hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-10 23:41:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
72,197 Commits 1,777 Branches 169 Tags
41fef0f2b331ecbc0a1fe043e084cb670475cee9
Commit Graph

1924 Commits

Author SHA1 Message Date
Napalys
18c7b18f82 JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged. 2024-11-28 11:26:36 +01:00
Napalys
38be0e4c0a JS: Now BadHtmlSanitizers also flags new RegExp as potential issue 2024-11-28 11:26:34 +01:00
Napalys Klicius
61e00861e5 Merge pull request #18008 from Napalys/napalys/ES2024-group-functions 
JS: Added support for [Object, Map].groupBy ES2024 feature
 2024-11-21 19:03:57 +01:00
Napalys Klicius
7ee0a7b398 Update javascript/ql/lib/semmle/javascript/Collections.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-11-21 14:02:42 +01:00
Napalys Klicius
edb9b47111 Merge pull request #18047 from Napalys/napalys/ES2023-string-protytpe-toWellFormed 
JS: Added taint-step String.prototype.toWellFormed ES2023 feature
 2024-11-21 14:01:21 +01:00
Napalys Klicius
82ca369dce Merge pull request #18005 from Napalys/napalys/ES2022-find-functions 
JS: Added support for Array.prototype.[findLastIndex, findLast] ES2022 feature
 2024-11-21 08:01:19 +01:00
Napalys
43eda58f83 Added change notes 2024-11-20 17:44:36 +01:00
Napalys
afc2d3e6d2 JS: Add: String.protytpe.toWellFormed to StringManipulationTaintStep 2024-11-20 17:42:25 +01:00
Napalys
64c45debdb JS: removed unnecessary getALocalSource from ArrayCallBackDataFlowStep 2024-11-20 14:57:00 +01:00
Napalys
9dbf7d1828 JS: removed unnecessary getALocalSource from ArrayCallBackDataTaintStep 2024-11-20 14:54:06 +01:00
Napalys
cdf43f7118 Added change notes 2024-11-20 14:06:44 +01:00
Napalys Klicius
a957e00fe5 Merge branch 'main' into napalys/ES2024-group-functions 2024-11-20 14:03:31 +01:00
Napalys
58faa2d71e JS: Add: dataflow step for static method of groupBy from Map. 2024-11-20 13:34:11 +01:00
Napalys
28ead4011a JS: Add: taint step to handle propagation of data flow from the array to callback 2024-11-19 14:15:15 +01:00
Napalys
c03d69af1e JS: Add: dataflow step for find, findLast, findLastIndex callback functions 2024-11-19 09:42:11 +01:00
Napalys
1b0f8aa657 JS: removed unnecessary findlast module import 2024-11-19 09:30:05 +01:00
Napalys
72a69cfa17 Added change notes 2024-11-19 08:24:36 +01:00
Napalys
213ce225e0 JS: Add: taint step for Object.groupBy function, fixed test cases from 8ae05d8be4 2024-11-18 12:58:07 +01:00
Napalys
c02ad65fdc JS: Add: taint step for Map.groupBy function 2024-11-18 12:50:06 +01:00
Napalys
1304ab7065 Added change notes 2024-11-18 08:05:51 +01:00
Napalys
fcb65534a8 JS: Add: Array.protype.findLast as taint step 2024-11-15 14:10:01 +01:00
Napalys
bed1f25b3f JS: Fix: Now Array.prototype.with is properly flagged as taint step 2024-11-15 10:35:34 +01:00
Napalys
631a3770ec JS: Add: change notes 2024-11-15 09:16:21 +01:00
Napalys Klicius
6fa3ff39a0 Merge branch 'main' into napalys/toSpliced-support 2024-11-14 16:56:32 +01:00
Napalys Klicius
c8c15a0899 Merge pull request #17910 from Napalys/napalys/matchAll-support 
JS: Support for matchAll
 2024-11-14 15:36:20 +01:00
Napalys
b333f523df JS: Fix: now one can determine regex via Array.prototype.toSpliced function call. 2024-11-14 15:35:03 +01:00
Napalys
84234d59b9 JS: Fix: Ensure toSpliced with spread operator is flagged 2024-11-13 17:21:34 +01:00
