hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-15 23:44:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,096 Commits 1,680 Branches 158 Tags
0a8e371b0eec7e51909b447ea5661c2911ae40bb
Commit Graph

357 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
0a8e371b0e Update javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.qhelp 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-27 09:09:26 +02:00
Esben Sparre Andreasen
58b5bd5cfd JS: fixup documentation 2020-04-24 10:56:53 +02:00
Esben Sparre Andreasen
6d6ec89ba8 JS: add qhelp 2020-04-24 09:18:09 +02:00
Esben Sparre Andreasen
89613dbd23 JS: add query for incomplete HTML attribute sanitization 2020-04-24 09:17:46 +02:00
Erik Krogh Kristensen
7bfea946fd update links in xss-through-dom qhelp 2020-04-22 10:23:03 +02:00
Erik Krogh Kristensen
76503d3536 user controlled -> user-controlled 2020-04-22 10:08:01 +02:00
Erik Krogh Kristensen
947e9828da Update javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-22 10:07:50 +02:00
Erik Krogh Kristensen
9fc29ee0f8 update qhelp 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
2d3e42e6d6 update qhelp for xss-through-dom 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-20 11:50:46 +02:00
Erik Krogh Kristensen
1b80f46f30 add QHelp for js/xss-through-dom query 2020-04-17 10:54:21 +02:00
Erik Krogh Kristensen
14b551f887 Xss through DOM 2020-04-17 10:54:14 +02:00
Asger Feldthaus
7da0345c6a JS: Autoformat 2020-04-06 12:30:04 +01:00
Asger Feldthaus
2c6beadf68 JS: Recognize more forms of scheme checks 2020-04-06 12:30:03 +01:00
Max Schaefer
3c785ecaa7 JavaScript: Move flow summaries to experimental. 
Also update description and change note to call out their experimental character more clearly.
 2020-03-09 12:57:20 +00:00
semmle-qlci
7f3f629d39 Merge pull request #2913 from asger-semmle/js/prototype-pollution-path 
Approved by erik-krogh
 2020-03-03 10:29:47 +00:00
Erik Krogh Kristensen
019266e537 change name of Useless cat 2020-03-02 13:06:08 +01:00
Erik Krogh Kristensen
391b6a833c add link to The Useless Use of Cat Award 2020-03-02 12:28:51 +01:00
Erik Krogh Kristensen
5e0ae7b4d0 add end </p> tag 2020-02-28 10:23:03 +01:00
Erik Krogh Kristensen
ce9cd53bf1 Merge remote-tracking branch 'upstream/master' into UselessCat 2020-02-28 09:56:23 +01:00
Erik Krogh Kristensen
922779e049 remove double a/an and adjust line lenghts 2020-02-28 09:48:07 +01:00
Erik Krogh Kristensen
17f1974e05 Apply suggestions from code review 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-02-28 09:43:32 +01:00
Asger Feldthaus
52ebe49a0b JS: Flag deep assignments in prototype pollution query 2020-02-27 12:17:55 +00:00
Asger Feldthaus
fefcf1a7a6 JS: Autoformat everything 2020-02-27 09:41:01 +00:00
Erik Krogh Kristensen
b20e8520f6 add default message if not pretty printed call can be created 2020-02-24 14:52:08 +01:00
Erik Krogh Kristensen
a779ae58a8 add qhelp 2020-02-24 14:03:41 +01:00
Asger Feldthaus
d1df251b92 JS: Proto pollution: Add is-plain-object sanitizer 2020-02-21 14:38:33 +00:00
Erik Krogh Kristensen
75410e5760 big refactor of UselessUseOfCal 2020-02-21 14:26:42 +01:00
Erik Krogh Kristensen
6ea14532ab small changes based on review 2020-02-21 10:27:57 +01:00
Erik Krogh Kristensen
924272a7a5 insert placeholder qhelp 2020-02-20 14:35:26 +01:00
semmle-qlci
f6af5da7f7 Merge pull request #2778 from erik-krogh/FalsySanitizer 
Approved by asgerf
 2020-02-20 11:17:03 +00:00
Erik Krogh Kristensen
a5fdcb67f9 restricts alerts to the first line 2020-02-20 10:43:41 +01:00
Erik Krogh Kristensen
bdab9ee12b change useless cat query to only flag instances that can be re-written to 2020-02-19 16:59:28 +01:00
Erik Krogh Kristensen
73a7d406a5 add query for useless use of cat 2020-02-18 19:18:45 +01:00
Erik Krogh Kristensen
e359e1a373 use a barrier directly instead of a barrier guard 2020-02-18 10:57:28 +01:00
Esben Sparre Andreasen
abe7aeef7c Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
Erik Krogh Kristensen
0f511c92b4 Merge remote-tracking branch 'upstream/master' into FalsySanitizer 2020-02-10 09:54:58 +01:00
Erik Krogh Kristensen
06e13cb3a1 Merge branch 'master' of git.semmle.com:Semmle/ql into FalsySanitizer 2020-02-07 16:13:02 +01:00
Esben Sparre Andreasen
dcdaa96570 JS: remove unused imports 2020-02-07 14:10:50 +01:00
Esben Sparre Andreasen
cb30329b3d JS: make DynamicPropertyAccess.qll from PrototypePollutionUtility.ql 2020-02-07 13:57:52 +01:00
Asger Feldthaus
a628f787e8 JS: Fix qldoc comment 2020-02-06 14:59:52 +00:00
Asger Feldthaus
f84af74d1d JS: Handle more libraries 2020-02-06 14:59:52 +00:00
Asger Feldthaus
c559ab13e7 JS: Add test and handle parameter with source object 2020-02-06 14:59:52 +00:00
Asger Feldthaus
34a9dce33d JS: Detect property enumeration through for-own 2020-02-06 14:59:52 +00:00
Erik Krogh Kristensen
ade93e66e1 move the if(!x) from DataFLow to TaintTracking 2020-02-06 15:44:22 +01:00
Erik Krogh Kristensen
1f7dda7fbc add dataflow barrier for if(xrandr) 2020-02-06 12:55:44 +01:00
Asger Feldthaus
38ef07ce73 JS: Fix join ordering 2020-02-06 10:29:05 +00:00
Asger F
cf18bd7bb8 Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-05 09:48:16 +00:00
Asger Feldthaus
fd9975db85 JS: Address comments 2020-02-05 09:47:51 +00:00
Asger Feldthaus
3ccdaa94ad JS: Expose argumentPassing as DataFlow::argumentPassingStep 2020-02-04 15:06:45 +00:00
Asger Feldthaus
c185cededf JS: More pruning and more data flow 2020-02-04 15:06:42 +00:00