hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 06:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
69,849 Commits 1,740 Branches 165 Tags
423fd045452475d415935987c520cde5329563bf
Commit Graph

75 Commits

Author SHA1 Message Date
Asger F
b9bd0520e2 JS: Port RemotePropertyInjection 2023-10-13 13:15:05 +02:00
Asger F
d324e554f3 JS: Port DeepObjectResourceExhaustion 2023-10-13 13:15:04 +02:00
erik-krogh
ccd06c78b9 delete an .expected file outside the test directories 2023-10-10 21:35:19 +02:00
erik-krogh
442749bb7f JS: add heuristic variants of queries that use RemoteFlowSource 2022-12-19 12:01:22 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
erik-krogh
6ec03d4738 apply suggestions from doc review 2022-09-12 13:16:39 +02:00
erik-krogh
aa56ca37ae make the alert messages of taint-tracking queries more consistent 2022-09-05 14:04:52 +02:00
Asger Feldthaus
f6da030572 JS: Migrate to *Query.qll convention 2021-08-12 09:30:18 +02:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Asger Feldthaus
24199a5499 JS: Add query for resource exhaustion from deep object handling 2021-03-02 12:39:04 +00:00
Asger Feldthaus
877b4b0752 JS: Move and rename other prototype pollution queries 2020-12-07 10:16:38 +00:00
Esben Sparre Andreasen
b3691cd0e9 JS: change MembershipTest to MembershipCandidate 2020-05-18 11:51:00 +02:00
Esben Sparre Andreasen
ddb545c182 JS: introduce MembershipTests.qll and use in two locations 2020-05-18 09:50:00 +02:00
Erik Krogh Kristensen
bffb12725b add test and change-note to prototype-polution 2020-05-05 13:49:11 +02:00
Erik Krogh Kristensen
fe02137d0b change naming of StringSplitCall methods 2020-05-05 13:27:14 +02:00
Erik Krogh Kristensen
89f45372d1 introduce StringSplitCall and use it 2020-05-05 09:13:15 +02:00
Asger Feldthaus
52ebe49a0b JS: Flag deep assignments in prototype pollution query 2020-02-27 12:17:55 +00:00
Asger Feldthaus
fefcf1a7a6 JS: Autoformat everything 2020-02-27 09:41:01 +00:00
Asger Feldthaus
d1df251b92 JS: Proto pollution: Add is-plain-object sanitizer 2020-02-21 14:38:33 +00:00
Erik Krogh Kristensen
e359e1a373 use a barrier directly instead of a barrier guard 2020-02-18 10:57:28 +01:00
Erik Krogh Kristensen
0f511c92b4 Merge remote-tracking branch 'upstream/master' into FalsySanitizer 2020-02-10 09:54:58 +01:00
Erik Krogh Kristensen
06e13cb3a1 Merge branch 'master' of git.semmle.com:Semmle/ql into FalsySanitizer 2020-02-07 16:13:02 +01:00
Esben Sparre Andreasen
dcdaa96570 JS: remove unused imports 2020-02-07 14:10:50 +01:00
Esben Sparre Andreasen
cb30329b3d JS: make DynamicPropertyAccess.qll from PrototypePollutionUtility.ql 2020-02-07 13:57:52 +01:00
Asger Feldthaus
a628f787e8 JS: Fix qldoc comment 2020-02-06 14:59:52 +00:00
Asger Feldthaus
f84af74d1d JS: Handle more libraries 2020-02-06 14:59:52 +00:00
Asger Feldthaus
c559ab13e7 JS: Add test and handle parameter with source object 2020-02-06 14:59:52 +00:00
Asger Feldthaus
34a9dce33d JS: Detect property enumeration through for-own 2020-02-06 14:59:52 +00:00
Erik Krogh Kristensen
ade93e66e1 move the if(!x) from DataFLow to TaintTracking 2020-02-06 15:44:22 +01:00
Erik Krogh Kristensen
1f7dda7fbc add dataflow barrier for if(xrandr) 2020-02-06 12:55:44 +01:00
Asger Feldthaus
38ef07ce73 JS: Fix join ordering 2020-02-06 10:29:05 +00:00
Asger F
cf18bd7bb8 Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-05 09:48:16 +00:00
Asger Feldthaus
fd9975db85 JS: Address comments 2020-02-05 09:47:51 +00:00
Asger Feldthaus
3ccdaa94ad JS: Expose argumentPassing as DataFlow::argumentPassingStep 2020-02-04 15:06:45 +00:00
Asger Feldthaus
c185cededf JS: More pruning and more data flow 2020-02-04 15:06:42 +00:00
Erik Krogh Kristensen
5ff958a9cf fix compilation of PrototypePollutionUtility after refactor 2020-02-03 09:39:41 +01:00
Erik Krogh Kristensen
72114a48f5 rename getASourceAccess to getAnAliasedSourceNode 2020-01-31 15:34:58 +01:00
Erik Krogh Kristensen
279c584bb8 fix FP in js/path-injection by recognizing more prefix checks 2020-01-31 11:03:11 +01:00
Asger F
7a1d068f1c Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.qhelp 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-01-16 09:47:18 +00:00
Asger Feldthaus
2245882441 JS: Add change note and fix cwe tags 2020-01-14 10:53:40 +00:00
Asger Feldthaus
d76859b7df JS: Address review comments 2020-01-14 10:53:00 +00:00
Asger F
9bd3c4a11c JS: Add sanitizer for "in" exprs 2020-01-14 10:53:00 +00:00
Asger F
bd9405ab84 JS: Guard against more FPs 2020-01-14 10:52:59 +00:00
Asger F
738123d3f5 JS: More sanitizers 2020-01-14 10:52:59 +00:00
Asger F
f7543aec95 JS: Support Reflect.ownKeys 2020-01-14 10:52:59 +00:00
Asger F
8af233307a JS: Support enumeration through Object.entries 2020-01-14 10:52:59 +00:00
Asger F
ac2f0a8e11 JS: Do not require flow from key -> rhs 2020-01-14 10:52:59 +00:00
Asger F
96bf9db200 JS: Add another test and more barriers 2020-01-14 10:52:59 +00:00