hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,119 Commits 1,672 Branches 157 Tags
68ca8e23c0cf86b43abe74b035355315c13ffdd3
Commit Graph

3696 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
68ca8e23c0 introduce consistency-checking utility predicates 2020-06-04 11:00:01 +02:00
Erik Krogh Kristensen
c7c46ea3d6 update test comments to be consistent 2020-06-04 10:55:09 +02:00
Erik Krogh Kristensen
550c578c3c use MemberShipTest in TaintedPath 2020-06-04 10:51:08 +02:00
Erik Krogh Kristensen
d513e6c5b5 update comments in TaintedPath tests 2020-06-04 10:40:14 +02:00
semmle-qlci
70131e6ac8 Merge pull request #3598 from asger-semmle/js/regexp-test 
Approved by esbena
 2020-06-04 09:05:21 +01:00
Asger Feldthaus
8342981799 JS: Make isCoercedToBoolean private 2020-06-02 17:16:55 +01:00
Asger Feldthaus
8a38633639 JS: Handle exec() == undefined 2020-06-02 16:52:07 +01:00
Asger Feldthaus
7d5384b723 JS: Autoformat 2020-06-02 16:38:40 +01:00
Asger Feldthaus
945db4d86c JS: Fix test output 2020-06-02 16:38:21 +01:00
Esben Sparre Andreasen
f9ed64fc45 Merge branch 'master' into js/membershiptest 2020-06-02 08:54:44 +02:00
semmle-qlci
7265e94028 Merge pull request #3578 from erik-krogh/HtmlGuard 
Approved by asgerf
 2020-06-01 13:25:02 +01:00
Asger Feldthaus
707b0f33a0 JS: Use in ContainsHTMLGuard 2020-06-01 12:06:40 +01:00
Asger Feldthaus
fa1a6eefa7 JS: Add StringOps::RegExpTest 2020-06-01 11:43:50 +01:00
semmle-qlci
14be4fedf7 Merge pull request #3594 from erik-krogh/CachedExprStringValue 
Approved by asgerf
 2020-05-30 16:56:40 +01:00
Erik Krogh Kristensen
dfd35aee61 autoformat 2020-05-30 14:50:13 +02:00
Erik Krogh Kristensen
3b4e57ab8d autoformat 2020-05-30 12:45:51 +02:00
Erik Krogh Kristensen
f7ad210331 use SSA instead of internal AccessPath API 2020-05-29 13:08:19 +02:00
Erik Krogh Kristensen
05bfba4f99 use getImmediatePredecessor instead of getALocalSource() 2020-05-29 13:01:09 +02:00
Asger Feldthaus
f3a08375b4 JS: Use newer yarn.lock format 2020-05-29 09:45:50 +01:00
Erik Krogh Kristensen
5bb308dc8f sanitize variables used in an HTML escaping switch-case 2020-05-28 12:37:41 +02:00
Erik Krogh Kristensen
1a2db10a90 recognize barrier guard where the result is stored in a variable 2020-05-28 10:24:42 +02:00
Erik Krogh Kristensen
562a38cdd5 add ContainsHTMLGuard 2020-05-28 10:24:42 +02:00
semmle-qlci
083b8ef8e5 Merge pull request #3568 from asger-semmle/js/avoid-accidental-string-coercion 
Approved by erik-krogh
 2020-05-27 20:46:54 +01:00
Erik Krogh Kristensen
33da82d884 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566 2020-05-27 12:21:14 +00:00
semmle-qlci
3cfc1e553c Merge pull request #3560 from erik-krogh/OptionalSanitizer 
Approved by asgerf
 2020-05-27 13:15:41 +01:00
Erik Krogh Kristensen
d05a61c745 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566 2020-05-27 12:12:08 +00:00
semmle-qlci
fd05314b2c Merge pull request #3531 from asger-semmle/js/node-version-check-notimeout 
Approved by esbena
