semmle-qlci
|
6fb047aef6
|
Merge pull request #3451 from erik-krogh/fstreamWrite
Approved by esbena
|
2020-05-12 14:58:02 +01:00 |
|
semmle-qlci
|
ee848328ab
|
Merge pull request #3442 from erik-krogh/SmallPerfs
Approved by esbena
|
2020-05-12 14:36:34 +01:00 |
|
Erik Krogh Kristensen
|
d46148c045
|
add test case
|
2020-05-12 14:23:28 +02:00 |
|
Erik Krogh Kristensen
|
3707792cfd
|
recognize reading/wrinting calls to fstream methods
|
2020-05-12 14:18:07 +02:00 |
|
Jonas Jensen
|
451ae7b762
|
Merge pull request #3444 from dbartol/codeql-c-analysis-team/68
Rename `sanity` -> `consistency`
|
2020-05-12 12:33:08 +02:00 |
|
Erik Krogh Kristensen
|
bd768cbd7e
|
autoformat
|
2020-05-12 12:28:02 +02:00 |
|
Erik Krogh Kristensen
|
2fbdeceae7
|
add getContainedNode constraint to charpred of IndirectInclusionTest, and refactor two getEnclosingExpr()
|
2020-05-12 10:19:06 +02:00 |
|
semmle-qlci
|
8ce9c9d57e
|
Merge pull request #3441 from erik-krogh/BabelDirectives
Approved by esbena
|
2020-05-12 08:57:20 +01:00 |
|
Dave Bartolomeo
|
3987267f26
|
Rename sanity -> consistency
|
2020-05-11 13:46:26 -04:00 |
|
Dave Bartolomeo
|
06783938d3
|
JavaScript: Rename sanity -> consistency
|
2020-05-11 13:46:12 -04:00 |
|
Asger F
|
86a774d912
|
Merge pull request #3394 from monkey-junkie/master
JS SSTI CWE-094
|
2020-05-11 15:06:17 +01:00 |
|
Erik Krogh Kristensen
|
970ddcac7b
|
autoformat
|
2020-05-11 15:38:45 +02:00 |
|
Erik Krogh Kristensen
|
3ce60733cc
|
add test case
|
2020-05-11 13:11:24 +02:00 |
|
Erik Krogh Kristensen
|
acb0f2e54f
|
exclude "@babel/helpers - .." from js/unknown-directive
|
2020-05-11 12:42:18 +02:00 |
|
Erik Krogh Kristensen
|
f8de69156e
|
inline basicFlowStep into flowStep
|
2020-05-10 22:15:37 +02:00 |
|
Erik Krogh Kristensen
|
87167900d1
|
deduplicate - and slightly optimize IndirectInclusionTest
|
2020-05-10 22:15:37 +02:00 |
|
Erik Krogh Kristensen
|
6d05b40d23
|
eliminate recursion from GuardControlFlowNode::dominates
|
2020-05-10 22:15:34 +02:00 |
|
monkey-junkie
|
4594aa470d
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-06 18:18:06 +03:00 |
|
semmle-qlci
|
b2f1008a00
|
Merge pull request #3420 from max-schaefer/js/fix-missing-triple-backtick
Approved by asgerf
|
2020-05-06 13:52:18 +01:00 |
|
monkey-junkie
|
5ce9e0d0a2
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-06 14:32:55 +03:00 |
|
Asger F
|
5725814774
|
Merge pull request #3403 from asger-semmle/js/getcontainer
JS: Move getContainer to single rootdef (+fixes)
|
2020-05-06 12:06:44 +01:00 |
|
Max Schaefer
|
9335a6cb79
|
JavaScript: Fix missing triple backtick in qldoc comment.
|
2020-05-06 11:40:00 +01:00 |
|
monkey-junkie
|
122354a81a
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-06 12:54:50 +03:00 |
|
monkey-junkie
|
3314dd0614
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-05-06 11:17:41 +03:00 |
|
semmle-qlci
|
9210660ea0
|
Merge pull request #3401 from erik-krogh/jsonLike
Approved by esbena
|
2020-05-06 08:00:44 +01:00 |
|
Asger F
|
b2da4fe491
|
Update javascript/ql/src/semmle/javascript/internal/StmtContainers.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-06 07:59:04 +01:00 |
|
Asger Feldthaus
|
926e79d272
|
JS: Autoformat
|
2020-05-06 07:59:04 +01:00 |
|
Asger Feldthaus
|
f51e846439
|
JS: Fix ClosureModule implementation
|
2020-05-06 07:59:04 +01:00 |
|
Asger Feldthaus
|
0f870a4992
|
JS: Use TCapturedVariableNode as starting point of callInputStep
|
2020-05-06 07:59:04 +01:00 |
|
Asger Feldthaus
|
4d6da19173
|
JS: Improve performance of getExceptionTarget
|
2020-05-06 07:59:04 +01:00 |
|
Asger Feldthaus
|
639f04386c
|
JS: Avoid bad join ordering in ClosureModule
|
2020-05-06 07:59:04 +01:00 |
|
Asger Feldthaus
|
e52e1b26c6
|
JS: Upgrade script
|
2020-05-06 07:59:04 +01:00 |
|
Asger Feldthaus
|
5f710bc881
|
JS: Move definition of getContainer() to a single rootdef
|
2020-05-06 07:59:04 +01:00 |
|
monkey-junkie
|
560674b670
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 15:36:11 +03:00 |
|
monkey-junkie
|
758e85dd3e
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 15:34:57 +03:00 |
|
monkey-junkie
|
a8019705b5
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 15:24:24 +03:00 |
|
monkey-junkie
|
0aaa8af3bd
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 15:24:10 +03:00 |
|
monkey-junkie
|
056566ecc1
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 12:05:01 +03:00 |
|
monkey-junkie
|
3a4ea82ae2
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 12:02:46 +03:00 |
|
monkey-junkie
|
8310c96b97
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 11:59:06 +03:00 |
|
monkey-junkie
|
25df6e1664
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 11:58:49 +03:00 |
|
monkey-junkie
|
700a070a15
|
Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjection.js
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 11:58:40 +03:00 |
|
monkey-junkie
|
d8fb552097
|
Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjectionSafe.js
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 11:58:28 +03:00 |
|
John Doe
|
337be9c2e0
|
ssti query and help updated
|
2020-05-05 03:58:29 +03:00 |
|
John Doe
|
09922e5bb4
|
Merge branch 'master' of github.com:monkey-junkie/codeql
|
2020-05-05 03:44:23 +03:00 |
|
John Doe
|
895aa622bf
|
ssti updated
|
2020-05-05 03:37:43 +03:00 |
|
monkey-junkie
|
cd18842aa5
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 02:15:58 +03:00 |
|
monkey-junkie
|
a60660617f
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 02:15:00 +03:00 |
|
Erik Krogh Kristensen
|
eb7e0d6a62
|
still flag single-expression files that contain a function
|
2020-05-04 18:37:26 +02:00 |
|
semmle-qlci
|
a805a63443
|
Merge pull request #3357 from erik-krogh/YetAnotherPerformancePatch
Approved by asgerf, esbena
|
2020-05-04 10:05:34 +01:00 |
|