hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 23:16:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,984 Commits 1,712 Branches 163 Tags
a1f210df67bcfd03ddc26123194ff06f5c49cefa
Commit Graph

68 Commits

Author SHA1 Message Date
Max Schaefer
a1f210df67 JavaScript: Address review comments. 2018-12-05 14:10:06 +00:00
Max Schaefer
22502e7a10 JavaScript: Add query help for FileAccessToHttp query. 2018-12-05 13:12:52 +00:00
Max Schaefer
92c1e655dd JavaScript: Add query help for HttpToFileAccess query. 2018-12-05 12:58:38 +00:00
Asger F
f85e30aa6c Merge pull request #571 from xiemaisi/js/numeric-constant-interpreted-as-code 
JavaScript: Add new query `HardcodedDataInterpretedAsCode`.
 2018-11-29 17:07:48 +00:00
Max Schaefer
5f16406ad7 JavaScript: Add new query HardcodedDataInterpretedAsCode. 2018-11-29 09:52:31 +00:00
Max Schaefer
506236994f JavaScript: Address doc review comments. 2018-11-29 09:49:13 +00:00
Max Schaefer
45574d4eaa JavaScript: Minor change to documentation to facilitate opening another PR. 2018-11-28 13:53:28 +00:00
Max Schaefer
39f1c7904b JavaScript: Address review comments. 2018-11-28 09:44:58 +00:00
Max Schaefer
f1c538a97b JavaScript: Restrict RemotePropertyInjection query to avoid double-reporting. 
This query now only flags user-controlled property and header writes, method calls are handled by the new unsafe/unvalidated method call queries.
 2018-11-28 08:16:31 +00:00
Max Schaefer
2889e07eb8 JavaScript: Add new query UnvalidatedDynamicMethodCall. 2018-11-28 08:16:31 +00:00
Asger F
27c9326e70 JS: address doc review 2018-11-21 14:19:14 +00:00
Asger F
4ae2493798 JS: rename query to Unsafe Dynamic Method Access 2018-11-21 12:34:18 +00:00
Asger F
cb832b1de9 Merge branch 'unsafe-global-object-access' of github.com:asger-semmle/ql into unsafe-global-object-access 2018-11-21 11:14:21 +00:00
Asger F
84d642612e JS: more comments 2018-11-21 11:14:13 +00:00
Max Schaefer
fa761c07bd Update javascript/ql/src/Security/CWE-094/MethodNameInjection.ql 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2018-11-21 10:55:38 +00:00
Asger F
4138f814d8 JS: expand example 2018-11-20 18:42:49 +00:00
Asger F
1c06f45046 JS: address some comments 2018-11-20 18:11:46 +00:00
Asger F
2239f863f7 JS: add query MethodNameInjection 2018-11-20 15:57:18 +00:00
Max Schaefer
6021d2499d JavaScript: Remove accidentally committed .actual file. 2018-11-19 12:24:19 +00:00
Max Schaefer
3fcd02ab0e JavaScript: Rename hasPathFlow to hasFlowPath for consistency with other languages. 2018-11-14 11:23:17 +00:00
Max Schaefer
52ae757279 JavaScript: Select Nodes (instead of PathNodes) everywhere. 2018-11-14 09:16:40 +00:00
Max Schaefer
e365b722ee JavaScript: Select source and sink in all path queries. 2018-11-14 09:16:40 +00:00
Max Schaefer
d5af008e31 JavaScript: Adjust ConditionalBypass query. 2018-11-14 09:16:40 +00:00
Max Schaefer
11d6259dbf JavaScript: Move from Node to PathNode. 2018-11-14 09:16:40 +00:00
Max Schaefer
8d87f556e1 JavaScript: Add import DataFlow::PathGraph. 2018-11-14 09:16:40 +00:00
Max Schaefer
60a1357092 JavaScript: Make all taint-based security queries have @kind path-problem. 2018-11-14 09:16:40 +00:00
Max Schaefer
65bcf0f526 JavaScript: Refactor security queries for uniformity. 2018-11-14 09:16:40 +00:00
Max Schaefer
9b4ae9e4d3 JavaScript: Refactor HostHeaderPoisoningInEmailGeneration query. 2018-11-14 09:16:40 +00:00
Max Schaefer
c51cd50133 JavaScript: Remove a few unnecessary imports. 2018-11-14 09:16:40 +00:00
semmle-qlci
3c49bc6e67 Merge pull request #407 from asger-semmle/email-xss 
Approved by xiemaisi
 2018-11-08 10:53:10 +00:00
Asger F
e0d5557ef4 JS: add email HTML body as XSS sink 2018-11-07 11:31:40 +00:00
Max Schaefer
5ffe45a80b JavaScript: Fix mixed tabs/spaces in qhelp. 2018-11-07 07:40:51 +00:00
Max Schaefer
7702b58794 Merge pull request #305 from asger-semmle/json-taint-kind 
JS: Add flow label for tainted objects and sharpen NosqlInjection
 2018-10-22 11:58:50 +01:00
Esben Sparre Andreasen
ffbbb807f4 JS: avoid flagging early returns in js/user-controlled-bypass 2018-10-16 08:39:59 +02:00
Asger F
d72d7345b8 JS: make NosqlInjection use object taint 2018-10-10 17:05:59 +01:00
Esben Sparre Andreasen
358b6c3413 JS: change "remote request" to "network request" 2018-10-10 15:34:39 +02:00
Esben Sparre Andreasen
e93545d16e JS: address more review comments 2018-10-10 15:28:42 +02:00
Esben Sparre Andreasen
b00aa36cdc JS: polish HttpToFileAccess.ql 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
d261915598 JS: polish FileAccessToHttp.ql 2018-10-10 12:12:54 +02:00
Asger F
d2af4ab94a Merge pull request #227 from xiemaisi/js/taint-kinds 
JavaScript: Add support for state-based taint tracking.
 2018-10-08 15:09:12 +01:00
semmle-qlci
98254e87e1 Merge pull request #132 from denislevin/denisl/js/HttpToFileAccessTest 
Approved by xiemaisi
 2018-10-04 14:06:46 +01:00
Max Schaefer
4e4ef520ab JavaScript: Rename a predicate in CommandInjection.qll. 2018-10-03 15:49:02 +01:00
Denis Levin
e147e690ee Merge branch 'master' into denisl/js/HttpToFileAccessTest 2018-10-02 15:13:35 -07:00
Bas van Schaik
c4eb6f0056 fix JS example based on LGTM.com alerts 
1f7ef5b0d7/files/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js (x95b0280fcab9007a):1
1f7ef5b0d7/files/javascript/ql/src/Security/CWE-079/examples/StoredXss.js (xaef03a63aa3e02e4):1
 2018-10-02 14:47:52 +01:00
Denis Levin
9c487bc6d9 Merge branch 'master' 2018-10-01 14:51:56 -07:00
Asger F
d005d7127f JS: address doc review 2018-10-01 10:58:38 +01:00
Asger F
e4c8653549 JS: Factor RequestHeaderAccess into separate class 2018-09-27 16:28:58 +01:00
Asger F
c879654796 JS: add qhelp 2018-09-27 10:21:57 +01:00
Asger F
46336a5643 JS: Add HostHeaderPoisoningInEmailGeneration query 2018-09-27 10:20:35 +01:00
Denis Levin
8152cefa60 Squished changes for HttpToFileAccess commint 2018-09-21 16:44:01 -07:00