hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-12 10:36:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,578 Commits 1,711 Branches 162 Tags
83cbbd70430de042d3ff4d340e69260359db3274
Commit Graph

1313 Commits

Author SHA1 Message Date
Maiky
83cbbd7043 Apply docstring changes 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-12-05 09:05:29 +01:00
Maiky
e6c7fc0ead Fixes CI 2023-11-29 19:45:08 +02:00
Maiky
3bcb411d1a Using Express::RouteSetup 2023-11-27 20:31:19 +02:00
Maiky
f623db461a Change qldoc 2023-11-27 19:51:13 +02:00
Maiky
bb6ef72e67 getArgument returns Cors::Cors 2023-11-27 19:36:49 +02:00
Maiky
aa24ce5532 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-11-27 17:48:21 +02:00
Maiky
abd53e98a9 Fix minor issues 2023-11-23 13:17:54 +01:00
Maiky
413c11171e Move to /experimental 2023-11-23 11:00:47 +01:00
Maiky
d661f7f482 Add Flow Labels 2023-11-22 19:50:16 +01:00
Maiky
07ad596f77 Add coverage for express 2023-10-16 16:48:32 +02:00
Maiky
c0e6d7c049 Merge branch 'github:main' into maikypedia/javascript-cors 2023-10-11 12:20:42 +02:00
Erik Krogh Kristensen
85bb14f04f Merge pull request #14405 from erik-krogh/tagCall 
JS: recognize tagged template literals as `DataFlow::CallNode`
 2023-10-11 11:25:34 +02:00
Erik Krogh Kristensen
6377e92067 Update javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-10-11 09:52:48 +02:00
erik-krogh
f48b47c656 JavaScript: add import that populate the shared abstract classes 2023-10-09 09:14:55 +02:00
erik-krogh
c2942b37a7 JS: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
erik-krogh
0d992a3d1f delete old deprecated aliases of various regex libraries 2023-10-09 09:14:54 +02:00
erik-krogh
56e9eda2b9 fix performance by caching getArgument 2023-10-07 13:06:45 +02:00
erik-krogh
18e6a5491c recognize tagged templates as DataFlow::CallNode 2023-10-06 21:14:00 +02:00
Maiky
ed066281b9 Add documentation string for CorsPermissiveConfiguration 2023-10-06 18:22:31 +02:00
Asger F
162c477236 JS: Add AmdModuleDefinition::Range 2023-10-04 20:38:37 +02:00
Maiky
816eebbb51 Add .qhelp and apply some review changes 2023-10-02 18:05:39 +02:00
Maiky
142ab01b48 Remove comment line 2023-09-29 18:32:12 +02:00
Maiky
e171123589 Add initial query for CWE-942 2023-09-29 18:25:58 +02:00
Anders Schack-Mulligen
855c89667d JavaScript: Use shared FileSystem library. 2023-09-28 08:58:55 +02:00
erik-krogh
a7d92b3473 add JS support the using keyword 2023-08-24 20:30:26 +02:00
Asger F
dec6039469 JS: Follow immediate predecessors in path resolution 2023-08-23 09:53:51 +02:00
yoff
7f2f6f14e7 Merge pull request #13729 from yoff/python/model-aws-lambdas 
Python/JavaScript: Shared module for serverless functions
 2023-08-16 15:14:08 +02:00
Asger F
c38cbe859d Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Jeongsoo Lee
4529d8b75a Add support for log injection in MaD 2023-07-28 22:37:56 +00:00
Asger F
d57276ca35 Merge pull request #13719 from asgerf/js/barrier-inout 
JS: Replace barrier edges with barrier nodes
 2023-07-13 16:36:52 +02:00
Asger F
f3fab587a9 JS: Add Fuzzy token in identifying access path 2023-07-13 14:01:06 +02:00
Asger F
7c9e1ad6ec JS: Fix accidental recursion in Vue model 
The API graph entry point depended on API::Node.

This was due to depending on the the TComponent newtype which has a branch that depends on API::Node
 2023-07-13 13:41:21 +02:00
Rasmus Lerchedahl Petersen
02c41f3dcf JavaScript: Use shared library for serverless 2023-07-12 16:46:34 +02:00
Asger F
c7abd4c2af JS: Remove the unused edge-sanitizer hook in UnvalidatedDynamicMethodCall 2023-07-12 09:26:37 +02:00
Asger F
1a395c5b34 JS: Use sanitizerOut in PrototypePollutingAssignment 2023-07-11 15:24:10 +02:00
Asger F
b09ed4b0e3 JS: Update UnsafeJQueryPlugin 2023-07-11 15:01:33 +02:00
Asger F
a1d8a05bcb JS: Update ResourceExhaustion 2023-07-11 14:56:53 +02:00
Asger F
58a557b18e JS: Update InsecureRandomness 2023-07-11 14:56:43 +02:00
Asger F
e863e2376d JS: Use sanitizerIn in ExtenralAPIUsedWithUntrustedData 2023-07-11 14:50:29 +02:00
Asger F
094302a27b JS: Replace sanitizing prefix edge with node 2023-07-11 14:48:13 +02:00
Asger F
944a2ca825 JS: Replace ClearTextLogging::isSanitizerEdge with a node 2023-07-11 14:20:17 +02:00
Asger F
68584e549e JS: Replace isOptionallySanitizedEdge with a node 2023-07-11 12:57:33 +02:00
Asger F
0841677b14 JS: Add isSanitizerX variants in TaintTracking 2023-07-11 11:14:37 +02:00
Asger F
d53beb3784 JS: Embed check for in/out barriers in edge barrier check 2023-07-11 11:04:28 +02:00
Asger F
4964d811a5 JS: Add interface for isBarrier in/out 2023-07-11 11:04:28 +02:00
Asger F
965ca169e5 JS: Recognise fs/promises 2023-07-07 14:14:49 +02:00
Asger F
d49359a95c JS: Add step through spread arg to path.join() 2023-07-07 14:10:50 +02:00
Erik Krogh Kristensen
b2a60bf3d1 Merge pull request #13642 from erik-krogh/san-script 
JS/RB: Fix FP in incomplete-multi-character-sanitization
 2023-07-06 15:38:39 +02:00
Chuan-kai Lin
6912f7ed3a Merge pull request #13638 from cklin/remove-pragma-assume-small-delta 
Remove pragma[assume_small_delta]
 2023-07-03 07:00:36 -07:00
Asger F
4c9501eba5 Merge pull request #13529 from jorgectf/seclab/webix-modeling 
JS: Add models for `webix`
 2023-07-03 12:03:18 +02:00