message for js/polynomial-redos 2021-01-14 13:48:26 +01:00
Erik Krogh Kristensen
86e33d9d79 select the shortest possible reason 2021-01-14 13:38:37 +01:00
Erik Krogh Kristensen
03d8aeb7b6 refactor PolynomialBackTrackingTerm, to allow getting the pump string and the prefix-message 2021-01-14 13:35:32 +01:00
Erik Krogh Kristensen
a520a51d42 highlight the use of the regular expression, instead of the sink for user input 2021-01-14 11:22:20 +01:00
Erik Krogh Kristensen
e8ea720650 adjust description to not mention user-provided values 2021-01-14 10:36:10 +01:00
CodeQL CI
4229f556cb Merge pull request #4751 from erik-krogh/logInjection 
Approved by asgerf, mchammer01
 2021-01-14 00:32:46 -08:00
Esben Sparre Andreasen
1bc7d68a50 Update javascript/ql/test/query-tests/Security/CWE-730/server-crash.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-13 14:49:42 +01:00
Esben Sparre Andreasen
12b985be87 Update javascript/ql/src/Security/CWE-730/ServerCrash.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-13 14:49:29 +01:00
Erik Krogh Kristensen
c98dacf842 changes based on doc review 2021-01-13 10:38:19 +01:00
Erik Krogh Kristensen
d71adff079 dont sanitize global replacements where the regexp is a char class 2021-01-13 10:12:12 +01:00
Esben Sparre Andreasen
d591c519a8 JS: reformulate js/server-crash as a path problem 2021-01-13 00:08:28 +01:00
Erik Krogh Kristensen
0a17b04650 refactor copy-pasted code into getAnLibraryInputParameter 2021-01-12 20:21:37 +01:00
Erik Krogh Kristensen
eaee5c2d87 add library input as source for js/polynomial-redos 2021-01-12 20:21:33 +01:00
Esben Sparre Andreasen
3c9c79a550 JS: remove flow labels from js/resource-exhaustion 2021-01-12 13:20:20 +01:00
Esben Sparre Andreasen
5965035c09 JS: add query js/resource-exhaustion 2021-01-12 13:20:20 +01:00
CodeQL CI
1c8547c897 Merge pull request #4774 from erik-krogh/forms 
Approved by asgerf
 2021-01-12 02:01:38 -08:00
Esben Sparre Andreasen
847687974f JS: only select non-nullable terms in the broken sanitizer 2021-01-12 08:50:19 +01:00
Esben Sparre Andreasen
40cfbab335 JS: address review feedback 2021-01-12 08:49:08 +01:00
Max Schaefer
f40b406a2d JavaScript: Address review comments. 2021-01-11 13:53:47 +00:00
Max Schaefer
c9132ca6f8 JavaScript: Refactor trackUseNode to avoid bad join order. 2021-01-11 13:53:47 +00:00
Max Schaefer
7a229d9381 JavaScript: Simplify NoSQL framework modelling. 2021-01-11 13:53:47 +00:00