hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,636 Commits 1,672 Branches 157 Tags
29e69b32b02ab6ac36eceeef895dea3a5a180460
Commit Graph

1722 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
29e69b32b0 JS: split XpathInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
48b655f1c7 JS: split CommandInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ccc171ce18 JS: split RemotePropertyInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
063abb5af9 JS: split PostMessageStar.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
3ad46cd5bf JS: split HardcodedCredentials.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ec6d233180 JS: split CleartextLogging.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
813253e0ac JS: split BrokenCryptoAlgorithm.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
27d0caed3e JS: split RegExpInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
c8a60f74f0 JS: split StackTraceExposure.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
f2b3fa57eb JS: split RequestForgery.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
6f6887993c JS: split Xxe.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
9d670f7d39 JS: split CleartextStorage.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
013f471cf6 JS: split TaintedPath.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
2bb702ceea JS: split SqlInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
2972c28e58 JS: split NosqlInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
057b18c316 JS: split ServerSideUrlRedirect.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
a89a073623 JS: split FileAccessToHttp.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
efe7ba4f3d JS: split InsecureRandomness.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
b85d3756b0 JS: split DifferentKindsComparisonBypass.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
56172317ed JS: split HardCodedDataInterpretedAsCode.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
d786f36120 JS: split CorsMisconfigurationForCredentials.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
1f54f3269d JS: split HttpToFileAccess.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ee6003655a JS: split UnsafeDynamicMethodAccess.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
bb452bea45 JS: split UnsafeDeserialization.qll 2019-07-04 08:39:10 +02:00
Esben Sparre Andreasen
626f3fa598 JS: split ConditionalBypass.qll 2019-07-04 08:33:39 +02:00
semmle-qlci
40f7e6f514 Merge pull request #1540 from esben-semmle/js/bump-prototype-pollution-lodash 
Approved by xiemaisi
 2019-07-04 07:19:45 +01:00
semmle-qlci
6cda33c39e Merge pull request #511 from esben-semmle/js/classify-minified-by-variable-names 
Approved by xiemaisi
 2019-07-03 16:31:43 +01:00
semmle-qlci
b07a3e6725 Merge pull request #1439 from esben-semmle/js/configuration-node-separation 
Approved by asger-semmle, xiemaisi
 2019-07-03 16:31:10 +01:00
semmle-qlci
7fbc730b05 Merge pull request #1517 from asger-semmle/instance-type-tracking-final 
Approved by xiemaisi
 2019-07-03 08:26:16 +01:00
semmle-qlci
44823ca46d Merge pull request #1522 from asger-semmle/ts-stringify-recursive-type-alias 
Approved by xiemaisi
 2019-07-03 08:25:50 +01:00
Esben Sparre Andreasen
051c6ca31f JS: split CodeInjection.qll into two parts 2019-07-03 09:18:27 +02:00
Esben Sparre Andreasen
ecf367fa65 JS: bump vulnerable lodash version for prototype pollution 
See https://github.com/lodash/lodash/pull/4336
 2019-07-03 08:18:16 +02:00
Asger F
52a5bce10d TS: Update test affected by new stringification 2019-07-02 21:01:47 +01:00
Asger F
329ff0db1b JS: Add an use getAPropertySource() 2019-07-02 10:09:06 +01:00
Asger F
5ce08e2c78 JS: Address review comments 2019-07-02 10:09:06 +01:00
Asger F
408fd3e106 JS: Augment call graph using type-tracked class instances 2019-07-02 10:09:06 +01:00
Asger F
779d98a143 JS: Prevent bad join in hasOwnProperty 2019-07-02 10:09:05 +01:00
semmle-qlci
71c86fa69b Merge pull request #1527 from esben-semmle/js/classify-more-generated-and-tests 
Approved by asger-semmle
 2019-07-02 07:38:10 +01:00
semmle-qlci
26fd1b91cf Merge pull request #1485 from esben-semmle/js/fix-yaml-strings 
Approved by xiemaisi
 2019-07-02 07:00:43 +01:00
semmle-qlci
b0b152aaaa Merge pull request #1529 from xiemaisi/js/getter-summaries 
Approved by asger-semmle
 2019-07-02 06:16:34 +01:00
Max Schaefer
7f95c20345 JavaScript: Add support for tracking flow into receivers of reflective calls. 2019-07-01 17:54:43 +01:00
semmle-qlci
3b126d9c4e Merge pull request #1488 from asger-semmle/call-graph-metric 
Approved by xiemaisi
 2019-07-01 16:09:34 +01:00
Max Schaefer
895055f30e JavaScript: Avoid unhelpful magic. 
The constraint `exists(callback.getParameter(i))` was getting pushed into `higherOrderCall`, which isn't a bad thing to do. However, this then led to a join on `i`, which is a very bad thing to do.
 2019-07-01 15:45:57 +01:00
Max Schaefer
b5b89c0eac JavaScript: Track flow into method receivers. 2019-07-01 15:45:57 +01:00
Esben Sparre Andreasen
062778bdd8 JS: heuristically recognize x.spec.y and x.test.y as test files 2019-07-01 15:49:17 +02:00
Esben Sparre Andreasen
7cab308205 fixup! JS: classify numeric file names as generated 2019-07-01 15:49:03 +02:00
Asger F
ff4d6ece80 JS: Rename metrics to ResolvableCallX 2019-07-01 12:34:48 +01:00
Asger F
16e6dd12d0 JS: Address review comments part 1 2019-07-01 12:30:51 +01:00
Esben Sparre Andreasen
41e568d1f7 JS: classify files with many short variables as minified 2019-07-01 13:25:07 +02:00
Esben Sparre Andreasen
2eb7e4a818 JS: classify x.test.js files with test(...) calls as jest tests 2019-07-01 10:28:10 +02:00