hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,178 Commits 1,693 Branches 161 Tags
500f7bd8faa8a46e8d0fcdc3f4efdb72f7464489
Commit Graph

3221 Commits

Author SHA1 Message Date
Alessio Della Libera
ab128f7172 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:27:26 +02:00
Alessio Della Libera
40e101de5a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:26:15 +02:00
Alessio Della Libera
97f039af3a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:25:11 +02:00
Alessio Della Libera
fb3ffb895a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:23:17 +02:00
Alessio Della Libera
e463014759 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:21:56 +02:00
Alessio Della Libera
5cae3005f3 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:20:22 +02:00
Alessio Della Libera
10bd745740 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:18:54 +02:00
Alessio Della Libera
8d26b810ee Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:17:16 +02:00
Alessio Della Libera
0c121062b6 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:13:54 +02:00
Alessio Della Libera
67fccac8a9 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:13:03 +02:00
Erik Krogh Kristensen
15a74493e0 more permissive path elements in js/incomplete-url-substring-sanitization 2020-08-13 11:46:13 +02:00
Erik Krogh Kristensen
fd9eb1d40b use Identifier instead of just a plain string when getting tuple-element-names 2020-08-12 16:55:55 +02:00
CodeQL CI
66541f260b Merge pull request #4012 from erik-krogh/getId 
Approved by asgerf, esbena
 2020-08-12 13:28:18 +01:00
Erik Krogh Kristensen
1d111c3e1f expand what urls are detected by js/incomplete-url-substring-sanitization 2020-08-12 14:25:35 +02:00
Erik Krogh Kristensen
26dcd2faae add support for getting the name from named tuple elements 2020-08-12 10:33:49 +02:00
Erik Krogh Kristensen
b101305248 autoformat 2020-08-12 09:27:43 +02:00
Erik Krogh Kristensen
e1ecc4662c fix typo 
Co-authored-by: Asger F <asgerf@github.com>
 2020-08-11 20:00:22 +02:00
Erik Krogh Kristensen
656ff9c441 autoformat 2020-08-11 15:40:30 +02:00
Erik Krogh Kristensen
d2c87d0a2e add support for the new assign expression in TypeScript 4 2020-08-11 13:57:11 +02:00
intrigus-lgtm
5a3acc231e Fix typo 2020-08-11 01:01:53 +02:00
Erik Krogh Kristensen
dc5167bbe7 autoformat 2020-08-10 11:52:45 +00:00
Erik Krogh Kristensen
34778578db fill in docstring 2020-08-10 13:34:36 +02:00
Erik Krogh Kristensen
9bcac10d9e summarize exceptions thrown by immidiatly awaited function calls 2020-08-10 13:28:25 +02:00
Erik Krogh Kristensen
85de5aa16b add deprecated modifier 
Co-authored-by: Asger F <asgerf@github.com>
 2020-08-10 10:51:21 +02:00
Erik Krogh Kristensen
410b696562 add deprecated aliases getId() forwarding to getIdentifier() 2020-08-10 09:11:38 +02:00
CodeQL CI
7c4e10df17 Merge pull request #4014 from erik-krogh/stringify 
Approved by esbena
 2020-08-10 07:50:21 +01:00
Erik Krogh Kristensen
244052f419 autoformat 2020-08-08 21:20:20 +02:00
Erik Krogh Kristensen
2680afcdc9 deduplicate some implementation in storeStep and loadStep 2020-08-07 19:16:28 +02:00
Erik Krogh Kristensen
54fd7d97c0 share implementation instead of copy-pasting 2020-08-07 18:00:10 +02:00
Erik Krogh Kristensen
94cf3a8ddb correct copy-paste note after refactorings 2020-08-07 17:48:55 +02:00
Erik Krogh Kristensen
0edb46c20d improve precision for load/store steps with async functions 2020-08-07 17:39:59 +02:00
Erik Krogh Kristensen
26ef2f34da add precise return-flow for async functions 2020-08-07 17:33:26 +02:00
Erik Krogh Kristensen
cc94c5ec60 remove imprecise return-flow from async functions 2020-08-07 17:33:24 +02:00
Erik Krogh Kristensen
0004c28fe8 introduce and use FunctionReturnNode 2020-08-07 17:32:25 +02:00
Erik Krogh Kristensen
f1dc36244c update tests and queries that used getId() 2020-08-05 14:32:09 +00:00
Erik Krogh Kristensen
cc5ef4d5e1 rename JsonSerializeCall to JsonStringifyCall 2020-08-05 13:22:41 +02:00
Erik Krogh Kristensen
5a3f67a682 introduce model for JSON.stringify and similar libraries 2020-08-05 12:14:51 +02:00
Erik Krogh Kristensen
67c4320287 make JumpStmt non abstract 2020-08-05 10:03:46 +02:00
Erik Krogh Kristensen
016bdc1614 make ControlStmt non abstract 2020-08-05 09:59:30 +02:00
Erik Krogh Kristensen
5727e6f9f8 make CompoundAssignExpr non-abstract 2020-08-04 16:17:08 +02:00
Erik Krogh Kristensen
cf3f275aa1 make DestructuringPattern non-abstract 2020-08-04 16:02:32 +02:00
Erik Krogh Kristensen
0867c5567e rename getId() to getIdentifier() 2020-08-04 13:22:19 +02:00
CodeQL CI
8855ab8c8c Merge pull request #3835 from Raz0r/js/xss-protocol-sinks 
Approved by erik-krogh
 2020-08-03 15:40:05 +01:00
CodeQL CI
a4f8b19ae4 Merge pull request #3876 from erik-krogh/CWE078-Correctness 
Approved by esbena
 2020-08-03 15:38:51 +01:00
CodeQL CI
c8e5db189a Merge pull request #3913 from erik-krogh/topmost 
Approved by asgerf
 2020-08-03 13:18:22 +01:00
CodeQL CI
0bbdc70cdb Merge pull request #3864 from erik-krogh/exprString 
Approved by asgerf, esbena
 2020-08-03 09:25:17 +01:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
Max Schaefer
91762ec274 JavaScript: Add partial model for opener. 
3.5M weekly downloads.

Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
 2020-07-27 11:42:32 +01:00
Max Schaefer
9aa26fa4bc JavaScript: Add model for foreground-child. 
>1M weekly downloads, so seems worth doing.
 2020-07-27 11:37:06 +01:00