hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,852 Commits 1,693 Branches 161 Tags
44edff7661d3efdb4992100a41b7e7730308e3e9
Commit Graph

5810 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
51b56a9e28 add cwe 090 (ldap injection) and cwe 943 (Improper Neutralization of Special Elements in Data Query Logic) to SqlInjection.ql 2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen
bcf4626fd0 remove ldap examples from experimental folder 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
2b286a856c naively move ldap into the SQL injection query 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
94e2676c0f naive conversion of ldapjs model to API node 2021-10-01 09:00:10 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen
aafae24ef2 update qhelp 2021-09-28 23:11:02 +02:00
luciaromeroML
1fc58e51a3 adding suggestion that removes sanitizer for unknown base urls 2021-09-27 17:37:36 -03:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
luciaromeroML
f348a5ce47 adding comments to some functions 2021-09-17 18:25:14 -03:00
luciaromeroML
25065bc986 simplifying sentence 2021-09-17 18:07:04 -03:00
luciaromeroML
0b0ac8317c format ql code 2021-09-17 18:05:52 -03:00
valeria-meli
054218a381 Merge branch 'main' into javascript/ssrf 2021-09-17 17:08:52 -03:00
Erik Krogh Kristensen
3f736d3eb8 Merge pull request #6694 from erik-krogh/owasp-fixes 
JS/Java: use the correct cwe tags
 2021-09-15 13:46:35 +02:00
CodeQL CI
220f2ded85 Merge pull request #6698 from asgerf/js/template-self-assignment 
Approved by esbena
 2021-09-15 01:08:39 -07:00
Asger Feldthaus
b5db4047a0 JS: Exclude template files in SelfAssignment 2021-09-15 08:59:47 +02:00
Erik Krogh Kristensen
3b6c8c5191 Merge branch 'main' into clipBoard 2021-09-14 20:21:37 +02:00
Erik Krogh Kristensen
b936a04826 add some fitting CWEs to existing queries 2021-09-14 14:59:24 +02:00
Erik Krogh Kristensen
6d12c4aab1 use the correct cwe tags 2021-09-14 14:42:23 +02:00
Erik Krogh Kristensen
bac80bf686 delete ClipboardXss.ql experimental query 2021-09-13 20:43:31 +02:00
rhysd
97ed9edd32 JS: Detect untrusted inputs in 'discussion' and 'discussion_comment' payloads 2021-09-10 10:42:58 +09:00
Andrew Eisenberg
6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
Nati Pesaresi
629efb85fb ternary operator 2021-09-02 17:55:09 -03:00
CodeQL CI
cf9ab83dee Merge pull request #6498 from bananabr/main 
Approved by asgerf
 2021-08-31 08:46:11 +02:00
Daniel Santos
b8ce5a63c5 Remove unncessary results 
Simplifies query to improve performance by removing unnecessary results.
 2021-08-25 17:33:45 -05:00
Andrew Eisenberg
45d1fa7f01 Packaging: Rafactor Javascript core libraries 
Extract the external facing `qll` files into the codeql/javascript-all
query pack.
 2021-08-25 12:15:56 -07:00
Daniel Santos
cd40de7464 Update javascript/ql/src/experimental/Security/CWE-079/ClipboardXss.ql 
Typo fix

Co-authored-by: Asger F <asgerf@github.com>
 2021-08-25 09:40:55 -05:00
CodeQL CI
1daeea5696 Merge pull request #6472 from erik-krogh/apiPromise 
Approved by asgerf
 2021-08-25 14:45:03 +01:00
CodeQL CI
170a069657 Merge pull request #6403 from asgerf/js/handlebars-extraction 
Approved by erik-krogh
 2021-08-25 13:54:52 +01:00
Asger Feldthaus
87843a3794 JS: Autoformatttt 2021-08-25 10:37:37 +02:00
Erik Krogh Kristensen
c664d7cfb3 add a getMaybePromisifiedCall method in API graphs, and use it to model child_process 2021-08-25 10:27:09 +02:00
Asger Feldthaus
8a564cc64b JS: Fix qldoc 2021-08-24 14:31:00 +02:00
Asger F
8f8a46848d Update javascript/ql/src/semmle/javascript/frameworks/Templating.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-08-24 14:16:41 +02:00
CodeQL CI
c66a34be9c Merge pull request #6533 from erik-krogh/cwdPath 
Approved by asgerf
 2021-08-24 13:10:38 +01:00
CodeQL CI
c0e8680c81 Merge pull request #6534 from erik-krogh/fallbackEntry 
Approved by asgerf
 2021-08-24 11:38:25 +01:00
Ian Lynagh
43355feaeb Merge pull request #6536 from github/igfoo/getPrimaryQlClasses 
All languages: Add getPrimaryQlClasses()
 2021-08-23 19:49:37 +01:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Erik Krogh Kristensen
38477d7d2e Merge pull request #6462 from erik-krogh/repeat 
JS: support more regular expressions in js/incomplete-multi-character-sanitization
 2021-08-23 15:39:31 +02:00
Erik Krogh Kristensen
5fe6671cc5 making it more explicit what character class matching is used for 2021-08-23 08:30:50 +02:00
Erik Krogh Kristensen
5d232bbfce recognize more src folders when "main" in package.json points to a compiled output 2021-08-23 08:09:01 +02:00
Erik Krogh Kristensen
32ac8778bd add the cwd option to shell executions as a sink to js/path-injection 2021-08-23 07:32:05 +02:00
Asger Feldthaus
bac212c610 JS: Fix typo: instantiaton -> instantiation 2021-08-19 14:41:18 +02:00
Asger Feldthaus
a1819a54f2 JS: Remove unused isInPlainCodeContext 2021-08-19 14:22:05 +02:00
Daniel Santos
5644514606 Update javascript/ql/src/experimental/Security/CWE-079/ClipboardXss.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2021-08-18 09:52:55 -05:00
Asger Feldthaus
cde8059960 JS: Update some comments referring to Vue instances 2021-08-18 15:36:41 +02:00
Asger Feldthaus
165f6c6935 JS: Add a deprecated forwarder for Vue::Instance 2021-08-18 15:36:41 +02:00
Asger Feldthaus
b21071923e JS: Rename variables to match new class name 2021-08-18 15:36:41 +02:00
Asger Feldthaus
0a98679f74 JS: Rename Vue::Instance to Vue::Component 2021-08-18 15:36:41 +02:00
Asger Feldthaus
4a1fb5df5d JS: De-abstractify Vue::Instance class 2021-08-18 11:14:25 +02:00
Asger Feldthaus
40ae13a20e JS: Rename Vue::{Component -> ComponentRegistration} 2021-08-18 11:14:25 +02:00
Erik Krogh Kristensen
4cc2ac9d35 exclude char classes that match everything 2021-08-18 08:59:17 +00:00