hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-09 15:41:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,187 Commits 1,754 Branches 167 Tags
7aa421fd8a48b73e4f1f9faba07c7f5d8c739a1d
Commit Graph

1858 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
7aa421fd8a prune clearly infeasible store steps 2020-04-29 09:15:32 +02:00
Erik Krogh Kristensen
8cf71e59ce prune infeasible load steps 2020-04-29 09:13:49 +02:00
Erik Krogh Kristensen
435b5cf42d refactor how exploratoryFlowStep is used 2020-04-29 09:11:26 +02:00
Esben Sparre Andreasen
04b5a794f1 Merge pull request #3313 from esbena/js/typical-bad-sanitizer 
New query: Incomplete HTML attribute sanitization
 2020-04-27 14:31:13 +02:00
semmle-qlci
cbe417f5eb Merge pull request #3336 from erik-krogh/MoarJQuery 
Approved by esbena
 2020-04-25 15:17:55 +01:00
semmle-qlci
28cfe548d5 Merge pull request #3325 from erik-krogh/MoreEventClasses 
Approved by asgerf
 2020-04-24 09:02:27 +01:00
semmle-qlci
671e7c6637 Merge pull request #3335 from asger-semmle/js/cached-chained-methods 
Approved by esbena
 2020-04-24 08:28:05 +01:00
Esben Sparre Andreasen
89613dbd23 JS: add query for incomplete HTML attribute sanitization 2020-04-24 09:17:46 +02:00
Jonas Jensen
d98e956c2b Merge pull request #3322 from felicitymay/merge-124-master 
Merge rc/1.24 into master
 2020-04-24 08:48:54 +02:00
Erik Krogh Kristensen
19c6092998 autoformat 2020-04-23 20:59:34 +02:00
Erik Krogh Kristensen
ea1628ef54 fix typo in jQuery.qll 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 20:58:49 +02:00
Erik Krogh Kristensen
ee43db1b58 slightly expand the $().each model 2020-04-23 16:49:47 +02:00
Erik Krogh Kristensen
448ed150df allow the empty string to flow to a JQuery XSS sink 2020-04-23 16:45:37 +02:00
Erik Krogh Kristensen
96896fd7f5 second round of UnsafeJQueryPlugin reuse 2020-04-23 15:12:32 +02:00
Erik Krogh Kristensen
ea569dba78 update doc for JQuery plugin predicate 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 15:03:39 +02:00
Asger Feldthaus
cafdcfa4de JS: Preserve reflective calls in getAMethodCall 2020-04-23 13:57:14 +01:00
Erik Krogh Kristensen
1954a60b6e reuse existing predicate from UnsafeJqueryPlugin 2020-04-23 14:25:34 +02:00
Erik Krogh Kristensen
09b6727e6d refactor $.each model 2020-04-23 14:24:56 +02:00
Erik Krogh Kristensen
e7d8cd8e8c Merge remote-tracking branch 'upstream/master' into MoarJQuery 2020-04-23 14:10:53 +02:00
Erik Krogh Kristensen
6897dda614 model that this in $().each(callback) is a DOM-node 2020-04-23 13:51:17 +02:00
Erik Krogh Kristensen
8de86967aa model that this in a jQuery plugin is a jQuery object 2020-04-23 13:48:54 +02:00
Erik Krogh Kristensen
90652eeb25 add $.jGrowl as an XSS sink 2020-04-23 10:44:41 +02:00
semmle-qlci
da3292606c Merge pull request #3191 from erik-krogh/XssDom 
Approved by esbena, mchammer01
 2020-04-23 09:17:07 +01:00
Erik Krogh Kristensen
6ada588dd1 add support for util.inherits 2020-04-22 22:55:12 +02:00
Erik Krogh Kristensen
957e4073b0 use getABoundCallbackParameter in SocketIO 2020-04-22 21:56:34 +02:00
Felicity Chapman
89bf35cd43 Merge branch 'rc/1.24' into merge-124-master 
Conflicts:
	change-notes/1.24/analysis-javascript.md
    Resolved in favor of the rc/1.24 branch
 2020-04-22 19:01:47 +01:00
Erik Krogh Kristensen
ac26741816 reuse existing SanitizerGuard from UnsafeJQueryPlugin 2020-04-22 14:16:15 +02:00
Erik Krogh Kristensen
0a29d132d0 reuse existing logic in DomBasedXss 2020-04-22 13:50:43 +02:00
Erik Krogh Kristensen
8811455d49 Merge remote-tracking branch 'upstream/master' into XssDom 2020-04-22 10:20:40 +02:00
Erik Krogh Kristensen
76503d3536 user controlled -> user-controlled 2020-04-22 10:08:01 +02:00
semmle-qlci
2fb711e460 Merge pull request #3169 from erik-krogh/Maps 
Approved by asgerf, esbena
 2020-04-21 12:12:06 +01:00
Erik Krogh Kristensen
59b94b3d1b revert back to having 2 separate cases in JQuery::MethodCall 2020-04-21 13:08:06 +02:00
Asger Feldthaus
1703ffe6a1 JS: Cache some SourceNode getter methods differently 2020-04-21 10:33:07 +01:00
Asger Feldthaus
997b44928e JS: Autoformat 2020-04-21 10:14:28 +01:00
semmle-qlci
2ecef33c9d Merge pull request #3299 from asger-semmle/js/flows-to-redundant-check 
Approved by esbena
 2020-04-21 10:00:34 +01:00
Asger Feldthaus
d4978905f8 JS: Use SendCallback/ReceiveCallback in getAck 2020-04-20 15:12:04 +01:00
Asger Feldthaus
ca60e8264e JS: Autoformat 2020-04-20 14:42:41 +01:00
Erik Krogh Kristensen
73b0aa4004 add more attributes potentially vulnerable to xss-through-dom 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
12f4ce8111 merge two cases of jQuery method calls 2020-04-20 13:28:55 +02:00
Erik Krogh Kristensen
8b254f7b49 Merge remote-tracking branch 'upstream/master' into Maps 2020-04-20 13:00:39 +02:00
Asger Feldthaus
bccc27f1e7 JS: Rephrase flowsTo to avoid redundant SourceNode::Range check 2020-04-20 10:57:52 +01:00
Asger Feldthaus
bb9fea5a27 JS: Refactor isAmbient computation 2020-04-19 22:45:19 +01:00
Erik Krogh Kristensen
4a93b91d59 make maybePromisified private 2020-04-17 11:47:03 +02:00
Erik Krogh Kristensen
4f32157a78 rename func to callback 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-17 11:36:48 +02:00
Erik Krogh Kristensen
14b551f887 Xss through DOM 2020-04-17 10:54:14 +02:00
Erik Krogh Kristensen
55edfed1ee support jQuery().get() returning a DOM node 2020-04-17 10:32:53 +02:00
Erik Krogh Kristensen
dd9aec056c handle basic dynamic method dispatch for jQuery methods 2020-04-17 10:32:52 +02:00
Erik Krogh Kristensen
eca98b42d2 basic support for util.promisify for NodeJSFileSystemAccess 2020-04-17 09:54:37 +02:00
Erik Krogh Kristensen
ea0f6a367d refactor into maybePromisified predicate 2020-04-17 09:50:08 +02:00
Erik Krogh Kristensen
69a16af152 Merge branch 'master' into Maps 2020-04-15 20:41:22 +02:00