codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	6f28ddf1f8	proper support for `this` inside a JSX-name	2020-08-17 14:23:42 +02:00
CodeQL CI	66541f260b	Merge pull request #4012 from erik-krogh/getId Approved by asgerf, esbena	2020-08-12 13:28:18 +01:00
Erik Krogh Kristensen	aab2e6f803	update name of test file	2020-08-07 18:20:22 +02:00
Erik Krogh Kristensen	f1dc36244c	update tests and queries that used getId()	2020-08-05 14:32:09 +00:00
Erik Krogh Kristensen	f70cb2e7b3	add test for new JSON serializers	2020-08-05 12:14:56 +02:00
CodeQL CI	8855ab8c8c	Merge pull request #3835 from Raz0r/js/xss-protocol-sinks Approved by erik-krogh	2020-08-03 15:40:05 +01:00
CodeQL CI	a4f8b19ae4	Merge pull request #3876 from erik-krogh/CWE078-Correctness Approved by esbena	2020-08-03 15:38:51 +01:00
CodeQL CI	c8e5db189a	Merge pull request #3913 from erik-krogh/topmost Approved by asgerf	2020-08-03 13:18:22 +01:00
Erik Krogh Kristensen	f5cc14f980	fix typo	2020-08-03 13:49:21 +02:00
CodeQL CI	0bbdc70cdb	Merge pull request #3864 from erik-krogh/exprString Approved by asgerf, esbena	2020-08-03 09:25:17 +01:00
Max Schaefer	91762ec274	JavaScript: Add partial model for `opener`. 3.5M weekly downloads. Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.	2020-07-27 11:42:32 +01:00
Max Schaefer	9aa26fa4bc	JavaScript: Add model for `foreground-child`. >1M weekly downloads, so seems worth doing.	2020-07-27 11:37:06 +01:00
Max Schaefer	2f842042ea	JavaScript: Model another `execa` function relevant for command injection.	2020-07-27 11:34:04 +01:00
semmle-qlci	e167b87150	Merge pull request #3932 from max-schaefer/portals-additions Approved by esbena	2020-07-09 11:43:45 +01:00
Max Schaefer	7a1410e0d5	JavaScript: Update and expand tests.	2020-07-09 09:25:52 +01:00
Erik Krogh Kristensen	022cafebd3	make sure the consisntecy-checking library does not mix configurations	2020-07-08 10:28:41 +02:00
Erik Krogh Kristensen	ec38df69b3	update consistency comments for CWE-918	2020-07-08 10:24:55 +02:00
Erik Krogh Kristensen	c5285f7418	update inconsistency comment for CWE-843	2020-07-08 10:16:43 +02:00
Erik Krogh Kristensen	45b6906a0d	move comments to match alert location for CWE-834	2020-07-08 10:16:04 +02:00
Erik Krogh Kristensen	71a3d49d2b	update comments to match alert location for CWE-807	2020-07-08 10:15:26 +02:00
Erik Krogh Kristensen	d814e73023	update comment position to match alert location for CWE-798	2020-07-08 10:12:12 +02:00
Erik Krogh Kristensen	bcffc97de7	update comment position to match alert location for CWE-776	2020-07-08 10:10:31 +02:00
Erik Krogh Kristensen	2235634347	update consistency comments for CWE-754	2020-07-08 10:08:51 +02:00
Erik Krogh Kristensen	0d64a0f2c8	update consistency comment for CWE-730	2020-07-08 10:07:34 +02:00
Erik Krogh Kristensen	5a87628478	update consistency comments for CWE-611	2020-07-08 10:03:03 +02:00
Erik Krogh Kristensen	1f1c09af02	update consistency comments for CWE-601	2020-07-08 10:02:29 +02:00
Erik Krogh Kristensen	ce6a211340	update inconsistency comment for CWE-506	2020-07-08 10:01:40 +02:00
Erik Krogh Kristensen	bf36137834	update inconsistency comment for CWE-346	2020-07-08 10:01:04 +02:00
Erik Krogh Kristensen	16b0427dc4	update inconsistency comment for CWE-338	2020-07-08 10:00:19 +02:00
Erik Krogh Kristensen	9bcbedde46	update consistency comment in passwords.js	2020-07-08 09:55:00 +02:00
Erik Krogh Kristensen	664c5e64b4	add [INCONSISTENCY] comment in CodeInjection test	2020-07-08 09:48:12 +02:00
Erik Krogh Kristensen	00e900f1b1	only include named topmost package.json files for js/shell-command-constructed-from-input	2020-07-08 09:25:08 +02:00
Raz0r	3487ec17d0	add tests	2020-07-07 16:26:14 +03:00
Erik Krogh Kristensen	442ee8d1cc	add consistency-checking for CWE-089	2020-07-06 19:02:50 +02:00
semmle-qlci	fe0c5a9ea6	Merge pull request #3892 from asger-semmle/js/redirect-starts-with-sanitizer Approved by esbena	2020-07-06 17:04:30 +01:00
semmle-qlci	6d80445f24	Merge pull request #3851 from erik-krogh/queryStuff Approved by esbena	2020-07-06 14:40:41 +01:00
Erik Krogh Kristensen	2a8b37e004	update consistency comments in unsafe-jquery-plugin.js Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-07-06 14:15:23 +02:00
Erik Krogh Kristensen	c986f3bb7c	add consistency checking for CWE-079	2020-07-06 13:42:35 +02:00
Erik Krogh Kristensen	dc8042adeb	introduce conistency-checking for CWE-078	2020-07-06 12:47:56 +02:00
Erik Krogh Kristensen	8585312271	fix typo in js/shell-command-constructed-from-input	2020-07-06 10:33:49 +02:00
Asger Feldthaus	b5104ae42d	JS: Add StartsWith sanitizer	2020-07-03 14:46:07 +01:00
Asger Feldthaus	4c06eb8bfe	JS: Add test showing FPs	2020-07-03 14:45:42 +01:00
Erik Krogh Kristensen	261821b32c	Merge remote-tracking branch 'upstream/master' into queryStuff	2020-07-02 16:08:05 +02:00
semmle-qlci	b5c8f2238b	Merge pull request #3805 from esbena/js/seal-freeze-flow Approved by asgerf	2020-07-02 13:54:54 +01:00
Erik Krogh Kristensen	ceb19292cb	autoformat	2020-07-02 14:47:08 +02:00
semmle-qlci	97128b1475	Merge pull request #3829 from asger-semmle/js/xss-substr Approved by erik-krogh	2020-07-02 11:58:32 +01:00
Erik Krogh Kristensen	f60a7489b5	ignore parents that doesn't have all constant roots when deciding which roots to compute getStringValue for	2020-07-02 10:39:41 +02:00
semmle-qlci	bfb734e1d7	Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3 Approved by erik-krogh	2020-07-02 08:30:45 +01:00
semmle-qlci	45ef3ec4a8	Merge pull request #3619 from erik-krogh/CWE022-Correctness Approved by asgerf	2020-07-01 20:07:58 +01:00
Esben Sparre Andreasen	75451e349a	JS: teach the dataflow library identity functions Object.freeze/seal	2020-07-01 15:27:28 +02:00

1 2 3 4 5 ...

2014 Commits