hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,975 Commits 1,741 Branches 165 Tags
0117a0fac1ddd461df76aabc65764a6f04a4b47c
Commit Graph

5245 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
0117a0fac1 specialize the getAValueExportedBy predicate to only topmost package.jsons 2021-01-15 13:54:16 +01:00
Erik Krogh Kristensen
0c9d46a7f9 changes based on review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-15 13:54:05 +01:00
Erik Krogh Kristensen
c106b09d49 change-note 2021-01-14 14:17:32 +01:00
Erik Krogh Kristensen
c5595f4cbd improve alert message for js/polynomial-redos 2021-01-14 13:48:26 +01:00
Erik Krogh Kristensen
86e33d9d79 select the shortest possible reason 2021-01-14 13:38:37 +01:00
Erik Krogh Kristensen
03d8aeb7b6 refactor PolynomialBackTrackingTerm, to allow getting the pump string and the prefix-message 2021-01-14 13:35:32 +01:00
Erik Krogh Kristensen
a520a51d42 highlight the use of the regular expression, instead of the sink for user input 2021-01-14 11:22:20 +01:00
Erik Krogh Kristensen
e8ea720650 adjust description to not mention user-provided values 2021-01-14 10:36:10 +01:00
Erik Krogh Kristensen
d71adff079 dont sanitize global replacements where the regexp is a char class 2021-01-13 10:12:12 +01:00
Erik Krogh Kristensen
0a17b04650 refactor copy-pasted code into getAnLibraryInputParameter 2021-01-12 20:21:37 +01:00
Erik Krogh Kristensen
eaee5c2d87 add library input as source for js/polynomial-redos 2021-01-12 20:21:33 +01:00
CodeQL CI
1c8547c897 Merge pull request #4774 from erik-krogh/forms 
Approved by asgerf
 2021-01-12 02:01:38 -08:00
CodeQL CI
807fc94627 Merge pull request #4921 from erik-krogh/moreShellSan 
Approved by esbena
 2021-01-08 00:58:26 -08:00
Erik Krogh Kristensen
6423c32990 Update javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-07 22:02:39 +01:00
CodeQL CI
c193d9f375 Merge pull request #4823 from erik-krogh/furtherReDoS 
Approved by esbena
 2021-01-07 05:24:07 -08:00
Erik Krogh Kristensen
7eab08511b add source code examples to blocksCharInAccess 2021-01-07 13:58:26 +01:00
Erik Krogh Kristensen
8b03ab0c01 update docstring for getAShellChar 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-07 13:58:26 +01:00
Erik Krogh Kristensen
2aa59a3f8b support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input 2021-01-07 13:58:25 +01:00
Erik Krogh Kristensen
7e21081b70 add comment about regexp detected by js/polynomial-redos 2021-01-07 12:06:12 +01:00
Erik Krogh Kristensen
bfd8d1b1e9 Merge branch 'main' into revertSum 2021-01-06 23:04:08 +01:00
CodeQL CI
9d4cd0aa85 Merge pull request #4862 from erik-krogh/shellSanitizer 
Approved by esbena
 2021-01-06 11:16:12 -08:00
Erik Krogh Kristensen
f1cee70e82 add class-field flowstep to js/shell-command-constructed-from-input 2021-01-06 14:37:00 +01:00
Erik Krogh Kristensen
28cffa1e07 add comment in isFork about /(a*)*/ regular expressions 2021-01-06 10:44:13 +01:00
Erik Krogh Kristensen
c58f67b189 reintroduce performance improvement - but sound this time 2021-01-06 10:44:13 +01:00
Erik Krogh Kristensen
4392f0270c autoformat 2021-01-06 10:37:36 +01:00
Erik Krogh Kristensen
3d98732136 support nested stars in js/ReDoS 2021-01-06 10:37:35 +01:00
Erik Krogh Kristensen
77967c3e63 undo unsound optimization in js/ReDoS 2021-01-06 10:36:21 +01:00
Erik Krogh Kristensen
b42aac17d5 add more tests for js/ReDoS 2021-01-06 10:34:06 +01:00
CodeQL CI
a5e28ac6d6 Merge pull request #4847 from erik-krogh/afterReDoS 
Approved by esbena
 2021-01-05 01:51:27 -08:00
Erik Krogh Kristensen
368603eefa add change note 2021-01-04 15:23:52 +01:00
Erik Krogh Kristensen
ce8cc2368b improve precision of intersect 2021-01-04 11:55:51 +01:00
Erik Krogh Kristensen
44571ffeea use the full ascii set instead of a few chosen chars 2020-12-22 16:00:23 +01:00
Erik Krogh Kristensen
303408b774 remove duplicate char 2020-12-22 15:48:24 +01:00
Erik Krogh Kristensen
354954c80c changes based on review 2020-12-22 15:41:06 +01:00
Erik Krogh Kristensen
530a4aea35 Merge branch 'main' into shellSanitizer 2020-12-22 13:57:15 +01:00
Erik Krogh Kristensen
f7f88689c4 use strings in isTypeofGard 2020-12-22 13:55:32 +01:00
CodeQL CI
2bb96369f1 Merge pull request #4868 from erik-krogh/boundShell 
Approved by esbena
 2020-12-22 03:35:42 -08:00
CodeQL CI
7c6b4d7324 Merge pull request #4865 from esbena/js/fix-execa-model 
Approved by erik-krogh
 2020-12-22 03:32:26 -08:00
Erik Krogh Kristensen
da9a4e5267 add test 2020-12-22 11:22:25 +01:00
Erik Krogh Kristensen
b8b5aef5f4 recognize Object.defineProperty(obj, prop, {get: func}) as a property-write 2020-12-22 11:21:41 +01:00
Erik Krogh Kristensen
6a9089b15e recognize bound functions in js/shell-command-constructed-from-input 2020-12-22 11:20:34 +01:00
CodeQL CI
67d0f4d938 Merge pull request #4866 from esbena/js/add-tests-for-examples 
Approved by erik-krogh
 2020-12-22 02:04:47 -08:00
CodeQL CI
e2bba97794 Merge pull request #4860 from erik-krogh/functionExports 
Approved by esbena
 2020-12-22 01:05:37 -08:00
Erik Krogh Kristensen
df95562f8f remove TTUndefined from TypeOfSanitizer in js/shell-command-constructed-from-input 2020-12-22 09:43:50 +01:00
CodeQL CI
b35edc9de6 Merge pull request #4732 from github/esbena-patch-4 
Approved by erik-krogh
 2020-12-22 00:42:25 -08:00
Erik Krogh Kristensen
6eb88b9e41 introduce and use TaintTracking::isTypeofGuard 2020-12-22 09:42:12 +01:00
Esben Sparre Andreasen
34a09ff522 JS: add js/conditional-bypass example as a test case 2020-12-22 09:34:25 +01:00
Esben Sparre Andreasen
009527c69c JS: add change note 2020-12-22 09:26:35 +01:00
Esben Sparre Andreasen
ab4f3ea259 JS: fixup for execa.shell and execa.shellSync models 2020-12-22 09:06:18 +01:00
Esben Sparre Andreasen
ba714a1214 JS: add execa.shell tests 2020-12-22 09:01:43 +01:00