 2020-05-27 11:13:22 +01:00
Erik Krogh Kristensen
dbc25ca3fb cache Expr::getStringValue 2020-05-26 22:17:00 +02:00
Erik Krogh Kristensen
319363f56c update expected output 2020-05-26 18:47:37 +02:00
Erik Krogh Kristensen
63a14d1b96 use HtmlConcatenationLeaf 2020-05-26 18:33:29 +02:00
Erik Krogh Kristensen
9b047f6f03 use the DOTALL flag 2020-05-26 14:53:33 +02:00
Erik Krogh Kristensen
fd561d1ce2 remove temporary comment 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-26 14:37:02 +02:00
Erik Krogh Kristensen
124c4cb15e Merge branch 'master' of github.com:github/codeql into OptionalSanitizer 2020-05-26 13:59:57 +02:00
Erik Krogh Kristensen
e5afdc53be use HtmlSanitizerCall to recognize sanitizers 2020-05-26 13:34:49 +02:00
Erik Krogh Kristensen
3e3372be4b recognize DOMPurify.sanitize as a HTML sanitizer 2020-05-26 13:34:33 +02:00
Jonas Jensen
5deeda0337 Merge pull request #3387 from geoffw0/tostringperf 
C++: Eliminate recursion from toString().
 2020-05-26 13:24:43 +02:00
semmle-qlci
be5b343a0c Merge pull request #3564 from max-schaefer/js/reflective-argument-access 
Approved by asgerf
 2020-05-26 12:09:13 +01:00
Asger Feldthaus
75fee22f1e JS: Avoid string coercion in JSXName.getValue 2020-05-26 12:03:02 +01:00
Erik Krogh Kristensen
ad40c4b0f2 add a sanitizer guard for safe attribute string concatenations 2020-05-26 12:36:47 +02:00
Erik Krogh Kristensen
a9bea63019 recognize more HTML attribute concatenations 2020-05-26 12:36:24 +02:00
semmle-qlci
4b0354c4bc Merge pull request #3555 from max-schaefer/js/require-flow 
Approved by asgerf
 2020-05-26 10:54:21 +01:00
Max Schaefer
7ddf5ced23 JavaScript: Update expected output for unrelated tests. 2020-05-26 10:49:30 +01:00
semmle-qlci
4b56229ca0 Merge pull request #3527 from esbena/js/fastify 
Approved by asgerf
 2020-05-26 10:44:59 +01:00
semmle-qlci
df205b617e Merge pull request #3539 from asger-semmle/js/capture-level-flow 
Approved by erik-krogh
 2020-05-26 10:42:14 +01:00
Max Schaefer
9d3a9d71f1 JavaScript: Add basic support for reasoning about reflective parameter accesses. 
Currently, only `arguments[c]` for a constant value `c` is supported.

This allows us to detect the prototype-pollution vulnerabilities in (old versions of) `extend`, `jquery`, and `node.extend`.
 2020-05-26 09:59:29 +01:00
Max Schaefer
a39e8b4802 JavaScript: Add test for FlowSteps::argumentPassing predicate. 2020-05-26 09:51:06 +01:00
Erik Krogh Kristensen
9254df1f78 sanitize optionally sanitized values 2020-05-26 00:09:11 +02:00
Erik Krogh Kristensen
8fac3a1403 add IsEmptyGuard to TaintTracking 2020-05-26 00:09:08 +02:00
Jonas Jensen
6fc9e1d84c C++/JavaScript: Improve CodeDuplication.qll QLDoc 
I took most of the docs from the corresponding predicates in
JavaScript's `CodeDuplication.qll`. Where JavaScript had a corresponding
predicate but didn't have QLDoc, I added new QLDoc to both.
 2020-05-25 18:59:48 +02:00
Max Schaefer
573fdaa424 JavaScript: Track require through local data flow. 2020-05-24 20:00:10 +01:00