6853 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	1df8ec2cae	add insufficient key size model for node-forge	2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen	62039b866c	add cryptographic key model to the crypto-js library	2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen	028799deb6	implement a simple InsufficientKeySize query	2021-11-02 14:45:30 +01:00
Erik Krogh Kristensen	7a9315f146	use set literal	2021-11-02 14:45:14 +01:00
Asger Feldthaus	971f032b5f	JS: Autoformat	2021-11-02 14:12:05 +01:00
Asger Feldthaus	46bd3e58a3	JS: Switch to instanceof base type	2021-11-02 14:12:05 +01:00
Asger Feldthaus	5f4c1dd19b	JS: Support regexp-based path traversal check	2021-11-02 14:12:05 +01:00
Asger Feldthaus	83edcf515b	JS: Add test for regexp-based sanitizer	2021-11-02 14:12:04 +01:00
Erik Krogh Kristensen	54fba2d6a1	Merge pull request #6781 from erik-krogh/ldap ... JS: Move LDAP injection out of experimental	2021-11-02 13:35:32 +01:00
Ian Wright	6fa9413f8b	more efficient implementation of calleeApiName	2021-11-02 12:05:33 +00:00
Erik Krogh Kristensen	f7f315adbb	Merge pull request #7022 from erik-krogh/cwe319 ... JS: add cwe-319 to js/clear-text-cookie	2021-11-02 12:47:53 +01:00
Erik Krogh Kristensen	7a96b8e9e1	Merge branch 'main' into ldap	2021-11-02 12:47:28 +01:00
CodeQL CI	d5e2026a26	Merge pull request #6934 from erik-krogh/more-instanceof ... Approved by MathiasVP, esbena, yoff	2021-11-02 03:46:23 -07:00
CodeQL CI	5d62aa5b29	Merge pull request #6994 from erik-krogh/redundant-cast ... Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe	2021-11-02 03:45:48 -07:00
Erik Krogh Kristensen	41e7dea943	add cwe-319 "Cleartext Transmission of Sensitive Information" to js/clear-text-cookie	2021-11-02 11:11:38 +01:00
CodeQL CI	dde493259a	Merge pull request #7003 from asgerf/js/mixed-this-fp ... Approved by erik-krogh	2021-11-01 09:13:21 +00:00
Erik Krogh Kristensen	db40ccae81	add explicit this to all member calls	2021-11-01 09:51:15 +01:00
Erik Krogh Kristensen	d36c66cfca	remove redundant inline casts in arguments where the type is inferred by the call target	2021-10-29 14:37:56 +02:00
Asger Feldthaus	d52b2bd863	JS: Fix FP in ˚MixedStaticInstanceThisAccess	2021-10-29 14:16:54 +02:00
Asger Feldthaus	afa6424d67	JS: Add test with FP	2021-10-29 14:16:54 +02:00
Max Schaefer	bc91f664ac	JavaScript: Teach API graphs to handle some forms of property copying. ... In particular, copied promises are now handled better.	2021-10-29 11:19:54 +01:00
Erik Krogh Kristensen	6fffdf6101	Merge pull request #6855 from erik-krogh/secCookie ... JS: Move cookie queries out of experimental.	2021-10-29 10:23:48 +02:00
Erik Krogh Kristensen	cfc5629435	apply all doc fixes ... Co-authored-by: hubwriter <hubwriter@github.com>	2021-10-28 18:19:37 +02:00
Erik Krogh Kristensen	15c90adec5	remove redundant cast where the type is enforced by an equality comparison	2021-10-28 18:08:20 +02:00
Erik Krogh Kristensen	e75448ebb0	remove redundant inline casts	2021-10-28 16:35:53 +02:00
Erik Krogh Kristensen	c34b089bc5	autoformat	2021-10-28 16:02:36 +02:00
Erik Krogh Kristensen	4f6e5c903b	filter out writes to number indexes	2021-10-28 14:27:07 +02:00
Erik Krogh Kristensen	12305aae42	extract regexp literals from string concatenations	2021-10-28 10:44:33 +02:00
Erik Krogh Kristensen	96b6f670d9	filter away paths that start with libary inputs and end with a fixed-property write	2021-10-27 21:01:11 +02:00
Erik Krogh Kristensen	78371894f4	update import after rebasing on main	2021-10-27 20:47:06 +02:00
Erik Krogh Kristensen	a9a9e34265	recognize delete expresssions as a sink for js/prototype-polluting-assignment	2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen	1243c736dd	use ConcatenationNode::isCoercion	2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen	2dedfb302a	remove paths without unmatched returns from js/prototype-polluting-assignment	2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen	0c9c9bbde7	detect library input when the arguments object is converted to an array	2021-10-27 20:37:41 +02:00
Erik Krogh Kristensen	fa9e9dd847	split out predicates in ClassifyFiles to avoid unnecessary computations	2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen	3d124cf95e	add change-note	2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen	d1238dfd8b	update alert message to distinguish between library input and remote flow	2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen	6e183af383	ignore test files for the `prototypeLessObject' predicate	2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen	e94b0f5913	recognize inclusion based sanitizers for js/prototype-polluting-assignment	2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen	2a808b2cd6	track taint through string coercions for js/prototype-polluting-assignment	2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen	2d65aa17db	recognize exported functions that use the arguments object	2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen	78774233c7	add library input as source to js/prototype-polluting-assignment	2021-10-27 20:35:36 +02:00
Erik Krogh Kristensen	0372ccce02	simplify regexp ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-10-27 20:04:24 +02:00
Erik Krogh Kristensen	af64b319ee	update documentation strings ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-10-27 19:54:52 +02:00
Erik Krogh Kristensen	71cca6d644	Merge branch 'main' into ldap	2021-10-27 19:06:06 +02:00
Erik Krogh Kristensen	2e912ee28e	rename LDAP to Ldap	2021-10-27 19:05:56 +02:00
Erik Krogh Kristensen	c1ab49fe8a	rename LDapFilterStep to TaintPreservingLDapFilterStep	2021-10-27 19:05:00 +02:00
Erik Krogh Kristensen	44afa34e37	Merge branch 'main' of github.com:github/codeql into htmlReg	2021-10-26 14:46:27 +02:00
CodeQL CI	e5e1046c81	Merge pull request #6962 from asgerf/js/template-db-constraint-err ... Approved by erik-krogh	2021-10-26 13:43:57 +01:00
Erik Krogh Kristensen	8ba545999e	add change-note	2021-10-26 14:13:56 +02:00