hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,717 Commits 1,693 Branches 161 Tags
97681ea2191cea11dbbb5d5b620d31682af8d35f
Commit Graph

718 Commits

Author SHA1 Message Date
erik-krogh
97681ea219 simplify code after review 2022-08-12 20:27:50 +02:00
erik-krogh
3403e2f325 apply suggestions from code review 2022-08-12 20:25:55 +02:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen
add9e9dac4 Merge pull request #9548 from erik-krogh/exports 
JS: support the "exports" property in a package.json
 2022-08-09 12:16:12 +02:00
Asger F
fdcb1fa115 Merge pull request #9928 from asgerf/js/source-node-type 
JS: Simplify type hierarchy for SourceNode
 2022-08-08 16:53:20 +02:00
Evgenii Protsenko
50264547bf make array taint-step better 2022-08-08 11:00:11 +02:00
Asger F
98a9cb0b55 JS: Simplify type hierarchy for SourceNode 
The charpred caused spurious type to appear
 2022-07-29 19:44:10 +02:00
Henti Smith
018a76bb17 Merge pull request #9857 from github/henti/new_actions_predicates 
Added Workflow.getName and Step.GetId
 2022-07-19 16:12:54 +01:00
Henti Smith
dcc76ddf36 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-07-19 15:53:12 +01:00
Henti Smith
0828474192 Added Workflow::getName and Step::GetId 2022-07-19 15:34:10 +01:00
Asger F
855d4c2ea1 Merge pull request #9718 from asgerf/js/case-sensitive-middleware 
JS: Add 'case sensitive middleware' query
 2022-07-14 10:47:58 +02:00
Erik Krogh Kristensen
43a82004b2 Merge pull request #9798 from erik-krogh/backtrackers 
JS: use small steps in TypeBackTracker correctly
 2022-07-14 10:28:07 +02:00
Asger F
18c5a8c8da Merge branch 'main' into js/case-sensitive-middleware 2022-07-14 09:38:35 +02:00
Erik Krogh Kristensen
fd10947ca0 use small steps in TypeBackTracker correctly 2022-07-13 10:29:57 +02:00
Erik Krogh Kristensen
a49d34cf0f Merge branch 'main' into missDocParam 2022-07-13 09:58:04 +02:00
Erik Krogh Kristensen
7dd095c0d2 Merge pull request #9756 from erik-krogh/greyMatter 
JS: add model for the gray-matter library to js/code-injection
 2022-07-01 12:19:12 +02:00
Erik Krogh Kristensen
ef0ec396c4 Merge pull request #9754 from erik-krogh/chownr 
JS: add model for chownr
 2022-06-30 22:02:45 +02:00
Erik Krogh Kristensen
11be15aab1 inline field into the charpred 2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen
f71a64b99d recognize when the js engine in gray-matter is set to something safe 2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen
22d285f777 add model for the gray-matter libary to js/code-injection 2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen
7cef4322e7 add model for chownr 2022-06-29 22:09:23 +02:00
Erik Krogh Kristensen
0e4954a68c add navigation.navigate as an XSS / URL sink 2022-06-29 14:56:20 +02:00
Erik Krogh Kristensen
112caa3f5d rewrite qldoc based on review 2022-06-28 13:23:44 +02:00
Asger F
c33690381e JS: Add explicit 'this' 2022-06-28 10:21:44 +02:00
Erik Krogh Kristensen
34e7589844 sanitize non-strings from unsafe-html-construction 2022-06-27 13:53:44 +02:00
Asger F
9e4116618a JS: Add CaseSensitiveMiddlewarePath query 2022-06-27 09:08:37 +02:00
Erik Krogh Kristensen
28ac47689f changes based on reviews 2022-06-24 13:11:46 +02:00
Erik Krogh Kristensen
724721c5c8 fix typo 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
22871138c6 simplify the recursion between TTrace and isReachableFromStartTuple 
similar to the fix made by Shack in `ExponentialBackTracking.qll`
 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
be37763125 improve performance of process() by pruning accept states early 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
14204be2f9 add missing qldoc 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3bea7df45d add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
6b0df9bdfb refactor the concretize algorithm 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
dbeae9aefb make a parameterized module out of the RegexpMatching implementation 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3be4a86acd make ReDoSPruning into a parameterized module 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
dc06e9df02 move predicates that depend on isReDoSCandidate into a ReDoSPruning module 2022-06-23 14:36:24 +02:00
Rasmus Wriedt Larsen
3248f7b423 Merge pull request #9649 from RasmusWL/certificate-modeling 
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
 2022-06-23 12:04:58 +02:00
Rasmus Wriedt Larsen
2ce4b7b9fc SensitiveDataHeuristics: sync 2022-06-22 11:05:14 +02:00
Erik Krogh Kristensen
e1c34c11ed add all jquery plugin parameters as source to js/html-constructed-from-input 2022-06-21 13:22:56 +02:00
Asger F
b46ba896dd Merge pull request #9616 from asgerf/js/without-prop-step-await 
JS: Add withoutPropStep and model raw 'await' step with it
 2022-06-21 09:06:01 +02:00
Erik Krogh Kristensen
79696c6c5f Merge pull request #9572 from erik-krogh/heuristicSteps 
JS: add heuristic taint-step for potentially unmodelled libraries
 2022-06-21 09:00:58 +02:00
Asger F
a0d3a6b5b1 JS: Add withoutPropStep and model 'await' steps with it 2022-06-20 20:16:07 +02:00
Asger F
5610f654e9 JS: Add PackageJson.getTypingsModule 2022-06-17 14:40:22 +02:00
Erik Krogh Kristensen
ce323e215b add heuristic taint-step for potentially unmodelled libraries, and meta query for counting potential unmodelled steps 2022-06-15 20:27:49 +02:00
Erik Krogh Kristensen
cb0a6936ad add support for the "exports" property in a package.json 2022-06-14 13:31:47 +02:00
Erik Krogh Kristensen
92d1c84f05 bind the result in JsonValue::getBooleanValue 2022-06-14 13:22:09 +02:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
Asger F
db0ac7b3b3 JS: Fix cartesian product in TypeConfusionThroughParameterTampering 2022-06-01 11:37:23 +02:00