hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,671 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

4615 Commits

Author SHA1 Message Date
amammad
5bc21a6178 delete old tests 2023-10-06 16:09:05 +02:00
amammad
7d961e1af2 do review improvements 2023-10-06 16:07:10 +02:00
Asger F
162c477236 JS: Add AmdModuleDefinition::Range 2023-10-04 20:38:37 +02:00
Maiky
816eebbb51 Add .qhelp and apply some review changes 2023-10-02 18:05:39 +02:00
Maiky
e171123589 Add initial query for CWE-942 2023-09-29 18:25:58 +02:00
amammad
58f4cd77dc add TypeORM to javascript.qll file 
add tests
improvement on comments
 2023-09-29 01:23:22 +10:00
amammad
921198ed30 add separate query for sinks that accepts data: URL 2023-09-28 20:33:38 +10:00
amammad
2c74dc23c9 add second order command execution sinks to tests 2023-09-22 20:00:36 +10:00
amammad
344869f0d7 change commandExecution sink to CodeInjection sink 2023-09-22 19:37:17 +10:00
amammad
a20ca78599 V1 2023-09-22 19:23:34 +10:00
amammad
f1a7f0a7e8 V1 2023-09-22 19:21:41 +10:00
amammad
06114d91d8 V1 2023-09-22 19:19:52 +10:00
erik-krogh
fdd349c1a3 fix out of bounds string access in isUsingDecl 2023-09-13 20:11:21 +02:00
Max Schaefer
e722e3288f Merge pull request #13771 from github/max-schaefer/server-side-url-redirect-help 
JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.
 2023-09-13 13:20:48 +01:00
Max Schaefer
a9e81672f0 Make suggestion to replace example.com more explicit. 2023-09-12 16:54:05 +01:00
Max Schaefer
a02f373e79 Use better sanitiser. 2023-09-06 14:06:16 +01:00
erik-krogh
984795ee46 fix off-by-one 2023-08-30 13:29:23 +02:00
erik-krogh
2643ab3dbf using is not a keyword 2023-08-30 08:44:59 +02:00
amammad
4f04dc8f6e add test cases 2023-08-29 21:34:02 +10:00
erik-krogh
78487d437f add test for await using in TypeScript 2023-08-28 13:30:35 +02:00
erik-krogh
be2712698b add support for await using in the JS parser 2023-08-28 09:34:13 +02:00
erik-krogh
cb66d62959 add test for the new type-stuff in TS 5.2 we get for free 2023-08-24 20:30:26 +02:00
erik-krogh
dc454d3a72 add support for the new using keyword in TypeScript 2023-08-24 20:30:26 +02:00
erik-krogh
a7d92b3473 add JS support the using keyword 2023-08-24 20:30:26 +02:00
Asger F
2b540e251a Merge pull request #14007 from asgerf/js/import-path-string 
JS: Follow immediate predecessors in path resolution
 2023-08-23 15:28:22 +02:00
Asger F
c6a757e085 JS: More robust handling of cyclic aliases 2023-08-23 14:11:07 +02:00
Asger F
794a459c1b JS: Add reproduction test 2023-08-23 14:11:07 +02:00
Asger F
dec6039469 JS: Follow immediate predecessors in path resolution 2023-08-23 09:53:51 +02:00
Max Schaefer
87364137df Use more sensible validator in example. 2023-08-21 15:14:01 +01:00
erik-krogh
0bce42410a support arbitrary codepoints in NfaUtils.qll 2023-08-08 22:14:51 +02:00
erik-krogh
92db7b047c escape unicode chars in the output for the ReDoS queries 2023-08-08 00:15:54 +02:00
Asger F
213cabccc0 JS: Test with file more extensions 2023-08-04 14:24:51 +02:00
Kevin Stubbings
9f4389cbb5 Search for html.dot extension instead of dot 2023-08-04 00:55:51 -07:00
Asger F
c38cbe859d Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Max Schaefer
7823ff968c JavaScript: Improve query help for js/server-side-unvalidated-url-redirection. 2023-07-19 13:23:25 +01:00
Asger F
d57276ca35 Merge pull request #13719 from asgerf/js/barrier-inout 
JS: Replace barrier edges with barrier nodes
 2023-07-13 16:36:52 +02:00
Asger F
f3fab587a9 JS: Add Fuzzy token in identifying access path 2023-07-13 14:01:06 +02:00
Asger F
03bdebe3b3 JS: Update a test. 
The test had a bug on the line `src = src` so the new code is "more equivalent than usual"
 2023-07-11 15:24:09 +02:00
Asger F
944a2ca825 JS: Replace ClearTextLogging::isSanitizerEdge with a node 2023-07-11 14:20:17 +02:00
Asger F
3691b836cb JS: Add tests 2023-07-11 11:37:30 +02:00
Asger F
27085b1fd0 JS: Fix whitespace 2023-07-10 12:07:13 +02:00
Asger F
fe90146a16 JS: Add test for path.join with spread argument 2023-07-10 12:07:07 +02:00
Asger F
06bc0f6957 JS: Add test for fs/promises 2023-07-10 12:05:03 +02:00
Erik Krogh Kristensen
b2a60bf3d1 Merge pull request #13642 from erik-krogh/san-script 
JS/RB: Fix FP in incomplete-multi-character-sanitization
 2023-07-06 15:38:39 +02:00
erik-krogh
f9eee906cf fix FP by requiring that the regular expression mention on of the chars important in the prefix 2023-07-01 20:30:09 +02:00
erik-krogh
bd400be6ec add FP for incomplete-multi-char-sanitization 2023-07-01 20:28:31 +02:00
jorgectf
f1f3d8e18a Add dot.jssupport 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-06-29 19:17:37 +02:00
jorgectf
2ac334bf15 Adapt Webix modeling to support HTML use-cases 2023-06-28 15:26:30 +02:00
amammad
c7a7594821 merge all ql files into one 2023-06-27 01:56:23 +10:00
jorgectf
1e663b8889 Update HeuristicSourceCodeInjection.expected 2023-06-26 13:32:20 +02:00