codeql

mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00

Author	SHA1	Message	Date
Asger Feldthaus	23eeb49959	JS: Detect relevant templating syntax, and add sinks	2021-08-11 12:36:34 +02:00
Asger Feldthaus	f3b97f05c9	JS: Add steps to/from placeholder tags	2021-08-11 12:36:34 +02:00
Asger Feldthaus	f1c663b01b	JS: Add steps from instantiation site to placeholder expr	2021-08-11 12:36:34 +02:00
Asger Feldthaus	5659a8a30f	JS: Add template resolution logic	2021-08-11 12:36:34 +02:00
Asger Feldthaus	1474c0788b	JS: Introduce TemplateInstantiation	2021-08-11 12:36:34 +02:00
Asger Feldthaus	8fe2d84d53	JS: Move template-related classes to Templating file	2021-08-11 12:36:34 +02:00
Asger Feldthaus	f26e94c0db	JS: Rename to Angular-style template	2021-08-11 12:36:34 +02:00
Asger Feldthaus	66cec65bfb	JS: Format HTMLExtractor	2021-08-11 12:36:34 +02:00
Asger Feldthaus	8666bc1894	JS: Extract placeholders in HTML	2021-08-11 12:36:31 +02:00
Asger Feldthaus	b1ce3d1c5a	JS: Do not extract binary HTML	2021-08-10 12:15:44 +02:00
Asger Feldthaus	96a2c3f2db	JS: Extract .hbs and .ejs as HTML	2021-08-10 12:15:44 +02:00
Asger Feldthaus	e678c16d59	JS: Parse EJS-style template tags	2021-08-10 12:15:44 +02:00
Asger Feldthaus	a7cdf532fa	JS: Parse mustache-style tags as expressions	2021-08-10 12:15:43 +02:00
Asger Feldthaus	d1c31db06f	JS: Reset implicit variable scope when leaving template expr	2021-08-10 12:15:43 +02:00
Tom Hvitved	d658ef1dcd	Merge pull request #6449 from hvitved/python/contains-in-scope-perf Python: Avoid bad join in `AstExtended::AstNode::containsInScope`	2021-08-10 10:27:00 +02:00
Chris Smowton	cb73100717	Merge pull request #6458 from github/workflow/coverage/update Update CSV framework coverage reports	2021-08-10 09:23:53 +01:00
Chris Smowton	9f9c76390f	Nudge CI	2021-08-10 09:12:18 +01:00
Asger F	077aa05336	Merge pull request #6448 from asgerf/js/handlebars-extraction-preliminary JS: Update locations in Angular2 test	2021-08-10 08:50:18 +02:00
github-actions[bot]	22fe354aab	Add changed framework coverage reports	2021-08-10 00:07:47 +00:00
Chris Smowton	5ba9347281	Merge pull request #6006 from artem-smotrakov/timing-attacks Java: Timing attacks while comparing results of cryptographic operations	2021-08-09 15:30:47 +01:00
Chris Smowton	171dc26531	Fix test reference and expectations	2021-08-09 13:56:55 +01:00
Tom Hvitved	ea6d51f123	Python: Avoid bad join in `AstExtended::AstNode::containsInScope`	2021-08-09 11:20:57 +02:00
Asger Feldthaus	88500a3fa3	JS: Update TRAP test output	2021-08-09 11:19:08 +02:00
Asger Feldthaus	2836d465e4	JS: Update locations in Angular2 test	2021-08-09 11:03:15 +02:00
Tom Hvitved	15db6dfb10	Merge pull request #6431 from hvitved/csharp/silence-xml-extraction C#: Silence XML extraction commands	2021-08-09 09:36:23 +02:00
CodeQL CI	562ba49f4e	Merge pull request #6406 from erik-krogh/cleanCfg Approved by asgerf	2021-08-09 00:21:31 -07:00
Tamás Vajk	c1cf2a1c5f	Merge pull request #5579 from edvraa/cookies C#: HttpOnly and Secure cookie queries	2021-08-09 08:58:11 +02:00
Shati Patel	8bb47b91b9	Merge pull request #6426 from shati-patel/docs/cwe-coverage Docs: Make TOC more visible and add note about CWE coverage	2021-08-05 15:01:29 +01:00
Shati Patel	97dd88661e	Merge pull request #6427 from shati-patel/docs/vscode-tests Docs: Mention setting for running tests in VS Code (already shipped)	2021-08-05 15:01:20 +01:00
Tom Hvitved	5b5ed97421	C#: Silence XML extraction commands	2021-08-05 15:24:01 +02:00
Tom Hvitved	4ee5cc5557	Merge pull request #6428 from hvitved/csharp/xss-nodes C#: Add missing `nodes` predicate to XSS queries	2021-08-05 15:03:22 +02:00
Tom Hvitved	9eb3f28ef1	C#: Add missing `nodes` predicate to XSS queries	2021-08-05 13:53:52 +02:00
Tom Hvitved	6471092139	Merge pull request #6394 from github/p0/csharp-virtual-dispatch-limit C#: Guard against virtual dispatch branching too much.	2021-08-05 13:20:14 +02:00
shati-patel	dbf49a8257	Docs: Mention setting for running tests in VS Code	2021-08-05 11:27:20 +01:00
shati-patel	09f3001048	Docs: Make TOC more visible and add note about CWE coverage	2021-08-05 10:55:41 +01:00
Anders Schack-Mulligen	c29353db80	Merge pull request #6424 from github/workflow/coverage/update Update CSV framework coverage reports	2021-08-05 09:48:53 +02:00
Tony Torralba	0356ed7f9e	Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check Java: Promote Missing JWT signature check query from experimental	2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen	1932f604dc	Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb Add unsafe-deserialization support for Jabsorb	2021-08-05 09:04:23 +02:00
Erik Krogh Kristensen	d3ea58002d	fix a case in `union` where order wasn't necessarily preserved	2021-08-05 08:48:15 +02:00
Erik Krogh Kristensen	6ca53c8b25	a little more special casing in CFGExtractor union	2021-08-05 08:32:56 +02:00
CodeQL CI	475032780e	Merge pull request #6311 from asgerf/js/dom-element-methods Approved by erik-krogh	2021-08-04 23:18:34 -07:00
github-actions[bot]	9d13edb325	Add changed framework coverage reports	2021-08-05 00:08:17 +00:00
Erik Krogh Kristensen	7e422a656a	remove unused imports	2021-08-04 23:41:36 +02:00
Erik Krogh Kristensen	ff9943906d	micro optimize the hot loops by adding special cases and removing streams	2021-08-04 23:35:58 +02:00
Fosstars	b913928294	Renamed queries and merged qhelp files	2021-08-04 17:54:16 +02:00
Chris Smowton	1f08c3fe55	Move test files to appropriate package directories	2021-08-04 16:50:03 +01:00
Chris Smowton	5a42448888	Code review suggestions - Remove unneeded import - Remove unnecessary `toLowerCase` call	2021-08-04 16:08:07 +01:00
Chris Smowton	69549e9ce3	Add unsafe-deserialization support for Jabsorb This is partly extracted from https://github.com/github/codeql/pull/5954	2021-08-04 15:35:50 +01:00
Asger Feldthaus	1b67b43b40	JS: Change note	2021-08-04 16:25:59 +02:00
Asger Feldthaus	00f4694616	JS: Recognize methods returning DOM objects	2021-08-04 16:25:56 +02:00

1 2 3 4 5 ...

24983 Commits