codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Author	SHA1	Message	Date
CodeQL CI	4a59e69722	Merge pull request #4564 from asgerf/js/react-hooks Approved by esbena	2020-10-30 21:00:31 +00:00
CodeQL CI	7856e784e1	Merge pull request #4566 from asgerf/js/classnames Approved by erik-krogh	2020-10-29 11:00:06 +00:00
Asger Feldthaus	469767d279	JS: Fix test output	2020-10-28 17:00:05 +00:00
Asger Feldthaus	f99db23e7b	JS: Add test and fix for contextType	2020-10-28 16:23:36 +00:00
Asger Feldthaus	3d86e855f3	JS: Add model of classnames and clsx	2020-10-28 13:56:35 +00:00
Asger Feldthaus	d116b424f4	JS: Add model of react hooks and react-router	2020-10-28 11:57:11 +00:00
Erik Krogh Kristensen	bce06d3194	add test that promisify is not imprecise	2020-10-28 11:59:03 +01:00
Erik Krogh Kristensen	2e514c4d7b	add model for Node Redis	2020-10-28 09:52:54 +01:00
CodeQL CI	da58306f2d	Merge pull request #4506 from asgerf/js/separate-jquery-config Approved by esbena	2020-10-21 03:13:42 -07:00
CodeQL CI	897d8de65a	Merge pull request #4523 from erik-krogh/optionalPromise Approved by asgerf	2020-10-21 00:34:12 -07:00
Erik Krogh Kristensen	bdbc8f5c91	add support for OptionalUse in js/missing-await	2020-10-20 16:52:57 +02:00
CodeQL CI	7ea8652f49	Merge pull request #4521 from erik-krogh/moreMiddle Approved by asgerf	2020-10-20 07:14:14 -07:00
Erik Krogh Kristensen	e061c6a006	add support for more custom CSRF checking middlewares	2020-10-20 15:16:14 +02:00
CodeQL CI	d2282fc474	Merge pull request #4517 from erik-krogh/logAssign Approved by esbena	2020-10-20 05:24:49 -07:00
Asger Feldthaus	8779b7c1ce	JS: Update expected output after rebase	2020-10-20 11:10:30 +01:00
Asger Feldthaus	28a73c1e18	JS: Add test case	2020-10-20 10:53:15 +01:00
Asger Feldthaus	6aac353777	JS: Update test output	2020-10-20 10:53:12 +01:00
Asger Feldthaus	50a015c73e	JS: Move $() sink into separate dataflow config	2020-10-20 10:52:33 +01:00
CodeQL CI	4cc7138784	Merge pull request #4507 from erik-krogh/template Approved by asgerf	2020-10-20 02:45:00 -07:00
Erik Krogh Kristensen	7d87699e42	add test for modern compound assignment in js/implicit-operand-conversion	2020-10-20 10:50:20 +02:00
CodeQL CI	4c5ecb4093	Merge pull request #4478 from erik-krogh/homegrownCsrf Approved by asgerf	2020-10-19 11:04:10 -07:00
CodeQL CI	5ead4244fe	Merge pull request #4450 from asgerf/js/angular Approved by erik-krogh	2020-10-19 07:25:59 -07:00
Erik Krogh Kristensen	ce95676130	add express.csrf as an CSRF protecting middleware	2020-10-19 15:39:02 +02:00
CodeQL CI	2e52cbeb4a	Merge pull request #4499 from max-schaefer/js/module_compile Approved by asgerf	2020-10-19 03:06:21 -07:00
Erik Krogh Kristensen	8c44392638	add local dataflow to js/template-syntax-in-string-literal	2020-10-19 10:58:40 +02:00
Max Schaefer	e1d90e90ad	JavaScript: Add modelling for `Module.prototype._compile`.	2020-10-19 09:42:17 +01:00
Asger Feldthaus	4137d3f971	JS: Split CWE-079 tests into their own folders	2020-10-16 17:32:36 +01:00
Asger Feldthaus	4337c5adaf	JS: Workaround ascii PR check	2020-10-16 07:12:29 +01:00
Asger Feldthaus	afd82e202d	JS: Add Angular2 model	2020-10-16 07:12:29 +01:00
Erik Krogh Kristensen	8206933e85	add test for home grown CSRF protection	2020-10-15 14:51:02 +02:00
Max Schaefer	4100ab2919	JavaScript: Add another test to show that flow through functions still works.	2020-10-14 10:03:27 +01:00
Max Schaefer	1c04c07f07	JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction.	2020-10-14 10:03:04 +01:00
Max Schaefer	cd33d358aa	JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths. The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path.	2020-10-12 14:50:47 +01:00
CodeQL CI	4e116ba0db	Merge pull request #4419 from erik-krogh/jsxFactory Approved by asgerf	2020-10-06 06:13:21 -07:00
CodeQL CI	0753c8a31b	Merge pull request #4247 from erik-krogh/CVE760-reexport Approved by asgerf	2020-10-06 06:10:21 -07:00
CodeQL CI	7e6fa7b4be	Merge pull request #4392 from erik-krogh/flask Approved by asgerf	2020-10-06 03:41:36 -07:00
Erik Krogh Kristensen	f7f82ffe4e	Merge branch 'main' into CVE760-reexport	2020-10-06 12:28:44 +02:00
Erik Krogh Kristensen	99213b94f5	detect uses of jsxFactory and jsxFragmentFactory in js/unused-local-variable	2020-10-06 12:23:15 +02:00
Erik Krogh Kristensen	d6dc4bb655	allow flask url_for urls in TargetBlank.ql	2020-10-05 21:40:24 +02:00
CodeQL CI	e95b665556	Merge pull request #4363 from erik-krogh/nosql-api Approved by max-schaefer	2020-10-05 12:01:34 -07:00
Erik Krogh Kristensen	abdbe92720	refactor the NoSQL model to use API graphs	2020-10-02 10:42:49 +02:00
Aditya Sharad	e712d16e7e	JavaScript: Track taint through RegExp.prototype.exec for URL redirection Regexp literals are currently handled, but not `RegExp` objects.	2020-09-30 15:13:02 -07:00
Erik Krogh Kristensen	d316cb512e	deprecate `exports` and replace uses with the new `getAnExportedValue`	2020-09-30 13:46:28 +02:00
CodeQL CI	d7add29dc2	Merge pull request #4359 from erik-krogh/cookieWrites Approved by esbena	2020-09-29 06:32:01 -07:00
CodeQL CI	11f39a9d88	Merge pull request #4342 from erik-krogh/track-where-prop Approved by asgerf	2020-09-29 02:09:53 -07:00
Erik Krogh Kristensen	e04404b713	also recognize cookie writes are leading to cookie access	2020-09-28 21:17:25 +02:00
Erik Krogh Kristensen	664342dd0f	change `SimpleParameter` to `Parameter` in the express model to support destructuring parameters	2020-09-26 21:31:06 +02:00
CodeQL CI	ea5feb2b0a	Merge pull request #4331 from erik-krogh/DVNA-files Approved by esbena	2020-09-25 05:21:03 -07:00
Erik Krogh Kristensen	b8154d41b1	type-track objects where the "$where" property has been written	2020-09-24 20:55:25 +02:00
Erik Krogh Kristensen	6163e6cf5f	adjust test case for XML entity expansion	2020-09-24 09:53:06 +02:00

1 2 3 4 5 ...

1163 Commits