hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,240 Commits 1,712 Branches 163 Tags
43355feaeb2d8e15641cfc7ff2b842663d660692
Commit Graph

5743 Commits

Author SHA1 Message Date
Ian Lynagh
43355feaeb Merge pull request #6536 from github/igfoo/getPrimaryQlClasses 
All languages: Add getPrimaryQlClasses()
 2021-08-23 19:49:37 +01:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Erik Krogh Kristensen
38477d7d2e Merge pull request #6462 from erik-krogh/repeat 
JS: support more regular expressions in js/incomplete-multi-character-sanitization
 2021-08-23 15:39:31 +02:00
Erik Krogh Kristensen
5fe6671cc5 making it more explicit what character class matching is used for 2021-08-23 08:30:50 +02:00
Asger Feldthaus
cde8059960 JS: Update some comments referring to Vue instances 2021-08-18 15:36:41 +02:00
Asger Feldthaus
165f6c6935 JS: Add a deprecated forwarder for Vue::Instance 2021-08-18 15:36:41 +02:00
Asger Feldthaus
7b6485c32a JS: Rename some test predicates to match class name 2021-08-18 15:36:41 +02:00
Asger Feldthaus
b21071923e JS: Rename variables to match new class name 2021-08-18 15:36:41 +02:00
Asger Feldthaus
0a98679f74 JS: Rename Vue::Instance to Vue::Component 2021-08-18 15:36:41 +02:00
Asger Feldthaus
4a1fb5df5d JS: De-abstractify Vue::Instance class 2021-08-18 11:14:25 +02:00
Asger Feldthaus
40ae13a20e JS: Rename Vue::{Component -> ComponentRegistration} 2021-08-18 11:14:25 +02:00
Erik Krogh Kristensen
4cc2ac9d35 exclude char classes that match everything 2021-08-18 08:59:17 +00:00
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00
Erik Krogh Kristensen
3f7f5d2418 performance improvements in ReDoSUtil 2021-08-17 15:10:33 +02:00
Erik Krogh Kristensen
9c2d83e82b add tests 2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
6d06550f7d update expected output 2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
5d4c434d34 restrict char class matches to alpha-numeric chars 2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
59f0a41665 support more regular expressions in js/incomplete-multi-character-sanitization 2021-08-17 15:10:20 +02:00
CodeQL CI
92804a3cc3 Merge pull request #6487 from erik-krogh/moreJquerySinks 
Approved by asgerf
 2021-08-17 11:46:24 +01:00
CodeQL CI
e3cdc4522e Merge pull request #6450 from asgerf/js/query-suffix-convention2 
Approved by erik-krogh
 2021-08-17 11:31:21 +01:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
Erik Krogh Kristensen
cc2a267b07 recognize array elements from JQuery objects as DOM values 2021-08-16 22:35:57 +02:00
Erik Krogh Kristensen
46959234b7 Merge pull request #6288 from erik-krogh/emptyRedos 
JS/Python: Fix FP in redos related to empty lookaheads
 2021-08-16 13:48:22 +02:00
Asger Feldthaus
a6c389698e JS: Fix DomBasedXssQuery.qll 2021-08-12 09:31:24 +02:00
Asger Feldthaus
fd027451b1 JS: Fix StoresXss example query 2021-08-12 09:30:43 +02:00
Asger Feldthaus
020d65befc Fix StoredXssTypeTracking example query 2021-08-12 09:30:43 +02:00
Asger Feldthaus
cb0075f15a JS: Remove use of deprecated API 2021-08-12 09:30:43 +02:00
Asger Feldthaus
3a6da34454 JS: Add missing QLdoc 2021-08-12 09:30:43 +02:00
Asger Feldthaus
71930f93f1 JS: Fix cleartext logging 2021-08-12 09:30:43 +02:00
Asger Feldthaus
abb819ed88 JS: Fix insecure randomness 2021-08-12 09:30:43 +02:00
Asger Feldthaus
5638a33199 JS: Remove obsolete module prefix 2021-08-12 09:30:43 +02:00
Asger Feldthaus
f6da030572 JS: Migrate to *Query.qll convention 2021-08-12 09:30:18 +02:00
CodeQL CI
8fe2a43fd9 Merge pull request #6433 from asgerf/js/tainted-url-suffix 
Approved by erik-krogh
 2021-08-12 00:28:46 -07:00
Erik Krogh Kristensen
01a202fa10 fix cfg and dataflow for logical compound assignments 2021-08-10 12:17:59 +02:00
Asger Feldthaus
d83f5a9cd7 JS: Update StringConcatenation tests after handling 0-arg join calls 2021-08-10 08:56:36 +02:00
Asger Feldthaus
a3e56dea5e JS: Factor out StringOps::substringMethodName 2021-08-10 08:55:04 +02:00
Asger Feldthaus
1074d409fb JS: Autoformat 2021-08-10 08:55:03 +02:00
Asger Feldthaus
f1bcfa287b JS: Add more tests 2021-08-10 08:55:03 +02:00
Asger Feldthaus
4efea4316e JS: Use TaintedUrlSuffix flow label in jQuery xss 2021-08-10 08:55:03 +02:00
Asger Feldthaus
2836d465e4 JS: Update locations in Angular2 test 2021-08-09 11:03:15 +02:00
Asger Feldthaus
00f4694616 JS: Recognize methods returning DOM objects 2021-08-04 16:25:56 +02:00
CodeQL CI
07f6ce7f3b Merge pull request #6398 from erik-krogh/authHeader 
Approved by esbena
 2021-08-03 02:04:35 -07:00
CodeQL CI
394d3349ac Merge pull request #6213 from asgerf/js/vuex 
Approved by erik-krogh
 2021-08-03 01:49:06 -07:00
Erik Krogh Kristensen
6b579dfad3 normalize auth-headers to lowercase 2021-08-03 09:09:47 +02:00
Asger Feldthaus
c88d213f37 JS: Use appendToNamespace 2021-08-03 08:52:19 +02:00
Asger Feldthaus
f5f255d93d JS: Rename getPrefix -> getNamespace 2021-08-03 08:51:35 +02:00
Asger F
ff17d298b0 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-08-03 08:45:56 +02:00
Erik Krogh Kristensen
87c0c60c22 don't report dummy authentication headers as hardcoded-crendentials 2021-08-02 22:56:14 +02:00
Erik Krogh Kristensen
f719e0ca1b remove nunjucks template URLs from the target-blank query 2021-08-02 22:46:59 +02:00
Erik Krogh Kristensen
6da1007f67 mark new redos tests correctly 2021-07-16 13:37:47 +02:00