codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00

Author	SHA1	Message	Date
Asger F	5950865b55	Merge pull request #13755 from github/max-schaefer/js-server-crash-help JavaScript: Improve qhelp for js/server-crash.	2023-08-03 10:04:08 +02:00
Asger F	c38cbe859d	Merge pull request #13737 from asgerf/dynamic/fuzzy-models Dynamic: add Fuzzy token	2023-08-03 09:58:24 +02:00
Max Schaefer	5124310f14	Update javascript/ql/src/Security/CWE-730/ServerCrash.qhelp Co-authored-by: Asger F <asgerf@github.com>	2023-08-01 17:03:05 +01:00
Jeongsoo Lee	1d5eb4a960	Update javascript/ql/lib/change-notes/2023-07-28-mad-log-injection.md Co-authored-by: Asger F <asgerf@github.com>	2023-07-31 15:38:35 -07:00
Jeongsoo Lee	4529d8b75a	Add support for log injection in MaD	2023-07-28 22:37:56 +00:00
github-actions[bot]	f91b7a9342	Post-release preparation for codeql-cli-2.14.1	2023-07-21 16:16:25 +00:00
github-actions[bot]	c936a920b0	Release preparation for version 2.14.1	2023-07-20 16:32:27 +00:00
Max Schaefer	9432fec612	JavaScript: Improve qhelp for js/server-crash. The examples now use `fs.access` instead of the deprecated `fs.exists`. I have also rewritten the async/await example, since as of Node.js v15 the default behaviour for uncaught exceptions has changed to terminating the process instead of logging a warning, making the previous advice incorrect.	2023-07-17 14:44:23 +01:00
Asger F	d57276ca35	Merge pull request #13719 from asgerf/js/barrier-inout JS: Replace barrier edges with barrier nodes	2023-07-13 16:36:52 +02:00
Asger F	f3fab587a9	JS: Add Fuzzy token in identifying access path	2023-07-13 14:01:06 +02:00
Asger F	7c9e1ad6ec	JS: Fix accidental recursion in Vue model The API graph entry point depended on API::Node. This was due to depending on the the TComponent newtype which has a branch that depends on API::Node	2023-07-13 13:41:21 +02:00
Max Schaefer	b8eb2ef8d8	Merge branch 'main' into max-schaefer/improve-command-injection-qhelp	2023-07-13 12:11:15 +01:00
Max Schaefer	ae237247f2	Apply suggestions from code review Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2023-07-13 12:10:57 +01:00
Asger F	c7abd4c2af	JS: Remove the unused edge-sanitizer hook in UnvalidatedDynamicMethodCall	2023-07-12 09:26:37 +02:00
Asger F	c8af28c2ca	Merge pull request #13700 from asgerf/js/path-join-spread JS: Recognize 'fs/promises' alias and handle spread arguments in path.join()	2023-07-11 15:31:13 +02:00
Asger F	1a395c5b34	JS: Use sanitizerOut in PrototypePollutingAssignment	2023-07-11 15:24:10 +02:00
Asger F	03bdebe3b3	JS: Update a test. The test had a bug on the line `src = src` so the new code is "more equivalent than usual"	2023-07-11 15:24:09 +02:00
Asger F	b09ed4b0e3	JS: Update UnsafeJQueryPlugin	2023-07-11 15:01:33 +02:00
Asger F	a1d8a05bcb	JS: Update ResourceExhaustion	2023-07-11 14:56:53 +02:00
Asger F	58a557b18e	JS: Update InsecureRandomness	2023-07-11 14:56:43 +02:00
Asger F	e863e2376d	JS: Use sanitizerIn in ExtenralAPIUsedWithUntrustedData	2023-07-11 14:50:29 +02:00
Asger F	094302a27b	JS: Replace sanitizing prefix edge with node	2023-07-11 14:48:13 +02:00
Asger F	944a2ca825	JS: Replace ClearTextLogging::isSanitizerEdge with a node	2023-07-11 14:20:17 +02:00
Asger F	68584e549e	JS: Replace isOptionallySanitizedEdge with a node	2023-07-11 12:57:33 +02:00
Asger F	3691b836cb	JS: Add tests	2023-07-11 11:37:30 +02:00
Asger F	0841677b14	JS: Add isSanitizerX variants in TaintTracking	2023-07-11 11:14:37 +02:00
Asger F	d53beb3784	JS: Embed check for in/out barriers in edge barrier check	2023-07-11 11:04:28 +02:00
Asger F	4964d811a5	JS: Add interface for isBarrier in/out	2023-07-11 11:04:28 +02:00
Max Schaefer	63c45a0da3	Add another example of when and how to use shell-quote.	2023-07-10 14:02:17 +01:00
Asger F	8234b8f175	JS: Change note	2023-07-10 13:19:44 +02:00
Asger F	27085b1fd0	JS: Fix whitespace	2023-07-10 12:07:13 +02:00
Asger F	fe90146a16	JS: Add test for path.join with spread argument	2023-07-10 12:07:07 +02:00
Asger F	06bc0f6957	JS: Add test for fs/promises	2023-07-10 12:05:03 +02:00
github-actions[bot]	13cf054a9d	Post-release preparation for codeql-cli-2.14.0	2023-07-07 14:55:41 +00:00
Asger F	965ca169e5	JS: Recognise fs/promises	2023-07-07 14:14:49 +02:00
Asger F	d49359a95c	JS: Add step through spread arg to path.join()	2023-07-07 14:10:50 +02:00
github-actions[bot]	6484ee106e	Release preparation for version 2.14.0	2023-07-07 08:22:14 +00:00
Dave Bartolomeo	9631e9f2f1	Bump minor version numbers post-GHES	2023-07-06 10:10:01 -04:00
Dave Bartolomeo	2bb9adfbf1	Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10	2023-07-06 10:00:46 -04:00
Erik Krogh Kristensen	b2a60bf3d1	Merge pull request #13642 from erik-krogh/san-script JS/RB: Fix FP in incomplete-multi-character-sanitization	2023-07-06 15:38:39 +02:00
Max Schaefer	1d3e3440f2	Add example of manual sanitisation.	2023-07-06 12:54:30 +01:00
Max Schaefer	240e0799b0	Fix spurious character in code example.	2023-07-06 12:54:03 +01:00
Max Schaefer	83a854c3ff	Update javascript/ql/src/Security/CWE-078/IndirectCommandInjection.qhelp Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-06 12:47:06 +01:00
Max Schaefer	6fb41adc61	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-06 12:02:44 +01:00
Max Schaefer	f89992eb16	Address more review feedback.	2023-07-05 12:02:11 +01:00
Max Schaefer	921d8de8dc	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-05 11:19:30 +01:00
Max Schaefer	5fb6b5810f	Clarify that splitting arguments on space is not safe.	2023-07-04 15:58:37 +01:00
Max Schaefer	74af0b1f05	Improve command-injection example and provide a fixed version.	2023-07-04 15:58:37 +01:00
Chuan-kai Lin	6912f7ed3a	Merge pull request #13638 from cklin/remove-pragma-assume-small-delta Remove pragma[assume_small_delta]	2023-07-03 07:00:36 -07:00
Asger F	4c9501eba5	Merge pull request #13529 from jorgectf/seclab/webix-modeling JS: Add models for `webix`	2023-07-03 12:03:18 +02:00

1 2 3 4 5 ...

9146 Commits