hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 12:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,312 Commits 1,697 Branches 161 Tags
abf21ba767e2a23c7ddeda6df33c36549f307da1
Commit Graph

1951 Commits

Author SHA1 Message Date
Asger F
c3806a2210 JS: Messy test output updates 
These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking
changes in the data flow library. I wanted the breaking-change updates to live in their own commits,
not just eaten by a merge resolution commit, so the test output became broken for a while.

The '#select' result set is unchanged in all of these, so they should be safe to accept.
 2024-06-27 11:59:56 +02:00
Asger F
ee10702e73 JS: Another provanance test output update 2024-06-27 11:56:01 +02:00
Asger F
2473274681 JS: Benign test output changes 2024-06-27 09:06:45 +02:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
aegilops
f22778960b Fixed expected test results for Helmet query 2024-06-26 11:31:57 +01:00
Asger F
ecf418b8f6 Merge branch 'main' into js/shared-dataflow 2024-06-25 11:48:41 +02:00
Asger F
bd3fccd1a8 JS: Update test output with provenance column 2024-06-25 10:30:56 +02:00
am0o0
5a69bbf6b0 use isTestFile from ClassifyFiles module file instead previous where condition, update tests accordingly 2024-06-07 06:11:48 +02:00
am0o0
e4ffdb848e add tests for new where condition, update expected test results 2024-06-06 14:30:06 +02:00
am0o0
d77513579f update tests 2024-05-25 12:15:25 +02:00
Paul Hodgkinson
65dfd4c860 Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-05-21 14:46:49 +01:00
aegilops
bda794fde7 Fixed wrong filenames in the InsecureHelmet tests 2024-05-21 14:34:58 +01:00
aegilops
8300aeb0a0 Tests for InsecureHelmet 2024-05-20 12:05:42 +01:00
Asger F
499c4df79b Merge pull request #13554 from am0o0/amammad-js-bombs 
JS: Decompression Bombs
 2024-05-16 13:25:41 +02:00
erik-krogh
39a8b49222 add qhelp recommendation that you can use an obvious placeholder value 2024-05-03 19:37:31 +02:00
erik-krogh
b209fc67cb test the change to hardcoded-credentials 2024-05-03 19:34:18 +02:00
Asger F
c408ab9e6a Merge branch 'main' into js/shared-dataflow 2024-05-02 19:43:34 +02:00
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
erik-krogh
129286aa1c allow more flow through .filter() 2024-03-13 12:03:00 +01:00
erik-krogh
bf22f4a870 update expected output 2024-02-22 13:21:11 +01:00
erik-krogh
396da117bb remove an FP in overly-large-range for [@-Z] 2024-01-25 14:15:06 +01:00
GitHub Security Lab
df10a7e7f0 Merge branch 'main' into amammad-js-bombs 2024-01-25 11:23:38 +01:00
erik-krogh
1a8a70dc1b mark the range [0-?] as good in the overly-large-range query 2024-01-17 13:11:57 +01:00
erik-krogh
a9f2b3fad6 promote PropsTaintStep to a PreCallGraphStep 2024-01-04 10:45:22 +01:00
Max Schaefer
dfffa1e237 Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-11-21 10:07:11 +00:00
Max Schaefer
d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
Max Schaefer
741735cc83 Port changes to JavaScript. 2023-10-26 14:47:24 +01:00
Max Schaefer
2c7291336d Move test files into right directory. 2023-10-26 12:16:52 +01:00
Max Schaefer
bb146a1758 JavaScript: Add support for rateLimit export from express-rate-limit package. 2023-10-26 12:14:57 +01:00
Asger F
9b46c4596c JS: Update HeuristicSoruceCodeInjection test 2023-10-13 13:15:08 +02:00
Asger F
bab639f23c JS: Update ReflectedXssWithCustomSanitizer test 2023-10-13 13:15:08 +02:00
Asger F
c55300d4b0 JS: Port PolynomialReDoS 2023-10-13 13:15:06 +02:00
Asger F
b8847dbc5d JS: Port Xxe 2023-10-13 13:15:06 +02:00
Asger F
c2d170b4fd JS: Port XpathInjection 2023-10-13 13:15:06 +02:00
Asger F
03f8c0fc5e JS: Port XmlBomb 2023-10-13 13:15:06 +02:00
Asger F
83095535f9 JS: Port UnvalidatedDynamicMethodCall 2023-10-13 13:15:06 +02:00
Asger F
ba9edb4e54 JS: Port UnsafeShellCommandConstruction 2023-10-13 13:15:06 +02:00
Asger F
d08e4504ff JS: Port UnsafeJQueryPlugin 2023-10-13 13:15:06 +02:00
Asger F
6e3f4bd7d8 JS: Port UnsafeHtmlConstruction 2023-10-13 13:15:06 +02:00
Asger F
7f4d42ddcd JS: Port UnsafeDynamicMethodAccess 2023-10-13 13:15:06 +02:00
Asger F
758f42495c JS: Port UnsafeDeserialization 2023-10-13 13:15:05 +02:00
Asger F
32022ccbda JS: Port UnsafeCodeConstruction 2023-10-13 13:15:05 +02:00
Asger F
5af608c937 JS: Port TypeConfusionThroughParameterTampering 2023-10-13 13:15:05 +02:00
Asger F
25962a9ba6 JS: Port TemplateObjectInjection 2023-10-13 13:15:05 +02:00
Asger F
51624c02a2 JS: Port TaintedFormatString 2023-10-13 13:15:05 +02:00
Asger F
63343b1ba4 JS: Port StackTraceExposure 2023-10-13 13:15:05 +02:00
Asger F
d446444667 JS: Port ShellCommandInjectionFromEnvironment 2023-10-13 13:15:05 +02:00
Asger F
06835a800c JS: Port SecondOrderCommandInjection 2023-10-13 13:15:05 +02:00