hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 05:24:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
69,895 Commits 1,740 Branches 165 Tags
623dbda77ddd4a092bb3c8beedcfb0001fc4c7a2
Commit Graph

62 Commits

Author SHA1 Message Date
Asger F
c3806a2210 JS: Messy test output updates 
These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking
changes in the data flow library. I wanted the breaking-change updates to live in their own commits,
not just eaten by a merge resolution commit, so the test output became broken for a while.

The '#select' result set is unchanged in all of these, so they should be safe to accept.
 2024-06-27 11:59:56 +02:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
547a8a958a JS: Port SqlInjection 2023-10-13 13:15:03 +02:00
erik-krogh
3fd9f26b52 use consistent indentation in mongoose.js 2023-06-12 16:40:42 +02:00
erik-krogh
cd6f738f72 add mongoose.Types.ObjectId.isValid as a sanitizer-guard for NoSQL injection 2023-06-12 16:38:11 +02:00
erik-krogh
b343dcaadd put string/object in the alert-message for sql-injection 2023-05-31 08:06:04 +02:00
Asger F
d4b4d22378 JS: Step through HTML sanitizers in SQL injection query 2023-03-06 15:10:26 +01:00
erik-krogh
9549cac3e5 add an additional barrier guard that finds "=== true" versions of previous barrier guards 2023-02-14 14:15:23 +01:00
erik-krogh
c355a26657 add failing test 2023-02-14 14:12:35 +01:00
erik-krogh
ba2734909f JS: don't use deprecated files in tests 2022-11-17 22:12:50 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Asger F
47f1d62569 JS: Add generated typings to SQL models 2022-09-20 11:40:16 +02:00
Asger Feldthaus
708408a458 JS: Recognize "sql" option as a query string 2022-01-13 13:04:41 +01:00
Esben Sparre Andreasen
c66d29998e update test output for additional DatabaseAccesses 2021-12-13 13:42:28 +01:00
Erik Krogh Kristensen
6a9277b5ce recognize string sanitizers for ldap-injection 2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen
2062afc868 add calls to parseDN as sinks for ldap-injection 2021-10-01 09:01:28 +02:00
Erik Krogh Kristensen
c55b7bcd85 model ldap filters as taint steps 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
9b5ff66b68 naively port tests from ldap examples 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
416c986cbc add support for graphql in @actions/github 2021-06-15 09:43:11 +02:00
Erik Krogh Kristensen
50d574d20d add graphql injection to the sql-injection query 2021-06-10 21:01:54 +02:00
Erik Krogh Kristensen
be7abede22 add model for the joi library 2021-06-07 20:04:17 +02:00
Asger Feldthaus
67ad6d9a0f JS: Update test output 2021-03-29 15:30:29 +01:00
Asger Feldthaus
49ca88957c JS: Use types 2021-03-29 12:25:15 +01:00
Asger Feldthaus
603843e698 JS: Add task tests 2021-03-29 12:05:47 +01:00
Asger Feldthaus
149af57eac JS: Add model of pg-promise 2021-03-29 11:25:28 +01:00
Asger Feldthaus
b978359803 JS: Add schema validation as TaintedObject sanitizer 2021-03-02 12:39:04 +00:00
Max Schaefer
978d2db252 JavaScript: Add models for more Mongoose methods. 2020-11-30 16:32:13 +00:00
Erik Krogh Kristensen
bce06d3194 add test that promisify is not imprecise 2020-10-28 11:59:03 +01:00
Erik Krogh Kristensen
2e514c4d7b add model for Node Redis 2020-10-28 09:52:54 +01:00
Erik Krogh Kristensen
abdbe92720 refactor the NoSQL model to use API graphs 2020-10-02 10:42:49 +02:00
CodeQL CI
a4f8b19ae4 Merge pull request #3876 from erik-krogh/CWE078-Correctness 
Approved by esbena
 2020-08-03 15:38:51 +01:00
Erik Krogh Kristensen
442ee8d1cc add consistency-checking for CWE-089 2020-07-06 19:02:50 +02:00
Erik Krogh Kristensen
3157cd724d add noSQL tests for type-tracking req.query 2020-07-01 11:45:09 +02:00
Esben Sparre Andreasen
20cf04442c JS: model marsdb and minimongo 2020-05-13 08:28:59 +02:00
Esben Sparre Andreasen
833d1b1ab0 JS: fixup mongoose test 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
9d9926fdbf JS: model Mongoose Document for additional js/nosql-injection sinks 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
55ab519fbe JS: add Mongoose Document tests 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
dc27a8f52c JS: model mongoose Model on createConnection.<model/models> 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
730396df12 JS: add Mongoose createConnection tests 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
5c8800a1c7 JS: make autoformatter happy 2020-03-10 13:11:31 +01:00
Esben Sparre Andreasen
dbeb216af0 JS: make use of TypeScript types for mongoose Model and Query 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
aae92ad795 JS: add test for DatabaseAccess 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
6b9bd8bd97 JS: adjust tests slightly to also support DatabaseAccess testing 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
7a2faa0b6b JS: add additional mongoose and mongodb js/nosql-injection sinks 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
f24f03e1f8 JS: add mongodb .connect tests 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
21e6e69f22 JS: support mongodb v3 (minimally) 
https://github.com/github/codeql-javascript-team/issues/79
 2020-03-10 09:57:45 +01:00
Max Schaefer
8fdf6298b9 JavaScript: Remove --platform node extractor options. 2019-11-06 13:01:28 +00:00
Max Schaefer
3e92d0ffb5 JavaScript: Remove redundant --experimental extractor options. 2019-11-05 15:59:24 +00:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00