hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
69,361 Commits 1,703 Branches 162 Tags
89a2381165f5f183f0eefeca6353ca01cfcc7ee3
Commit Graph

1466 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
41506fbfef Merge pull request #14666 from am0o0/amammad-js-hardcodedJWTKey 
JS: Extends CredentialsNode class mostly related to JWT authentication packages
 2024-08-08 10:20:45 +02:00
am0o0
b64cb4da09 remove a part of code related to debugging :) 2024-08-07 20:37:20 +02:00
am0o0
fce183c7cb apply autoformat to HardcodedCredentialsCustomizations.qll 2024-08-05 14:25:15 +02:00
am0o0
354fcbe7fe apply changes from @erik-krogh 2024-08-01 20:14:36 +02:00
Paul Hodgkinson
c9af53f050 Merge branch 'main' into aegilops/polyfill-io-compromised-script 2024-07-12 12:53:44 +01:00
aegilops
0aab2aef3b Formatting of QLL 2024-07-09 18:16:37 +01:00
aegilops
dae2aeb7d3 QLDoc 2024-07-09 18:16:02 +01:00
aegilops
86afd54a9b Moved new query to 'experimental' 
Moved lists of domains to data extensions, including adding those to the overall qlpack.yml

Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io
 2024-07-09 16:38:01 +01:00
Paul Hodgkinson
d896fdf9fa Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-07-08 11:25:47 +01:00
aegilops
1fe14e26b1 Split out "compromised" functionality 2024-07-08 10:56:12 +01:00
aegilops
73fc6bcdb1 Added some missing QLDoc 2024-07-01 17:10:24 +01:00
aegilops
a1b0703690 Added detection for specific Polyfill.io CDN compromise - edited existing library and added new query and tests 2024-07-01 16:21:34 +01:00
am0o0
6ecd8b7ee8 add new default cred kind 2024-07-01 14:42:34 +02:00
am0o0
fa8c457015 move the TextEncoder and Buffer jose.base64url taint steps to a local query taint step 2024-07-01 12:11:53 +02:00
am0o0
60aa711005 implement TextEncoderStep taint step with globalVarRef predicate 2024-07-01 11:59:05 +02:00
am0o0
65fdb8ccce move jose SharedTaintStep to a local taint step, add more additional steps with test cases, update test cases and expected test results 2024-07-01 11:38:17 +02:00
aegilops
252c9e9416 Added data extension to set defaults, updated help, added README to explain customization 2024-06-19 17:27:17 +01:00
Rasmus Wriedt Larsen
3f2befc3e5 JS: Support spread arguments in array.splice 2024-06-14 15:33:17 +02:00
Rasmus Wriedt Larsen
ec18786488 JS: Provide better model for Array.splice 2024-06-12 16:29:21 +02:00
Rasmus Wriedt Larsen
1027ca266d JS: Allow many Array steps to be used in type-tracking 2024-06-12 16:14:13 +02:00
Anders Schack-Mulligen
0c47203580 Javascript: Add support for pretty-printed provenace in tests. 2024-06-07 11:47:49 +02:00
am0o0
ee05ec0386 remove sanitnzer and add a where condition instead 
use a simpler where condition(the former sanitizer) for overcoming performance problems
 2024-06-06 14:16:41 +02:00
am0o0
61a11c6512 Or to or in docs 2024-06-06 14:10:15 +02:00
am0o0
c2f96a1352 fix a document 2024-05-25 19:35:20 +02:00
Am
2226f5126b Merge branch 'main' into amammad-js-hardcodedJWTKey 2024-05-25 13:40:46 +03:30
am0o0
c299b5657a Revert "stash" 
This reverts commit bdee99ae88.
 2024-05-25 12:03:00 +02:00
Asger F
3b211089d6 JS: Remove redundant import 2024-05-21 14:40:17 +02:00
Asger F
43abc72780 JS: Add TypeModel.isTypeUsed 
f
 2024-05-21 14:19:56 +02:00
Joe Farebrother
01a6c5e82f Merge pull request #16446 from joefarebrother/shared-sensitive-heuristics 
Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics
 2024-05-21 09:07:13 +01:00
Erik Krogh Kristensen
03cf9b702c Merge pull request #14291 from am0o0/amammad-js-CodeInjection_Shelljs 
JS: Shelljs improvement
 2024-05-17 11:14:11 +02:00
am0o0
42a9962519 make shellJSMember predicate private, improve predicate document 2024-05-16 14:05:06 +02:00
amammad
bdee99ae88 stash 2024-05-13 14:37:05 +02:00
Joe Farebrother
9aff22c664 Fix typos in sensitive data regex 2024-05-09 09:39:03 +01:00
Joe Farebrother
5f4bc4197b Add private category to sensitive data heuristics 2024-05-08 10:02:00 +01:00
erik-krogh
d9e8e0e00a use some more standard values for credentials-kind for NodeJS client credentials 2024-05-03 13:58:37 +02:00
Owen Mansel-Chan
83249cd9c2 Fix grammar in comment 2024-05-02 09:59:48 +01:00
Owen Mansel-Chan
16dcc0969b Standardise comment explaining why extensible predicates must be defined 2024-05-01 22:00:01 +01:00
Owen Mansel-Chan
09e59ccf44 Name files with empty definitions of MaD extensible predicates to erowdmpty.model.yml 2024-05-01 21:39:38 +01:00
Erik Krogh Kristensen
7e839792da Merge pull request #16330 from erik-krogh/del-deps-apr-2024 
All: delete outdated deprecations
 2024-04-30 10:43:39 +02:00
erik-krogh
baa31e1469 delete outdated deprecations 2024-04-25 22:19:28 +02:00
Asger F
d0c9e3f7ad JS: Expose InternalModuleNaming 2024-04-25 13:33:17 +02:00
Rasmus Wriedt Larsen
290b0fc4ab Merge pull request #16308 from asgerf/js/model-generation-quote 
JS: Fix naming issue in generated models
 2024-04-25 11:36:36 +02:00
Asger F
db07c162e4 JS: Allow generated models to use (package) 2024-04-23 20:25:55 +02:00
Asger F
e4f23b31c6 JS: Add quotes around package name to correct parsing 2024-04-23 20:04:23 +02:00
Nick Rolfe
003d208574 JS: do fewer regexp matches in SensitiveActions 2024-04-23 15:31:38 +01:00
Asger F
ac34b922ec Merge pull request #16241 from asgerf/js/re-export 
JS: Improve support for `export * as ...` declarations
 2024-04-19 10:03:17 +02:00
Asger F
3c885f3969 JS: Fix bug in MkClassInstance use-nodes 
This only worked when the RHS was a SourceNode, which is not generally the case
 2024-04-18 10:06:11 +02:00
Asger F
2dcb5fbd16 Ensure props are included in MkMemberLabel 2024-04-17 14:46:00 +02:00
Asger F
3eb4e39251 JS: Also do this for use-steps and exclude pseudo-properties 2024-04-17 14:45:58 +02:00
Asger F
55b9724f59 JS: Add store step into namespace re-export specifier 2024-04-17 14:14:12 +02:00