hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
23,343 Commits 1,672 Branches 157 Tags
2dd862661bfa62080e68f4ac8281da5d901b6986
Commit Graph

6114 Commits

Author SHA1 Message Date
Ishaq Mohammed
96150a455d Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-06-01 13:47:43 +05:30
Ishaq Mohammed
975355de4a Adding reference link for csurf 2021-06-01 13:41:25 +05:30
Erik Krogh Kristensen
85bd8f1020 add change-note for TypeScript 4.3 2021-05-31 13:08:52 +02:00
Erik Krogh Kristensen
e6b1c61e81 add tests for TypeScript 4.3 2021-05-31 13:08:43 +02:00
Erik Krogh Kristensen
2cc2d116bc bump extractor version 2021-05-31 13:08:24 +02:00
Erik Krogh Kristensen
35d7fda5e2 update typescript to 4.3 in the extractor 2021-05-31 13:08:09 +02:00
Erik Krogh Kristensen
c70651b6fe always have arrayLikeElement as TypeTracking properties 2021-05-25 11:48:54 +02:00
CodeQL CI
131c08e436 Merge pull request #5939 from max-schaefer/js/set-constructor-args 
Approved by esbena
 2021-05-21 05:02:27 -07:00
Max Schaefer
6e34784fc5 Add new experimental query MultipleArgumentsToSetConstructor. 2021-05-21 09:54:41 +01:00
CodeQL CI
9bdfdb02d3 Merge pull request #5916 from erik-krogh/scriptSink 
Approved by esbena
 2021-05-19 03:46:17 -07:00
Erik Krogh Kristensen
9a1f80aa93 accept updated test output for express test 2021-05-18 22:23:29 +02:00
Erik Krogh Kristensen
e9d2dd0b57 support the chaining methods on Express apps 2021-05-18 22:23:27 +02:00
Erik Krogh Kristensen
06514a2bb6 move clone model to Extend.qll 2021-05-18 13:16:41 +02:00
Erik Krogh Kristensen
1435ac715a add support for the clone library 2021-05-18 12:46:34 +02:00
Erik Krogh Kristensen
cac0ab299b add writes to textContent on a <script /> as a sink for code-injection 2021-05-18 10:25:25 +02:00
CodeQL CI
12b1bbe484 Merge pull request #5897 from erik-krogh/uid 
Approved by RasmusWL, esbena
 2021-05-17 06:01:04 -07:00
Robin Neatherway
17b74319fa Merge pull request #5902 from github/rneatherway/lines-of-code-tags 
Add lines-of-code tags
 2021-05-14 17:16:50 +01:00
Erik Krogh Kristensen
3766678d60 move RegexpMetaChars into Regexp.qll 2021-05-14 13:23:36 +02:00
CodeQL CI
af0d31695a Merge pull request #5862 from asgerf/js/has-underlying-type 
Approved by erik-krogh, max-schaefer
 2021-05-14 04:10:43 -07:00
Robin Neatherway
f378513ea3 Add lines-of-code tags 
This is a proposed method for advertising which queries are measuring
the lines of code in a project in a more robust manner than inspecting
the rule id.

Note that the python "LinesOfUserCode" query should _not_ have this
property, as otherwise the results of the two queries will be summed.
 2021-05-14 11:20:43 +01:00
Erik Krogh Kristensen
33641c84f6 recognize sanitizing string replace call for regexp-injection 2021-05-14 11:58:27 +02:00
Erik Krogh Kristensen
9d60ec035f fix casing on the uid regexp 2021-05-13 23:04:30 +02:00
Erik Krogh Kristensen
51067af784 add "uid" (and friends) as maybe being sensitive account info 2021-05-13 22:34:10 +02:00
CodeQL CI
9b0c24abc2 Merge pull request #5876 from erik-krogh/moreAxios 
Approved by asgerf
 2021-05-13 08:03:33 -07:00
Erik Krogh Kristensen
34fbafafde remove redundant "put" case 2021-05-12 22:34:44 +02:00
Erik Krogh Kristensen
e0f78dde56 make the axios error catch match the non-error case 2021-05-12 16:23:37 +02:00
CodeQL CI
922b276fac Merge pull request #5728 from asgerf/js/source-sink-queries 
Approved by erik-krogh
 2021-05-11 05:04:47 -07:00
yoff
a7f97895ac Merge pull request #5863 from erik-krogh/printReg 
JS: add printAst.ql support for regular expressions
 2021-05-11 12:45:49 +02:00
yoff
549c9eee1a Merge pull request #5739 from RasmusWL/share-sensitive-data-modeling 
Python/JS: Share sensitive data modeling
 2021-05-11 11:53:59 +02:00
CodeQL CI
a87731115a Merge pull request #5860 from max-schaefer/js/improve-sql-modelling 
Approved by asgerf
 2021-05-11 02:24:52 -07:00
Erik Krogh Kristensen
99e98419dc add support for error values in an axios client request 2021-05-11 11:24:21 +02:00
Erik Krogh Kristensen
52991dc4a1 rewrite the axios model to use API graphs 2021-05-11 11:23:51 +02:00
Erik Krogh Kristensen
54f191cfe3 add support for rejected promise values in API graphs 2021-05-11 11:23:03 +02:00
CodeQL CI
beb66fc4db Merge pull request #5719 from asgerf/js/nestjs 
Approved by esbena
 2021-05-11 02:08:27 -07:00
CodeQL CI
a3d17a1437 Merge pull request #5769 from erik-krogh/libXss 
Approved by esbena
 2021-05-10 05:58:07 -07:00
Erik Krogh Kristensen
504c34ed2c use shouldPrint to filter out regular expressions from other files 2021-05-10 14:51:13 +02:00
Erik Krogh Kristensen
d6f9e37e39 add printAst.ql support for regular expressions 2021-05-10 13:31:00 +02:00
Asger Feldthaus
3e5dc1efb7 JS: More robust hasUnderlyingType 2021-05-10 13:17:25 +02:00
Max Schaefer
8f91e9eba0 JavaScript: Model chaining calls in sqlite3. 2021-05-10 10:58:58 +01:00
Asger F
f4e636dcd6 Update javascript/ql/src/semmle/javascript/frameworks/ClassValidator.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-10 10:08:10 +01:00
CodeQL CI
097b6e5e33 Merge pull request #5794 from erik-krogh/rxPipe 
Approved by asgerf
 2021-05-10 02:06:34 -07:00
Erik Krogh Kristensen
d913668943 move hasPathWithoutUnmatchedReturn to Configuration.qll 2021-05-10 10:55:33 +02:00
Erik Krogh Kristensen
b4e35f54d9 fix typo 2021-05-10 10:48:43 +02:00
Erik Krogh Kristensen
646bf99489 rewrite the qhelp to focus more on documenting unsafe functions 2021-05-10 10:48:40 +02:00
Asger Feldthaus
df5eab33f9 JS: Update relevantTaintSource() 2021-05-10 09:43:33 +01:00
Erik Krogh Kristensen
3fe5dd0f35 add comment about filtering away jQuery from the source 2021-05-10 10:05:18 +02:00
Erik Krogh Kristensen
b53759c5a0 corrections after code review 2021-05-06 22:49:25 +02:00
CodeQL CI
7a7586488a Merge pull request #5833 from erik-krogh/filterStep 
Approved by esbena
 2021-05-06 13:47:23 -07:00
Erik Krogh Kristensen
be69c3a458 Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-06 21:59:35 +02:00
Erik Krogh Kristensen
2d1ba59e6d Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-06 21:55:30 +02:00