hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 23:56:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,168 Commits 1,703 Branches 162 Tags
0b293eaba515ef2da98aa1d976a6ed7166f8412a
Commit Graph

731 Commits

Author SHA1 Message Date
Napalys Klicius
b2346183d6 Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model 
JS: Exclude environment variables from `js/regex-injection` query by default
 2025-08-18 09:32:15 +02:00
Napalys Klicius
5f538209c9 Exlucde environmental variables from default detection in regexp injection 2025-07-31 12:09:30 +02:00
Jeroen Ketema
1990438376 JS: Fix import 
The import should not have been private, because we want users to still be
able to import this file and have access to the crypto algorithms.
 2025-07-16 14:41:50 +02:00
Jeroen Ketema
f07d8ee493 Remove duplicate copies of CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:06 +02:00
Jeroen Ketema
f4ba2e1fd0 Properly share CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:00 +02:00
Jeroen Ketema
c582a9ccd6 Remove duplicate copies of SensitiveDataHeuristics 2025-07-14 11:38:52 +02:00
Jeroen Ketema
8b828cecf1 Use shared SensitiveDataHeuristics 2025-07-14 11:38:47 +02:00
Napalys Klicius
0d5f5104d1 Updated UriEncodingSanitizer comment 2025-06-16 13:08:16 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
b9b62fa1c1 JS: Add URL from url package constructor taint step for request forgery detection 2025-05-30 18:32:02 +02:00
Asger F
169ae19015 Merge pull request #19391 from asgerf/js/typescript-path-resolution 
JS: Overhaul import resolution
 2025-05-13 15:46:38 +02:00
Napalys Klicius
d4b5ef6a66 Refactor process.env handling in CleartextLogging and IndirectCommandInjection modules to use ThreatModelSource 2025-05-01 11:14:15 +02:00
Asger F
ed2a832a55 JS: Deprecate PathExpr and related classes 2025-04-29 13:23:47 +02:00
Asger F
6c33013788 JS: Enable association with headers without needing a route handler 
Previously it was not possible to associate a ResponseSendArgument with its header definitions if they did not have the same route handler.

But for calls like `new Response(body, { headers })` the headers are fairly obvious whereas the route handler is unnecessarily hard to find. So we use the direct and obvious association between 'body' and 'headers' in the call.
 2025-04-03 11:08:10 +02:00
Asger F
1324c11044 Merge pull request #19012 from asgerf/js/api-graph-array-element 
JS: Make API graphs use steps from summaries
 2025-03-18 18:03:43 +01:00
Napalys Klicius
478e32cbe5 Update javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-17 10:17:39 +01:00
Asger F
ab74898bbb JS: Deprecate getUnknownMember() and replace its uses with getArrayElement() 
Although they mean slightly different things, every single call site
of getUnknownMember() just used it as a way to get array elements.

Since there is no known use-case for the original meaning of
getUnknownMember() I am deprecating it for now.
 2025-03-14 23:08:19 +01:00
Napalys
4a691b778b Added escape as UriEncodingSanitizer 2025-03-14 14:53:21 +01:00
Napalys
dc262236f4 Enhance taint tracking by including escape and unescape in TaintedPath customizations. 2025-03-14 11:43:22 +01:00
Asger F
29659647ea JS: Fix barrier guards for ServerSideUrlRedirect 
The barrier guards for ServerSideUrlRedirect were lost when it was ported to ConfigSig, and the aforementioned spurious alert was a result of that.

The query had two guards: a proper barrier guard and a heuristic one for functions named 'isLocalURL'. We should move away from the heuristic name-based sanitiser guards, so I'm only reinstating the proper barrier guard.

