hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 22:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,322 Commits 1,699 Branches 161 Tags
173cfd5c7bf173ada56ba9e698f736bb342f877e
Commit Graph

62 Commits

Author SHA1 Message Date
Asger F
f8dc7eb25b JS: Update output from tests that changed on main 2024-12-19 15:25:47 +01:00
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Michael Nebel
c3fe3e468c Javascript: Update all test util paths to point to the new location. 2024-12-12 13:54:25 +01:00
Asger F
08d25c122d JS: Deprecate more uses of ConsistencyConfiguration 2024-12-03 14:30:27 +01:00
Asger F
0ce1fe767d JS: Deprecate ConsistencyChecking to avoid deprecation warnings 2024-12-03 14:30:23 +01:00
Napalys
faef9dd877 JS: protyte poluting now treats unknownFlags as potentially good sanitization. 2024-11-28 11:26:38 +01:00
Napalys
41fef0f2b3 JS: Added test cases which cover new RegExp creation with replace on protytpe pulluting 2024-11-28 11:26:37 +01:00
Asger F
52ba91a7f8 JS: Updates to nodes/edges in tests 
Only changes to nodes/edges for various reasons, no actual result changes
 2024-10-29 08:32:13 +01:00
Asger F
12e316b99d JS: Update test output after merging in 'main' 
- Paths are now relative to the test case, not the qlpack
- Paths going through an implicit reads have changed slightly
 2024-10-08 10:11:15 +02:00
Asger F
cf90c83604 JS: Accept changes to nodes/edges results 2024-09-12 13:42:19 +02:00
Asger F
2e2181be2c JS: Update test output that only affects nodes/edges/subpaths 2024-08-27 11:35:33 +02:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
bd3fccd1a8 JS: Update test output with provenance column 2024-06-25 10:30:56 +02:00
Asger F
a5c221fcfc JS: Port PrototypePollutingMergeCall 2023-10-13 13:15:04 +02:00
Asger F
adf7d5409d JS: Port PrototypePollutingFunction 2023-10-13 13:15:04 +02:00
Asger F
f1f45927b1 JS: Port PrototypePollutingAssignment 2023-10-13 13:15:04 +02:00
jorgectf
2ac334bf15 Adapt Webix modeling to support HTML use-cases 2023-06-28 15:26:30 +02:00
Jorge
3c980db93a Format webix.js 2023-06-23 18:08:01 +02:00
Kevin Stubbings
3605269e13 Add webix copy function 2023-06-22 22:16:28 -07:00
jorgectf
6947e99c15 Add models for webix 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-06-22 01:07:33 +02:00
Asger F
13b1e97caa JS: Fix the ExtendCall restriction 2023-04-17 12:30:08 +02:00
Asger F
eafef91dbc JS: Update test output after ExtendCall restriction 2023-04-17 12:28:23 +02:00
Asger F
024760610a JS: Add prototype pollution test 2023-04-17 12:27:34 +02:00
erik-krogh
4b74dec18f expand what is parsed as the stem of a pathexpr 2023-01-17 21:28:21 +01:00
Erik Krogh Kristensen
c537c80ed6 Merge pull request #11095 from erik-krogh/exportRead 
JS: recognize more re-exported values as exported
 2022-11-09 12:39:41 +01:00
erik-krogh
fc38bf0429 Merge branch 'main' into aliasFlow 2022-11-07 09:46:48 +01:00
erik-krogh
655b4a4d17 recognize more re-exported values as exported 2022-11-03 11:08:00 +01:00
erik-krogh
94e864e933 add failing test 2022-11-03 11:04:04 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
erik-krogh
843fce4bcd expand localFieldStep to use access-paths, and build access-paths in more cases 2022-09-13 21:43:06 +02:00
Erik Krogh Kristensen
46751e515c Merge pull request #10388 from erik-krogh/exportNew 
JS: recognize returning an instance of a class as exporting that class
 2022-09-13 13:45:16 +02:00
erik-krogh
ceda5f69fc recognize returning an instanceof of a class as exporting that class 2022-09-12 17:31:51 +02:00
erik-krogh
98243118b2 recognize a list of bad strings as a sanitizer for js/prototype-polluting-assignment 2022-09-12 13:41:07 +02:00
erik-krogh
2f11f3760e simplify getALibraryInputParameter by adding more general dataflow for the arguments object 2022-08-22 08:32:43 +02:00
Erik Krogh Kristensen
d86b7f6c54 recognize an access to the arguments object as library-input 2022-08-22 08:29:24 +02:00
erik-krogh
3355a7a046 generalize BarrierGuardFunctionto work on function that have multiple parameters 2022-08-16 09:13:15 +02:00
Erik Krogh Kristensen
82c6c22d50 make a model for hasOwnProperty calls and similar 2022-05-24 14:13:53 +02:00
Erik Krogh Kristensen
2a97dd9f6f add support for Object.hasOwn(obj, key) 2022-05-24 13:59:25 +02:00
Erik Krogh Kristensen
ba844aa0ab Merge branch 'main' into exportObj 2022-05-23 14:18:31 +02:00
Erik Krogh Kristensen
9050f9999c recognize functions that return object of methods as library input 2022-05-12 09:56:19 +02:00
Erik Krogh Kristensen
b1e8b3332c resolve main module when there is a folder with the same name as the main file 2022-05-12 08:20:30 +02:00
Stephan Brandauer
3f13a5e082 fix a FN for prototype polluting function query 2022-04-28 22:00:09 +02:00
Stephan Brandauer
4964f2df9a add flow step to rest parameters 2022-04-27 16:03:19 +02:00
Erik Krogh Kristensen
4fba5e4dfb step through parentheses in barrier functions 2022-02-25 17:47:12 +01:00
Erik Krogh Kristensen
517e17d422 support more property writes in js/prototype-pollution-utility, and generalize ObjectDefinePropertyAsPropWrite 2022-02-22 13:23:34 +01:00
Erik Krogh Kristensen
99f5f70345 Merge branch 'main' into protoLib 2021-11-04 12:53:53 +01:00
Asger Feldthaus
08bc80ffdb JS: Block prototype pollution assignment flows through .replace() 2021-11-03 13:24:29 +01:00
Erik Krogh Kristensen
4f6e5c903b filter out writes to number indexes 2021-10-28 14:27:07 +02:00
Erik Krogh Kristensen
96b6f670d9 filter away paths that start with libary inputs and end with a fixed-property write 2021-10-27 21:01:11 +02:00
Erik Krogh Kristensen
a9a9e34265 recognize delete expresssions as a sink for js/prototype-polluting-assignment 2021-10-27 20:37:42 +02:00