hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,144 Commits 1,673 Branches 157 Tags
76ba48c6fb70b367d129d9359f5197f3764fa3e6
Commit Graph

2120 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
736ccb98c2 JS: model the send library for js/path-injection 2020-02-07 12:45:32 +01:00
Asger Feldthaus
a628f787e8 JS: Fix qldoc comment 2020-02-06 14:59:52 +00:00
Asger Feldthaus
f84af74d1d JS: Handle more libraries 2020-02-06 14:59:52 +00:00
Asger Feldthaus
c559ab13e7 JS: Add test and handle parameter with source object 2020-02-06 14:59:52 +00:00
Asger Feldthaus
34a9dce33d JS: Detect property enumeration through for-own 2020-02-06 14:59:52 +00:00
Asger Feldthaus
418f841749 JS: Handle imports through lazy-cache 2020-02-06 14:59:52 +00:00
semmle-qlci
180e9d4731 Merge pull request #2779 from asger-semmle/js/protopol-regression-fix 
Approved by esbena
 2020-02-06 14:58:19 +00:00
Asger Feldthaus
38ef07ce73 JS: Fix join ordering 2020-02-06 10:29:05 +00:00
semmle-qlci
5125dc7939 Merge pull request #2730 from esbena/js/model-path-parse 
Approved by asgerf
 2020-02-05 21:35:55 +00:00
semmle-qlci
163285bee7 Merge pull request #2735 from asger-semmle/prototype-pollution-manual-dataflow 
Approved by esbena
 2020-02-05 12:52:59 +00:00
semmle-qlci
53763c789f Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path 
Approved by erik-krogh
 2020-02-05 10:53:39 +00:00
semmle-qlci
52f34d7178 Merge pull request #2715 from erik-krogh/PrivateFields 
Approved by asgerf
 2020-02-05 10:20:28 +00:00
Asger F
cf18bd7bb8 Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-05 09:48:16 +00:00
Asger Feldthaus
fd9975db85 JS: Address comments 2020-02-05 09:47:51 +00:00
Esben Sparre Andreasen
f6ad22dd1f Merge pull request #2758 from asger-semmle/js/string-concat-concat 
JS: Model concat() calls as string concatenation
 2020-02-05 10:41:02 +01:00
Asger Feldthaus
b4df03767d JS: Ignore obvious Array.prototype.concat calls 2020-02-04 16:36:41 +00:00
Asger Feldthaus
3ccdaa94ad JS: Expose argumentPassing as DataFlow::argumentPassingStep 2020-02-04 15:06:45 +00:00
Asger Feldthaus
c185cededf JS: More pruning and more data flow 2020-02-04 15:06:42 +00:00
semmle-qlci
4b89eee683 Merge pull request #2757 from max-schaefer/js/resolveMainModule-extensions 
Approved by asgerf
 2020-02-04 13:07:08 +00:00
Asger Feldthaus
bf2c944b4f JS: Model concat() calls as string concatenation 2020-02-04 10:20:37 +00:00
Esben Sparre Andreasen
8a2c81b41c JS: address review comments about duplicated logic 2020-02-04 10:49:23 +01:00
Max Schaefer
43e4ed1e18 JavaScript: Teach resolveMainModule to try adding extensions. 2020-02-04 09:39:04 +00:00
semmle-qlci
bd51ef35b7 Merge pull request #2731 from erik-krogh/CVE527 
Approved by esbena
 2020-02-04 08:38:26 +00:00
Esben Sparre Andreasen
bbd60f52ba JS: add additional flow steps to js/path-injection 2020-02-03 16:36:25 +01:00
semmle-qlci
3a7845e7fc Merge pull request #2653 from erik-krogh/exceptionFPs 
Approved by esbena
 2020-02-03 14:15:24 +00:00
Erik Krogh Kristensen
183dd68d6a add qldoc to isPrivateField 2020-02-03 14:23:27 +01:00
Asger Feldthaus
9abf5f06e6 TS: Resolve imports using TypeScript symbols 2020-02-03 09:32:56 +00:00
Asger Feldthaus
abb95135c1 JS: Add UnresolvableImport metric 2020-02-03 09:32:56 +00:00
Erik Krogh Kristensen
5ff958a9cf fix compilation of PrototypePollutionUtility after refactor 2020-02-03 09:39:41 +01:00
semmle-qlci
d995d5a4a0 Merge pull request #2716 from esbena/js/additional-koa-requests 
Approved by erik-krogh
 2020-01-31 18:30:42 +00:00
Erik Krogh Kristensen
84be6e1286 update docString on getAnAliasedSourceNode 2020-01-31 15:38:19 +01:00
Erik Krogh Kristensen
32bcb18cdf add pragma[inline] to getAnAliasedSourceNode 2020-01-31 15:35:38 +01:00
Erik Krogh Kristensen
72114a48f5 rename getASourceAccess to getAnAliasedSourceNode 2020-01-31 15:34:58 +01:00
Erik Krogh Kristensen
b6611b1fb3 add "slice" as a recognized prefix method in ClientSideUrlRedirectCustomizations.qll 2020-01-31 12:24:12 +01:00
Erik Krogh Kristensen
279c584bb8 fix FP in js/path-injection by recognizing more prefix checks 2020-01-31 11:03:11 +01:00
semmle-qlci
f8d0b4e602 Merge pull request #2618 from erik-krogh/ExceptionalPromise 
Approved by asgerf
 2020-01-31 07:59:09 +00:00
Esben Sparre Andreasen
5f1317fa2d JS: model path.parse and its ponyfill package: "path-parse" 2020-01-30 21:26:18 +01:00
Esben Sparre Andreasen
5b5f52979d JS: add uniform support for path, path.posix and path.win32 2020-01-30 21:26:18 +01:00
semmle-qlci
3158b8401a Merge pull request #2705 from erik-krogh/CVE75 
Approved by asgerf
 2020-01-30 13:07:05 +00:00
semmle-qlci
120b50f497 Merge pull request #2708 from asger-semmle/js/react-flow-through-imports 
Approved by esbena
 2020-01-30 13:05:07 +00:00
Erik Krogh Kristensen
162c19c348 changes based on review 2020-01-30 14:04:04 +01:00
Erik Krogh Kristensen
7637ebcc03 Merge remote-tracking branch 'upstream/master' into exceptionFPs 2020-01-30 10:56:41 +01:00
Esben Sparre Andreasen
31743c42e5 Update javascript/ql/src/semmle/javascript/frameworks/Koa.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-29 20:28:29 +01:00
Esben Sparre Andreasen
a6d3afd817 JS: support additional Koa request sources 2020-01-29 14:49:01 +01:00
Anders Schack-Mulligen
743b612d0d Javascript/Python: Sync XML.qll 2020-01-29 13:31:25 +01:00
Erik Krogh Kristensen
b8834ffcad add support for private fields in classes 2020-01-29 13:10:45 +01:00
semmle-qlci
fb90c2ba52 Merge pull request #2681 from asger-semmle/csrf-only-session-cookie-access 
Approved by erik-krogh, max-schaefer
 2020-01-29 10:46:48 +00:00
Erik Krogh Kristensen
aea365c424 adjust API naming 2020-01-28 15:09:31 +01:00
Erik Krogh Kristensen
cb16116b4d adjust type-tracking on custom EventEmitters 2020-01-28 14:00:26 +01:00
Asger F
701d9989be Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:51 +00:00