hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-26 17:28:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,997 Commits 1,721 Branches 163 Tags
14bada4bbe654d7d42e5415ec8974f0232fbd8a6
Commit Graph

24997 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
14bada4bbe JS: Model consolidate and factor in template syntax from call site 2021-08-11 12:36:35 +02:00
Asger Feldthaus
425bd7abf9 JS: Model template instantiation from Fastify, Hapi, and Koa 2021-08-11 12:36:35 +02:00
Asger Feldthaus
266c10462e JS: More aggressive TemplateFileReference.getValue 2021-08-11 12:36:35 +02:00
Asger Feldthaus
bc73d9f431 JS: Support templates importing each other 2021-08-11 12:36:35 +02:00
Asger Feldthaus
bb80fdddbd JS: Handle leading ../ in template resolution 2021-08-11 12:36:35 +02:00
Asger Feldthaus
6954a9ac23 JS: Treat EJS-include calls as template instantiations 
JS: Fixup EJS include call (API node)
 2021-08-11 12:36:35 +02:00
Asger Feldthaus
248715c743 JS: Restrict FileAccessToHttp a bit 2021-08-11 12:36:35 +02:00
Asger Feldthaus
8a50d99f33 JS: Treat GeneratedCodeExpr as DirectEval in UnusedVariable.ql 2021-08-11 12:36:35 +02:00
Asger Feldthaus
623557ba39 JS: "this" in a template is not the global object 2021-08-11 12:36:35 +02:00
Asger Feldthaus
ee33c593e0 JS: Autoformat 2021-08-11 12:36:34 +02:00
Asger Feldthaus
0f27bffb05 JS: Add sinks for server-template tags in AngularJS templates 2021-08-11 12:36:34 +02:00
Asger Feldthaus
d6dbabf9e0 JS: Ignore empty char sequences 2021-08-11 12:36:34 +02:00
Asger Feldthaus
745f9b36e0 JS: Exclude non-code script tags 2021-08-11 12:36:34 +02:00
Asger Feldthaus
2412f530f9 JS: Add steps and sinks for pipes 2021-08-11 12:36:34 +02:00
Asger Feldthaus
23eeb49959 JS: Detect relevant templating syntax, and add sinks 2021-08-11 12:36:34 +02:00
Asger Feldthaus
f3b97f05c9 JS: Add steps to/from placeholder tags 2021-08-11 12:36:34 +02:00
Asger Feldthaus
f1c663b01b JS: Add steps from instantiation site to placeholder expr 2021-08-11 12:36:34 +02:00
Asger Feldthaus
5659a8a30f JS: Add template resolution logic 2021-08-11 12:36:34 +02:00
Asger Feldthaus
1474c0788b JS: Introduce TemplateInstantiation 2021-08-11 12:36:34 +02:00
Asger Feldthaus
8fe2d84d53 JS: Move template-related classes to Templating file 2021-08-11 12:36:34 +02:00
Asger Feldthaus
f26e94c0db JS: Rename to Angular-style template 2021-08-11 12:36:34 +02:00
Asger Feldthaus
66cec65bfb JS: Format HTMLExtractor 2021-08-11 12:36:34 +02:00
Asger Feldthaus
8666bc1894 JS: Extract placeholders in HTML 2021-08-11 12:36:31 +02:00
Asger Feldthaus
b1ce3d1c5a JS: Do not extract binary HTML 2021-08-10 12:15:44 +02:00
Asger Feldthaus
96a2c3f2db JS: Extract .hbs and .ejs as HTML 2021-08-10 12:15:44 +02:00
Asger Feldthaus
e678c16d59 JS: Parse EJS-style template tags 2021-08-10 12:15:44 +02:00
Asger Feldthaus
a7cdf532fa JS: Parse mustache-style tags as expressions 2021-08-10 12:15:43 +02:00
Asger Feldthaus
d1c31db06f JS: Reset implicit variable scope when leaving template expr 2021-08-10 12:15:43 +02:00
Tom Hvitved
d658ef1dcd Merge pull request #6449 from hvitved/python/contains-in-scope-perf 
Python: Avoid bad join in `AstExtended::AstNode::containsInScope`
 2021-08-10 10:27:00 +02:00
Chris Smowton
cb73100717 Merge pull request #6458 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-10 09:23:53 +01:00
Chris Smowton
9f9c76390f Nudge CI 2021-08-10 09:12:18 +01:00
Asger F
077aa05336 Merge pull request #6448 from asgerf/js/handlebars-extraction-preliminary 
JS: Update locations in Angular2 test
 2021-08-10 08:50:18 +02:00
github-actions[bot]
22fe354aab Add changed framework coverage reports 2021-08-10 00:07:47 +00:00
Chris Smowton
5ba9347281 Merge pull request #6006 from artem-smotrakov/timing-attacks 
Java: Timing attacks while comparing results of cryptographic operations
 2021-08-09 15:30:47 +01:00
Chris Smowton
171dc26531 Fix test reference and expectations 2021-08-09 13:56:55 +01:00
Tom Hvitved
ea6d51f123 Python: Avoid bad join in AstExtended::AstNode::containsInScope 2021-08-09 11:20:57 +02:00
Asger Feldthaus
88500a3fa3 JS: Update TRAP test output 2021-08-09 11:19:08 +02:00
Asger Feldthaus
2836d465e4 JS: Update locations in Angular2 test 2021-08-09 11:03:15 +02:00
Tom Hvitved
15db6dfb10 Merge pull request #6431 from hvitved/csharp/silence-xml-extraction 
C#: Silence XML extraction commands
 2021-08-09 09:36:23 +02:00
CodeQL CI
562ba49f4e Merge pull request #6406 from erik-krogh/cleanCfg 
Approved by asgerf
 2021-08-09 00:21:31 -07:00
Tamás Vajk
c1cf2a1c5f Merge pull request #5579 from edvraa/cookies 
C#: HttpOnly and Secure cookie queries
 2021-08-09 08:58:11 +02:00
Shati Patel
8bb47b91b9 Merge pull request #6426 from shati-patel/docs/cwe-coverage 
Docs: Make TOC more visible and add note about CWE coverage
 2021-08-05 15:01:29 +01:00
Shati Patel
97dd88661e Merge pull request #6427 from shati-patel/docs/vscode-tests 
Docs: Mention setting for running tests in VS Code (already shipped)
 2021-08-05 15:01:20 +01:00
Tom Hvitved
5b5ed97421 C#: Silence XML extraction commands 2021-08-05 15:24:01 +02:00
Tom Hvitved
4ee5cc5557 Merge pull request #6428 from hvitved/csharp/xss-nodes 
C#: Add missing `nodes` predicate to XSS queries
 2021-08-05 15:03:22 +02:00
Tom Hvitved
9eb3f28ef1 C#: Add missing nodes predicate to XSS queries 2021-08-05 13:53:52 +02:00
Tom Hvitved
6471092139 Merge pull request #6394 from github/p0/csharp-virtual-dispatch-limit 
C#: Guard against virtual dispatch branching too much.
 2021-08-05 13:20:14 +02:00
shati-patel
dbf49a8257 Docs: Mention setting for running tests in VS Code 2021-08-05 11:27:20 +01:00
shati-patel
09f3001048 Docs: Make TOC more visible and add note about CWE coverage 2021-08-05 10:55:41 +01:00
Anders Schack-Mulligen
c29353db80 Merge pull request #6424 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-05 09:48:53 +02:00