hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,872 Commits 1,673 Branches 157 Tags
1cd7fd6cf7789ff04a4ce37b90aa852bc73509b4
Commit Graph

5416 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
4fa33b151f Merge pull request #5146 from github/more-redos-tests 
JS: add two non ReDoS regular expressions to the ReDoS test suite
 2021-02-12 18:56:52 +01:00
CodeQL CI
179a7a89dd Merge pull request #5098 from erik-krogh/xml2js 
Approved by asgerf
 2021-02-12 09:22:40 -08:00
Erik Krogh Kristensen
d14586de56 add two non ReDoS regular expressions to the ReDoS test suite 
Adds the regular expression from #5145
 2021-02-11 14:41:45 +01:00
Erik Krogh Kristensen
3ee0029cd8 Update javascript/change-notes/2021-02-08-xml-parser-taint.md 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-11 13:33:42 +01:00
Erik Krogh Kristensen
91f7d33044 add change note 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
101d4358a9 detect DOM nodes from event callbacks 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
be9636491b add source for react-hook-form in xss-through-dom 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
65d93c9061 detect for DOM elements from DOM events in React 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
458dda9d25 add xss-through-dom source from react-final-form 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
ff3950ce98 add model for formik 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
d1087d4e41 move sources from XssThroughDom into a customizations file 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
4969a1ef4f add change note 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
0ca2310594 add model for htmlparser2 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
e2a66bf3ed add model for xml-js 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
73f7cd149f add model for sax 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
c43025d7b3 add model for xml2js 2021-02-10 14:16:30 +01:00
Erik Krogh Kristensen
44ca2e26a6 add taint-step to XML parsers 2021-02-10 14:16:08 +01:00
Alexander Eyers-Taylor
1c43505d30 Merge pull request #5121 from alexet/fix-js-jdoc 
Javascript Extractor: Update <tt> tages to <code>
 2021-02-09 13:07:19 +00:00
CodeQL CI
475d216f8e Merge pull request #5087 from erik-krogh/immutable 
Approved by asgerf
 2021-02-09 12:43:19 +00:00
alexet
8dd5a7e7c7 Javascript Extractor: Update <tt> tages to <code> 2021-02-09 12:10:09 +00:00
CodeQL CI
8a2e063af7 Merge pull request #5107 from asgerf/js/json-in-script-tag 
Approved by erik-krogh
 2021-02-08 09:52:53 +00:00
Erik Krogh Kristensen
504db8739d fix typo in execa change-note file name 2021-02-08 10:00:26 +01:00
Erik Krogh Kristensen
8ca75e41d2 add change note 2021-02-08 09:59:45 +01:00
Asger Feldthaus
0ceb8aa638 JS: Bump extractor version 2021-02-05 21:55:43 +00:00
Asger Feldthaus
236b7c5887 JS: Tolerate JSON in script tags 2021-02-05 21:54:50 +00:00
alexet
9d06c75aed Javascript: improve performance of ExplicitInvokeNode::getArgument 2021-02-04 15:55:51 +00:00
Erik Krogh Kristensen
6cbf7b3267 add of Set, Stack and similar to the Immutable model 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
b74df66463 implement Immutable merge 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
c0de6a3af2 add support for Immutable Record 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
609b16b1f7 implement Immutable OrderedMap 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
2e7bf9b53c implement Immutable lists 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
a5c9492c87 add support for fromJS in the Immutable model 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
6cbe4caecc support toJS() by using plain property names instead of pseudoproperties. 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
b1f092f052 add support for map.set in Immutable model 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
b77dd54618 implement basic map get/set for immutable.js 2021-02-04 12:05:44 +01:00
CodeQL CI
653c900d62 Merge pull request #4987 from erik-krogh/defensiveFunctions 
Approved by esbena
 2021-02-02 14:47:23 -08:00
Erik Krogh Kristensen
c51e951d1e add change note 2021-02-02 22:51:03 +01:00
CodeQL CI
209fe8d7e5 Merge pull request #5049 from erik-krogh/singleQuote 
Approved by esbena
 2021-02-02 13:48:42 -08:00
CodeQL CI
4fdbda3543 Merge pull request #5056 from erik-krogh/react 
Approved by asgerf
 2021-02-02 01:40:08 -08:00
Erik Krogh Kristensen
ca435763b0 separate message for double and single quotes 2021-02-01 23:54:12 +01:00
Esben Sparre Andreasen
9678534f25 JS: add tests for some syntactic XSS vector obfuscations 2021-02-01 10:20:23 +01:00
Erik Krogh Kristensen
aae69c6537 update expected output 2021-02-01 09:33:52 +01:00
CodeQL CI
c9537f2639 Merge pull request #5029 from asgerf/js/silence-angular-template-fps 
Approved by erik-krogh
 2021-01-29 06:06:37 -08:00
Erik Krogh Kristensen
c9ec983cd8 add js/client-side-unvalidated-url-redirection test for script tags inside react code 2021-01-29 12:50:43 +01:00
Erik Krogh Kristensen
39591687ba add js/code-injection sink for script tags in React 2021-01-29 12:50:17 +01:00
Erik Krogh Kristensen
3f1e81533c support html attribute concatenations with single quotes 2021-01-29 10:37:37 +01:00
CodeQL CI
6d952bda27 Merge pull request #5020 from asgerf/js/getaqlclass-test 
Approved by esbena
 2021-01-27 03:48:57 -08:00
CodeQL CI
bb423828de Merge pull request #5025 from asgerf/js/slow-xml-parent-upgrade-script 
Approved by erik-krogh
 2021-01-27 03:27:43 -08:00
Asger Feldthaus
1637b72092 JS: Ignore Angular templates in a few non-security queries 2021-01-27 11:02:19 +00:00
Asger Feldthaus
5a89fa3f67 JS: Fix performance issue in upgrade script 2021-01-27 10:10:37 +00:00