hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,450 Commits 1,673 Branches 157 Tags
a2e945645022db47e7c152a97d46f6bdedba1ce1
Commit Graph

4097 Commits

Author SHA1 Message Date
Alessio Della Libera
a2e9456450 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:31:21 +02:00
Alessio Della Libera
14c8e4ce76 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:30:45 +02:00
Alessio Della Libera
275b8dfda2 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:29:36 +02:00
Alessio Della Libera
9292e3b80e Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:28:39 +02:00
Alessio Della Libera
ab128f7172 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:27:26 +02:00
Alessio Della Libera
40e101de5a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:26:15 +02:00
Alessio Della Libera
97f039af3a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:25:11 +02:00
Alessio Della Libera
fb3ffb895a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:23:17 +02:00
Alessio Della Libera
e463014759 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:21:56 +02:00
Alessio Della Libera
5cae3005f3 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:20:22 +02:00
Alessio Della Libera
10bd745740 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:18:54 +02:00
Alessio Della Libera
8d26b810ee Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:17:16 +02:00
Alessio Della Libera
0c121062b6 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:13:54 +02:00
Alessio Della Libera
67fccac8a9 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:13:03 +02:00
ubuntu
8dee3da4fe Update .qhelp 2020-07-26 23:50:22 +02:00
ubuntu
ac7c511d86 Update .qhelp 2020-07-26 23:47:53 +02:00
ubuntu
2cec8f7e9d Update .qhelp 2020-07-26 23:23:56 +02:00
ubuntu
c469f71957 Add Codeql query to detect if cookies are sent without the flag being set 2020-07-26 22:56:36 +02:00
semmle-qlci
e167b87150 Merge pull request #3932 from max-schaefer/portals-additions 
Approved by esbena
 2020-07-09 11:43:45 +01:00
Max Schaefer
7a1410e0d5 JavaScript: Update and expand tests. 2020-07-09 09:25:52 +01:00
Max Schaefer
1c47260bde JavaScript: Add support for global variables to portals. 2020-07-09 09:12:56 +01:00
Max Schaefer
c40ef0556a JavaScript: Broaden scope of imports considered relevant to portals. 
Previously, we only considered an import relevant to portals if the path it imported was declared as a dependency. This falls down for deep imports where a specific module inside the package is imported rather than the default entry point, for imports of built-in modules like `fs`, and in cases where a developer simply forgets to declare a dependency.

So instead we now consider all imports relevant whose path does not start with a dot or a slash.
 2020-07-09 09:09:44 +01:00
Max Schaefer
8b4b5781e6 JavaScript: Add utility predicate getBasePortal(i). 
This iterates the existing `getBasePortal()` predicate `i` times.
 2020-07-09 09:08:18 +01:00
Anders Schack-Mulligen
67db1df00c C++/C#/JavaScript/Python: Port Location qldoc update. 2020-07-07 11:39:27 +02:00
semmle-qlci
fe0c5a9ea6 Merge pull request #3892 from asger-semmle/js/redirect-starts-with-sanitizer 
Approved by esbena
 2020-07-06 17:04:30 +01:00
semmle-qlci
6d80445f24 Merge pull request #3851 from erik-krogh/queryStuff 
Approved by esbena
 2020-07-06 14:40:41 +01:00
Erik Krogh Kristensen
9a944625d1 autoformat 2020-07-06 15:17:15 +02:00
semmle-qlci
13c3513d76 Merge pull request #3905 from erik-krogh/unsafeShellTypo 
Approved by esbena
 2020-07-06 11:41:56 +01:00
semmle-qlci
73d606d2c3 Merge pull request #3844 from github/esbena-patch-3 
Approved by erik-krogh
 2020-07-06 09:47:59 +01:00
Erik Krogh Kristensen
8585312271 fix typo in js/shell-command-constructed-from-input 2020-07-06 10:33:49 +02:00
Asger Feldthaus
b5104ae42d JS: Add StartsWith sanitizer 2020-07-03 14:46:07 +01:00
Asger Feldthaus
4c06eb8bfe JS: Add test showing FPs 2020-07-03 14:45:42 +01:00
Erik Krogh Kristensen
078b6a8df2 autoformat 2020-07-03 00:21:55 +02:00
Erik Krogh Kristensen
261821b32c Merge remote-tracking branch 'upstream/master' into queryStuff 2020-07-02 16:08:05 +02:00
semmle-qlci
b5c8f2238b Merge pull request #3805 from esbena/js/seal-freeze-flow 
Approved by asgerf
 2020-07-02 13:54:54 +01:00
Erik Krogh Kristensen
2b0a091921 split out type-tracking into two predicates, to avoid catastrophic join-order 2020-07-02 14:28:28 +02:00
semmle-qlci
97128b1475 Merge pull request #3829 from asger-semmle/js/xss-substr 
Approved by erik-krogh
 2020-07-02 11:58:32 +01:00
semmle-qlci
bfb734e1d7 Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3 
Approved by erik-krogh
 2020-07-02 08:30:45 +01:00
semmle-qlci
45ef3ec4a8 Merge pull request #3619 from erik-krogh/CWE022-Correctness 
Approved by asgerf
 2020-07-01 20:07:58 +01:00
semmle-qlci
66a6fe7317 Merge pull request #3853 from max-schaefer/js/canonical-names 
Approved by asgerf
 2020-07-01 16:08:59 +01:00
Max Schaefer
a6d8073987 JavaScript: Make getADefinition and getAnAccess available on all CanonicalNames. 2020-07-01 14:42:03 +01:00
Esben Sparre Andreasen
3ca6031ae5 JS: rename predicate 2020-07-01 15:27:28 +02:00
Esben Sparre Andreasen
75451e349a JS: teach the dataflow library identity functions Object.freeze/seal 2020-07-01 15:27:28 +02:00
Esben Sparre Andreasen
33c52761d4 JS: more dataflow and global access path testing 2020-07-01 15:26:25 +02:00
Erik Krogh Kristensen
3157cd724d add noSQL tests for type-tracking req.query 2020-07-01 11:45:09 +02:00
Erik Krogh Kristensen
bace2994c3 add test for type-tracking req.params 2020-07-01 11:38:54 +02:00
Erik Krogh Kristensen
8227010463 also use new type-tracking in isUserControlledObject 2020-07-01 11:32:51 +02:00
Erik Krogh Kristensen
ed48efe5b4 recognize access to a query object through function calls 2020-06-30 15:52:08 +02:00
semmle-qlci
224289c55f Merge pull request #3845 from max-schaefer/js/walk-sync 
Approved by asgerf
 2020-06-30 14:45:41 +01:00
semmle-qlci
42bca1a3fa Merge pull request #3824 from asger-semmle/js/static-regexp-capture-group-step 
Approved by erik-krogh, esbena
 2020-06-30 13:20:14 +01:00