hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 18:14:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
77,106 Commits 1,740 Branches 164 Tags
30ff68dc715f5b13b04f0561245ede080d2beb36
Commit Graph

91 Commits

Author SHA1 Message Date
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
87518ba60e JS: Update tainted-sendFile.js 
This file was added on main while this branch was in progress. Porting the whole file in one step.
 2025-02-28 13:29:25 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
426edd55f2 JS: Update output after line number change 
Some OK-style comments had to be moved to the following line, shifting line numbers.

In selected range also included the comments themselves.

Lastly, the result sets were reordered by the CLI in some cases.
 2025-02-28 13:27:31 +01:00
Kevin Stubbings
d0ed0fdeb3 Add download to Express 2025-02-12 00:10:09 -08:00
Asger F
f8dc7eb25b JS: Update output from tests that changed on main 2024-12-19 15:25:47 +01:00
Asger F
8818fcc207 JS: Benign test output changes 2024-11-26 15:47:13 +01:00
Asger F
a2dd47aeb2 JS: Update test output 
These files conflicted and have been regenerated.
 2024-08-22 14:27:15 +02:00
Asger F
c3806a2210 JS: Messy test output updates 
These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking
changes in the data flow library. I wanted the breaking-change updates to live in their own commits,
not just eaten by a merge resolution commit, so the test output became broken for a while.

The '#select' result set is unchanged in all of these, so they should be safe to accept.
 2024-06-27 11:59:56 +02:00
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
Max Schaefer
d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
Asger F
65e9706c8e JS: Port TaintedPath 2023-10-13 13:15:03 +02:00
Asger F
fe90146a16 JS: Add test for path.join with spread argument 2023-07-10 12:07:07 +02:00
Asger F
06bc0f6957 JS: Add test for fs/promises 2023-07-10 12:05:03 +02:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
erik-krogh
aa56ca37ae make the alert messages of taint-tracking queries more consistent 2022-09-05 14:04:52 +02:00
erik-krogh
7e0bd5bde4 update expected output of tests 2022-08-22 21:41:47 +02:00
Erik Krogh Kristensen
7cef4322e7 add model for chownr 2022-06-29 22:09:23 +02:00
Stephan Brandauer
fb66ccff39 handlebars taint step: conservatively assume unknown templates have no flow to helpers 2022-04-13 09:27:59 +02:00
Stephan Brandauer
9c3fcb6268 precise tracking of handlebars arguments 2022-03-28 17:26:43 +02:00
Stephan Brandauer
0bd9e9f298 add handlebars taint step 2022-03-24 11:46:16 +01:00
Stephan Brandauer
4ee290acd3 update test for 'node:' prefix 2022-01-25 14:25:44 +01:00
Esben Sparre Andreasen
9ffc02944d add file write model for express-fileupload mv 2021-12-10 15:05:34 +01:00
Asger Feldthaus
5f4c1dd19b JS: Support regexp-based path traversal check 2021-11-02 14:12:05 +01:00
Asger Feldthaus
83edcf515b JS: Add test for regexp-based sanitizer 2021-11-02 14:12:04 +01:00
Erik Krogh Kristensen
32ac8778bd add the cwd option to shell executions as a sink to js/path-injection 2021-08-23 07:32:05 +02:00
CodeQL CI
a02a82caac Merge pull request #6284 from erik-krogh/qs 
Approved by asgerf
 2021-07-16 02:11:59 -07:00
Erik Krogh Kristensen
14b26f2a68 add mkdirp as a sink for tainted-path 2021-07-14 19:32:22 +02:00
Erik Krogh Kristensen
f462c9bb76 add taint through the parseqs library 2021-07-14 17:22:35 +02:00
Erik Krogh Kristensen
bec1818fc7 add taint through the normalize-url library 2021-07-14 17:15:14 +02:00
Erik Krogh Kristensen
193ddfc771 add taint through the qs library 2021-07-14 16:56:51 +02:00
CodeQL CI
436168aa4f Merge pull request #6267 from erik-krogh/read-pkg 
Approved by asgerf
 2021-07-14 01:01:33 -07:00
Erik Krogh Kristensen
07bc5856db add the cwd option from read-pkg as sink for path-injection 2021-07-12 23:43:15 +02:00
Erik Krogh Kristensen
899e54fbc9 add support for the slash library 2021-07-12 16:36:54 +02:00
Erik Krogh Kristensen
4360e5dcbc add model of the thenify library 2021-06-22 11:55:58 +02:00
Erik Krogh Kristensen
61cc415a32 add model of the util.promisify library 2021-06-22 11:55:58 +02:00
Erik Krogh Kristensen
2f3ea4412f add model of the pify library 2021-06-22 11:55:54 +02:00
CodeQL CI
169e67cbb8 Merge pull request #5990 from erik-krogh/prettier 
Approved by asgerf
 2021-06-08 12:17:24 -07:00
Erik Krogh Kristensen
5961dd1459 add another test for the resolve library 2021-06-06 22:54:12 +02:00
Erik Krogh Kristensen
dd2fe2a489 add the resolve library as a sink to js/path-injection 2021-06-06 22:04:32 +02:00
Erik Krogh Kristensen
788c5ba701 add support for the prettier API 2021-06-02 15:33:08 +02:00
Erik Krogh Kristensen
3b82452d76 detect fs modules that pass through a reduce call 2021-03-25 14:47:43 +01:00
Erik Krogh Kristensen
2f3869f41b add model for puppeteer 2021-03-17 10:03:51 +01:00
Erik Krogh Kristensen
d95d427c5b better support for the &&=, ||=, and ??= operators 2020-08-13 09:22:32 +02:00
semmle-qlci
45ef3ec4a8 Merge pull request #3619 from erik-krogh/CWE022-Correctness 
Approved by asgerf
 2020-07-01 20:07:58 +01:00
Esben Sparre Andreasen
c7f67fafd9 JS: support additional promisification of the fs-module members 2020-06-30 09:10:30 +02:00
Erik Krogh Kristensen
926f2c139f require that a write must dominate the enclosing stmt of a read 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
e467d3ccbf use dominating write check in js/path-injection 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
550c578c3c use MemberShipTest in TaintedPath 2020-06-04 10:51:08 +02:00
Erik Krogh Kristensen
d513e6c5b5 update comments in TaintedPath tests 2020-06-04 10:40:14 +02:00