Napalys
2df3d1b251 JS: Fix: Ensure toSpliced is flagged by taint tracking in test suite (ed44358143) 2024-11-13 15:58:20 +01:00
Napalys
df4b596180 Added toSpliced as part ArraySliceStep and ArraySpliceStep, fixed tests from 2d9bc43506 2024-11-13 13:47:34 +01:00
Napalys
b4c84d3d3c Added taint step for toSpliced, handles test from a65f80ef76 2024-11-13 12:41:41 +01:00
Napalys
5f8ff125e9 Added change notes 2024-11-12 12:21:39 +01:00
Napalys
7427a24ca1 Added test case for Array.prototype.toReversed, which is currently not flagged as a taint sink. 2024-11-12 12:02:37 +01:00
Napalys
3f0a54c2e8 Added support for Array.prototype.toSorted function 2024-11-12 12:02:04 +01:00
Napalys Klicius
6266dab518 Merge pull request #17951 from Napalys/napalys/reverse-support 
JS: Added support for reverse function
 2024-11-12 10:09:18 +01:00
Napalys
00790bf3f4 Added change notes 2024-11-11 15:43:54 +01:00
Napalys Klicius
42f7f73ae1 Update ArrayInPlaceManipulationTaintStep documentation 2024-11-11 15:38:57 +01:00
Napalys
ae57c12b15 Added change notes 2024-11-11 10:38:14 +01:00
Napalys
81bc7cd19f Refactored SortTaintStep to ArrayInPlaceManipulationTaintStep to support both sort and reverse functions. Fixed newly added test case. from 8026a99db7 2024-11-11 08:32:03 +01:00
Napalys
f1c6dc1d9b Moved SortTaintStep to more appropriate home TaintTracking->Arrays 2024-11-11 08:32:01 +01:00
Napalys
70cf1a57bc Now catches usage of RegExp. after matchAll usage. 2024-11-08 08:59:31 +01:00
Napalys
dbd57e3870 Fixed issue where TaintTracking was not catching matchAll vulnerability 2024-11-07 13:40:10 +01:00
Napalys
514375dbf9 Fixes false positives from commit 42600c93ff 2024-11-07 13:00:54 +01:00
Napalys
449cee91c8 Fixes false positives from commit 445552d3b53ec9592e8e3892cb337d1004b6a432 2024-11-07 10:33:13 +01:00
Napalys Klicius
7825a46085 Merge branch 'github:main' into napalys/matchAll-support 2024-11-05 09:31:30 +01:00
Napalys
ccee34d6d3 Added support for matchAll in CWE-020 including new test cases 2024-11-05 08:51:24 +01:00
github-actions[bot]
f107d16b4e Post-release preparation for codeql-cli-2.19.3 2024-11-04 17:20:08 +00:00
github-actions[bot]
cc7b724123 Release preparation for version 2.19.3 2024-11-04 16:37:28 +00:00
Rasmus Wriedt Larsen
dc8e645594 JS: Convert remaining queries to use ActiveThreatModelSourceAsSource 2024-11-01 10:47:10 +01:00
Rasmus Wriedt Larsen
19fae76a94 JS: Remove dummy comment 
Co-authored-by: Asger F <asgerf@github.com>
 2024-11-01 10:24:22 +01:00
Rasmus Wriedt Larsen
61e60de969 JS: Model readline as a stdin threat-model source 
Technically not always true, but my assumption is that +90% of the time
that's what it will be used for, so while we could be more precise by
adding a taint-step from the `input` part of the construction, I'm not
sure it's worth it in this case.

Furthermore, doing so would break with the current way we model
threat-model sources, and how sources are generally modeled in JS... so
for a very pretty setup it would require changing all the other `file`
threat-model sources to start at the constructors such as
`fs.createReadStream()` and have taint-propagation steps towards the
actual use (like we do in Python)...

I couldn't see an easy path forwards for doing this while keeping the
Concepts integration, so I opted for the simpler solution here.
 2024-10-31 14:29:30 +01:00