Therefore updating the test to test the real barrier guard.
 2025-02-28 13:28:43 +01:00
Asger F
0ca9b2285b Merge pull request #18740 from asgerf/js/more-precise-diff-informed 
JS: Provide more precise related locations
 2025-02-17 10:27:15 +01:00
Asger F
7e3f89842d JS: Provide more precise related locations 2025-02-11 14:12:03 +01:00
Asger F
45242977a4 JS: Model query-string parsers that strip off ? or # 2025-02-11 10:41:23 +01:00
Paul Hodgkinson
f033f179f7 Merge branch 'main' into angular-sources-sinks 2025-01-24 15:46:48 +00:00
Asger F
1b7977bf90 Merge pull request #18466 from asgerf/js/view-component-inputs 
JS: Add view-component-input threat model
 2025-01-24 10:59:25 +01:00
aegilops
522f3d1337 Merge 2025-01-23 17:00:56 +00:00
Asger F
6423033db6 JS: Resolve inserted TODOs 2025-01-23 13:02:52 +01:00
Asger F
dba76a0e4d JS: Rerun patch query after bugfix 2025-01-23 10:31:32 +01:00
Asger F
d647c7b14d JS: Replace 'instanceof ClientSideRemoteFlowSource' 2025-01-22 10:45:49 +01:00
Asger F
3061d51b20 JS: Add ThreatModelSource#isCilentSideSource() 2025-01-22 10:45:48 +01:00
Asger F
7c29ea9dda JS: Update ExternalAPIUsedwithUntrustedData 2025-01-20 11:20:32 +01:00
Asger F
ecbd7983ba JS: Update DifferentKindsComparisonBypassQuery.qll 2025-01-20 11:20:31 +01:00
Asger F
29da1fb6c8 JS: Update ConditionalBypassQuery.qll 2025-01-20 11:20:30 +01:00
Asger F
fd763a0883 JS: Auto-patch diff informed queries 2025-01-20 11:20:27 +01:00
Asger F
859783c08b JS: Support [(ngModel)] 2025-01-17 10:26:57 +01:00
Asger F
97f5559e64 JS: Recognise form input from NgForm 2025-01-17 10:22:20 +01:00
Asger F
6cd9752289 Merge pull request #18467 from github/js/shared-dataflow-branch 
JS: Migrate to shared data flow library (targeting main!) 🚀
 2025-01-16 11:28:57 +01:00
Geoffrey White
f8659c0a4e Sync identical files. 2025-01-10 10:26:13 +00:00
Asger F
b2d62a080b JS: Move a test failure explanation into the test suite 
We have an issue for fixing the underlying problem
 2025-01-09 09:57:44 +01:00
Asger F
d9da9444fa JS: Rephrase TODO 
This is useful info, but not something that can be fixed locally in this query, so a TODO comment isn't helping
 2025-01-09 09:45:39 +01:00
Asger F
a8f93cac05 JS: Remove obsolete comment 
The test case actually has the correct result now
 2025-01-09 09:39:32 +01:00
Asger F
dd37c474d8 JS: Remove mention of results from comments 2025-01-09 09:39:30 +01:00
Asger F
fb54a3bde8 JS: Remove obsolete TODO comment 2025-01-09 09:39:29 +01:00
Asger F
b29ee2acde JS: Remove references to localFieldStep 
These are tracked in https://github.com/github/codeql-javascript-team/issues/456
 2025-01-09 09:39:27 +01:00
aegilops
4b57d5feb2 Added XSS sink for innerHTML/outerHTML using new Angular attribute def 2025-01-08 16:36:46 +00:00
aegilops
4530118681 Comment out hardcoded definition of sink 2025-01-06 17:33:31 +00:00
aegilops
e414b8c5be Remove @Input() decorated members as remote sources, in favour of a later Threat Model 2025-01-06 16:51:35 +00:00
aegilops
8dac00aa83 Change from getParameter() to getArgument() 2025-01-06 15:43:47 +00:00
Asger F
7ccb476b1b JS: Restrict AP length in ExceptionXss 2025-01-06 14:28:58 +01:00
Asger F
e2af19b946 JS: Restrict "get" step to Map objects 2025-01-06 13:17:32 +01:00