hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,252 Commits 1,671 Branches 157 Tags
4c536dde204f02ab86d45c434a59f11e64d6bc6f
Commit Graph

3355 Commits

Author SHA1 Message Date
Asger Feldthaus
4c536dde20 JS: Propagate locally returned functions out of calls 2020-06-12 10:07:37 +01:00
Asger Feldthaus
6531db3cca JS: Add test 2020-06-12 09:56:38 +01:00
semmle-qlci
b841cacb83 Merge pull request #3676 from max-schaefer/js/global-access-paths-minor-fixes 
Approved by erik-krogh
 2020-06-10 20:02:55 +01:00
Max Schaefer
0f2186c844 JavaScript: Fix a few typos. 2020-06-10 16:44:24 +01:00
semmle-qlci
ff6936caa7 Merge pull request #3625 from erik-krogh/CVE714 
Approved by asgerf
 2020-06-05 12:21:10 +01:00
semmle-qlci
69a1e11c06 Merge pull request #3609 from erik-krogh/CredFN 
Approved by asgerf, esbena
 2020-06-05 10:49:01 +01:00
Erik Krogh Kristensen
82cf53897f TypeOfCheck -> TypeOfUndefinedSanitizer 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-05 11:35:39 +02:00
Erik Krogh Kristensen
05d7be8e23 autoformat 2020-06-05 09:59:45 +02:00
Erik Krogh Kristensen
96ca4cf7eb add missing quote 2020-06-04 19:45:24 +00:00
Erik Krogh Kristensen
815671f5d0 add sanitizer guard for typeof undefined 2020-06-04 21:32:26 +02:00
Max Schaefer
9549b01e3c JavaScript: Turn on experimental language features for two tests. 
All other tests already pass with experimental features turned on, so once this is merged we can do so by default.
 2020-06-04 11:27:31 +01:00
semmle-qlci
70131e6ac8 Merge pull request #3598 from asger-semmle/js/regexp-test 
Approved by esbena
 2020-06-04 09:05:21 +01:00
Erik Krogh Kristensen
a90c8769ee update expected output 2020-06-03 15:24:04 +02:00
Erik Krogh Kristensen
7c26efbc12 case insensitive authorization header 2020-06-03 15:23:51 +02:00
Erik Krogh Kristensen
b508ad41c8 don't have a separate fetch module 2020-06-03 15:20:06 +02:00
Erik Krogh Kristensen
46cd0143d8 Update javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-03 15:18:10 +02:00
Erik Krogh Kristensen
28a1900612 treat all writes to Authorization as a CredentialsExpr 2020-06-03 13:55:49 +02:00
Erik Krogh Kristensen
6466ab19a0 Update javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-03 13:51:04 +02:00
Erik Krogh Kristensen
f8caec76ab move the Fetch module to ClientRequests 2020-06-03 13:37:34 +02:00
Erik Krogh Kristensen
aa463d8298 mention fetch instead of node-fetch 2020-06-03 13:33:43 +02:00
Erik Krogh Kristensen
1b53cd4bd9 update docstring of FetchAuthorization 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-03 13:31:16 +02:00
Erik Krogh Kristensen
a1940979ba support credentials in a Buffer 2020-06-03 12:02:00 +02:00
Erik Krogh Kristensen
ba44ebe8a8 better support for browser based fetch API 2020-06-03 11:51:24 +02:00
Erik Krogh Kristensen
3622fb8716 support more variants of the Headers API 2020-06-03 11:50:10 +02:00
Erik Krogh Kristensen
3c802007a3 add support for string concatenations and base64-encoding of hardcoded credentials 2020-06-02 23:15:13 +02:00
Erik Krogh Kristensen
b6dc94fccb add fetch.Headers.Authorization as a CredentialsExpr 2020-06-02 23:02:16 +02:00
Erik Krogh Kristensen
14f0d1687a factor fetch import into NodeJSLib 2020-06-02 22:45:47 +02:00
Asger Feldthaus
8342981799 JS: Make isCoercedToBoolean private 2020-06-02 17:16:55 +01:00
Asger Feldthaus
8a38633639 JS: Handle exec() == undefined 2020-06-02 16:52:07 +01:00
Asger Feldthaus
7d5384b723 JS: Autoformat 2020-06-02 16:38:40 +01:00
Asger Feldthaus
945db4d86c JS: Fix test output 2020-06-02 16:38:21 +01:00
Esben Sparre Andreasen
f9ed64fc45 Merge branch 'master' into js/membershiptest 2020-06-02 08:54:44 +02:00
semmle-qlci
7265e94028 Merge pull request #3578 from erik-krogh/HtmlGuard 
Approved by asgerf
 2020-06-01 13:25:02 +01:00
Asger Feldthaus
707b0f33a0 JS: Use in ContainsHTMLGuard 2020-06-01 12:06:40 +01:00
Asger Feldthaus
fa1a6eefa7 JS: Add StringOps::RegExpTest 2020-06-01 11:43:50 +01:00
semmle-qlci
14be4fedf7 Merge pull request #3594 from erik-krogh/CachedExprStringValue 
Approved by asgerf
 2020-05-30 16:56:40 +01:00
Erik Krogh Kristensen
dfd35aee61 autoformat 2020-05-30 14:50:13 +02:00
Erik Krogh Kristensen
3b4e57ab8d autoformat 2020-05-30 12:45:51 +02:00
Erik Krogh Kristensen
f7ad210331 use SSA instead of internal AccessPath API 2020-05-29 13:08:19 +02:00
Erik Krogh Kristensen
05bfba4f99 use getImmediatePredecessor instead of getALocalSource() 2020-05-29 13:01:09 +02:00
Erik Krogh Kristensen
5bb308dc8f sanitize variables used in an HTML escaping switch-case 2020-05-28 12:37:41 +02:00
Erik Krogh Kristensen
1a2db10a90 recognize barrier guard where the result is stored in a variable 2020-05-28 10:24:42 +02:00
Erik Krogh Kristensen
562a38cdd5 add ContainsHTMLGuard 2020-05-28 10:24:42 +02:00
semmle-qlci
083b8ef8e5 Merge pull request #3568 from asger-semmle/js/avoid-accidental-string-coercion 
Approved by erik-krogh
 2020-05-27 20:46:54 +01:00
Erik Krogh Kristensen
33da82d884 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566 2020-05-27 12:21:14 +00:00
Erik Krogh Kristensen
d05a61c745 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566 2020-05-27 12:12:08 +00:00
Erik Krogh Kristensen
dbc25ca3fb cache Expr::getStringValue 2020-05-26 22:17:00 +02:00
Erik Krogh Kristensen
319363f56c update expected output 2020-05-26 18:47:37 +02:00
Erik Krogh Kristensen
63a14d1b96 use HtmlConcatenationLeaf 2020-05-26 18:33:29 +02:00
Erik Krogh Kristensen
9b047f6f03 use the DOTALL flag 2020-05-26 14:53:33 +02:00