hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-06 06:05:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
19,132 Commits 1,747 Branches 166 Tags
2f58683f2debf81e3fe0231e145f76df7aa5f40b
Commit Graph

2403 Commits

Author SHA1 Message Date
Asger Feldthaus
1d1149f4cd JS: Test and QLDoc for RxJS model 2021-01-21 12:08:22 +00:00
Asger Feldthaus
144d04f3ce JS: Add test exposing source location of attribute after line break 2021-01-21 11:25:39 +00:00
Asger Feldthaus
7c6704a63f JS: Shift line numbers in test case 2021-01-21 11:09:36 +00:00
Asger Feldthaus
fbb5d14263 JS: Update angular test output 2021-01-18 12:19:09 +00:00
Asger Feldthaus
2a7b4487f1 JS: More auto format 2021-01-18 12:19:09 +00:00
Asger Feldthaus
c8901b62f5 JS: Add test for $any step 2021-01-18 12:19:08 +00:00
Asger Feldthaus
2ba98da107 JS: Only extract local vars in TemplateTopLevel 
Angular template expressions cannot refer to global variables, any
unqualified identifier is a reference to a property provided by the
component.

We extract them as implicitly declared local variables which the
QL model can then connect with data flow steps.
 2021-01-18 12:19:08 +00:00
Asger Feldthaus
8848ee2d10 JS: Extract HTML from inline templates 2021-01-18 12:19:08 +00:00
Asger Feldthaus
6bf9345258 JS: Add test for class with locally-unused field 2021-01-18 12:19:08 +00:00
Asger Feldthaus
cc952bd2a4 JS: Reorganize test a bit 2021-01-18 12:19:08 +00:00
Asger Feldthaus
1ab36dc81f JS: Flow through *ngFor loops 2021-01-18 12:19:08 +00:00
Asger Feldthaus
0da207a5f9 JS: Update test with pipes 2021-01-18 12:18:27 +00:00
Asger Feldthaus
ed27c8b13f JS: Add test and fix bug in pipe parser 2021-01-18 12:16:13 +00:00
CodeQL CI
4229f556cb Merge pull request #4751 from erik-krogh/logInjection 
Approved by asgerf, mchammer01
 2021-01-14 00:32:46 -08:00
CodeQL CI
1c8547c897 Merge pull request #4774 from erik-krogh/forms 
Approved by asgerf
 2021-01-12 02:01:38 -08:00
CodeQL CI
807fc94627 Merge pull request #4921 from erik-krogh/moreShellSan 
Approved by esbena
 2021-01-08 00:58:26 -08:00
CodeQL CI
c193d9f375 Merge pull request #4823 from erik-krogh/furtherReDoS 
Approved by esbena
 2021-01-07 05:24:07 -08:00
Erik Krogh Kristensen
2aa59a3f8b support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input 2021-01-07 13:58:25 +01:00
Erik Krogh Kristensen
bfd8d1b1e9 Merge branch 'main' into revertSum 2021-01-06 23:04:08 +01:00
CodeQL CI
9d4cd0aa85 Merge pull request #4862 from erik-krogh/shellSanitizer 
Approved by esbena
 2021-01-06 11:16:12 -08:00
Erik Krogh Kristensen
f1cee70e82 add class-field flowstep to js/shell-command-constructed-from-input 2021-01-06 14:37:00 +01:00
Erik Krogh Kristensen
3d98732136 support nested stars in js/ReDoS 2021-01-06 10:37:35 +01:00
Erik Krogh Kristensen
77967c3e63 undo unsound optimization in js/ReDoS 2021-01-06 10:36:21 +01:00
Erik Krogh Kristensen
b42aac17d5 add more tests for js/ReDoS 2021-01-06 10:34:06 +01:00
CodeQL CI
a5e28ac6d6 Merge pull request #4847 from erik-krogh/afterReDoS 
Approved by esbena
 2021-01-05 01:51:27 -08:00
Erik Krogh Kristensen
ce8cc2368b improve precision of intersect 2021-01-04 11:55:51 +01:00
Erik Krogh Kristensen
530a4aea35 Merge branch 'main' into shellSanitizer 2020-12-22 13:57:15 +01:00
CodeQL CI
2bb96369f1 Merge pull request #4868 from erik-krogh/boundShell 
Approved by esbena
 2020-12-22 03:35:42 -08:00
CodeQL CI
7c6b4d7324 Merge pull request #4865 from esbena/js/fix-execa-model 
Approved by erik-krogh
 2020-12-22 03:32:26 -08:00
Erik Krogh Kristensen
da9a4e5267 add test 2020-12-22 11:22:25 +01:00
Esben Sparre Andreasen
34a09ff522 JS: add js/conditional-bypass example as a test case 2020-12-22 09:34:25 +01:00
Esben Sparre Andreasen
ab4f3ea259 JS: fixup for execa.shell and execa.shellSync models 2020-12-22 09:06:18 +01:00
Esben Sparre Andreasen
ba714a1214 JS: add execa.shell tests 2020-12-22 09:01:43 +01:00
Erik Krogh Kristensen
876ba7ef2d add typeof sanitizer to js/shell-command-constructed-from-input 2020-12-21 14:16:55 +01:00
Erik Krogh Kristensen
cbad705029 general performance improvements in the ReDoS utility library 2020-12-21 11:49:21 +01:00
Erik Krogh Kristensen
05569187b4 improve performance of suffix checking 2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen
6369374224 implement new algorithm for detecting superlinear backtracking in regular expressions 2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen
7ce91e9146 introduce cannonical representatives of RegExpTerms to decrease the number of InputSymbols in the NFA 2020-12-18 17:21:11 +01:00
Erik Krogh Kristensen
b2116dc5b4 add more tests for polynomial/exponential redos 2020-12-18 13:19:17 +01:00
CodeQL CI
41ef7a3fce Merge pull request #4733 from erik-krogh/args 
Approved by esbena
 2020-12-16 06:51:26 -08:00
CodeQL CI
287954e0d8 Merge pull request #4686 from erik-krogh/buildFp 
Approved by esbena
 2020-12-16 06:42:41 -08:00
CodeQL CI
9ae8880bd0 Merge pull request #4802 from max-schaefer/js/external-remote-flow-sources 
Approved by asgerf, jf205
 2020-12-16 00:34:40 -08:00
CodeQL CI
66f4120cdd Merge pull request #4721 from github/nextReDoS 
Approved by asgerf
 2020-12-14 01:48:12 -08:00
Max Schaefer
9f8508fdc7 JavaScript: Allow specifying additional remote flow sources through JSON. 2020-12-12 11:42:55 +00:00
CodeQL CI
9ff6d68a9b Merge pull request #4778 from asgerf/js/more-prototype-pollution 
Approved by erik-krogh, mchammer01
 2020-12-11 13:58:09 -08:00
CodeQL CI
8129d0c0ac Merge pull request #4762 from asgerf/js/template-sinks-in-code-injection 
Approved by erik-krogh, mchammer01
 2020-12-07 04:35:11 -08:00
Asger Feldthaus
254ac7f963 JS: Fix TypeofCheck 2020-12-07 10:46:00 +00:00
Asger Feldthaus
0496642b0b JS: Add test for captured flow into callback 2020-12-07 10:34:27 +00:00
Asger Feldthaus
f132b4a279 JS: Add type confusion sink for prototype pollution checks 2020-12-07 10:16:38 +00:00
Asger Feldthaus
daab3c1437 JS: Add tests and fix some bugs 2020-12-07 10:16:38 +00:00