hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 09:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
7,931 Commits 1,754 Branches 167 Tags
aaeca325193deedc7ac8ea163cbe574514d44b94
Commit Graph

22 Commits

Author SHA1 Message Date
Max Schaefer
aaeca32519 JavaScript: Recognize string escaping using .replace with a callback. 2019-10-30 12:45:32 +00:00
Max Schaefer
bd1c99d8a4 JavaScript: Recognise JSON.stringify and JSON.parse as escaper/unescaper. 2019-10-30 12:38:05 +00:00
Max Schaefer
63f24476e9 JavaScript: Refactor DoubleEscaping.ql. 2019-10-30 10:59:14 +00:00
semmle-qlci
16c95d8c5e Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting 
Approved by xiemaisi
 2019-09-11 09:16:57 +01:00
Anders Schack-Mulligen
ca45fb5a60 JavaScript: Autoformat. 2019-09-06 09:04:51 +02:00
Esben Sparre Andreasen
a9665f53b8 JS: whitelist quote stripping for js/incomplete-sanitization 2019-09-05 09:47:49 +01:00
Esben Sparre Andreasen
ac0913c878 JS: add newline removal whitelist for js/incomplete-sanitization 2019-04-23 08:38:23 +02:00
Esben Sparre Andreasen
c80ee3df01 Mergeback: rc/1.20 into Semmle/master 2019-04-16 08:46:15 +02:00
Esben Sparre Andreasen
fd429ce639 JS: whitelist delimiter unwrapping for js/incomplete-sanitization 2019-04-12 08:38:44 +02:00
Esben Sparre Andreasen
364ba1b4ac JS: use RegExpLiteral as a SourceNode 2019-04-01 09:19:25 +02:00
Max Schaefer
c74db8bbbc JavaScript: Fix erroneous backticks in query help. 2019-03-08 15:28:03 +00:00
semmle-qlci
92a6e7e04c Merge pull request #932 from asger-semmle/cookbook-prepare 
Approved by xiemaisi
 2019-02-13 18:20:09 +00:00
Asger F
0fd9d157f8 JS: add DataFlow::Node.getStringValue() 2019-02-12 13:38:45 +00:00
Anders Schack-Mulligen
1182fca665 Javascript: Autoformat qls 2019-02-12 14:38:42 +01:00
Max Schaefer
3e26bc6446 JavaScript: Improve alert location and message for IncompleteSanitization. 
We now highlight the `replace` call (instead of the regular expression), and the alert message for the case of missing backslash escapes clarifies that it is talking about failure to escape backslashes in the input, not in the replacement text.
 2019-02-08 09:13:40 +00:00
Max Schaefer
43f4fe1a7e Update DoubleEscaping.qhelp 
Somewhat ironic, considering the object of the query.
 2019-01-21 18:48:22 +08:00
Max Schaefer
31bb39a810 JavaScript: Autoformat all QL files. 2019-01-07 10:15:45 +00:00
Esben Sparre Andreasen
a1d92bfa50 JS: generalize js/incomplete-sanitization to handle ConstantString 2018-12-11 13:39:15 +01:00
Max Schaefer
10166be535 JavaScript: Add new query DoubleEscaping. 2018-11-30 09:39:00 +00:00
Max Schaefer
58e384558c JavaScript: Improve query name and help for js/incomplete-sanitization. 
The query applies more generally to all kinds of string escaping and encoding, not just sanitization.
 2018-09-03 08:20:01 +01:00
Max Schaefer
41da997651 JavaScript: Teach IncompleteSanitization to recognize incomplete URL {en,de}coding. 2018-08-09 12:44:16 +01:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00