hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 12:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,128 Commits 1,686 Branches 158 Tags
ac6554b7da88d81d44e06265018fd847b4de007e
Commit Graph

202 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
ac6554b7da Merge branch 'master' into js/improve-getAResponseDataNode 2019-09-17 13:18:41 +02:00
Esben Sparre Andreasen
a5645e168a JS: exclude keys from whitelist 2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen
0e2d2f8662 JS: whitelist some hardcoded dummy-passwords in two queries 2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen
086c473c18 JS: sharpen js/http-to-file-access 2019-09-11 12:05:33 +02:00
Esben Sparre Andreasen
ee106ccff9 JS: simplify asExpr().getStringValue() calls 2019-09-11 10:56:57 +02:00
Esben Sparre Andreasen
aab17850d1 JS: eliminate redundant ConstantString casts 2019-09-11 10:56:49 +02:00
semmle-qlci
16c95d8c5e Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting 
Approved by xiemaisi
 2019-09-11 09:16:57 +01:00
Esben Sparre Andreasen
f7bfc472c1 JS: treat server responses as untrusted for command injections 2019-09-11 09:38:18 +02:00
semmle-qlci
e899250e87 Merge pull request #1894 from asger-semmle/fp-incorrect-suffix-check 
Approved by xiemaisi
 2019-09-09 15:33:47 +01:00
Asger F
7007698de4 JS: Fix the FP 2019-09-06 15:39:40 +01:00
Anders Schack-Mulligen
ca45fb5a60 JavaScript: Autoformat. 2019-09-06 09:04:51 +02:00
Esben Sparre Andreasen
a9665f53b8 JS: whitelist quote stripping for js/incomplete-sanitization 2019-09-05 09:47:49 +01:00
Asger F
5aa948cd17 JS: Add angular.merge sink to prototype pollution query 2019-09-04 16:14:51 +01:00
Asger F
a41a23fdba JS: Raise precision of prototype-pollution query 2019-09-02 11:00:24 +01:00
Max Schaefer
020d31c3b6 JavaScript: Fix inconisstency in TaintedPath.qhelp. 2019-08-12 10:29:41 +01:00
Max Schaefer
80cfe070d4 JavaScript: Fix inconsistency in MissingRegExpAnchor.qhelp. 2019-08-12 10:29:21 +01:00
semmle-qlci
77ae2bc8b7 Merge pull request #1684 from asger-semmle/protopollution-qhelp 
Approved by xiemaisi
 2019-08-05 11:06:34 +01:00
Asger F
fcc51a8407 JS: Fix lodash version in proto pollution qhelp 2019-08-02 16:42:36 +01:00
semmle-qlci
34cdf7c96b Merge pull request #1677 from xiemaisi/js/flow-summary-fixes 
Approved by esben-semmle
 2019-08-02 14:02:47 +01:00
Max Schaefer
e06ed503ec JavaScript: Make flow summaries work for non-taint configurations. 
With flow labels it often makes more sense to use a `DataFlow::Configuration` rather than a `TaintTracking::Configuration`, so flow summaries should support both.
 2019-08-02 11:45:41 +01:00
semmle-qlci
07b97dcc07 Merge pull request #1672 from asger-semmle/flowlabel-issers 
Approved by xiemaisi
 2019-08-02 10:05:41 +01:00
Asger F
e09c22e67d JS: Add FlowLabel.isData() and .isTaint() 2019-08-01 15:22:51 +01:00
Esben Sparre Andreasen
bf4a324a86 JS: add query js/indirect-command-line-injection 2019-07-31 09:24:25 +02:00
Max Schaefer
d3016593e4 JavaScript: Remove extra backslashes in MissingRegExpAnchor.qhelp. 2019-07-29 15:23:09 +01:00
Chris Gavin
bce153648e JavaScript: Update link to the OWASP XSS prevetion cheat sheet. 2019-06-24 23:21:14 +01:00
Max Schaefer
d233cea79d JavaScript: Lower precision of PasswordInConfigurationFile. 
In spite of recent improvements, this query is still too noisy to show
by default.
 2019-06-05 08:09:19 +01:00
Max Schaefer
a4876270ec JavaScript: Tweak PasswordInConfigurationFile alerts. 
Only highlight first line, and include the password in the alert
message.
 2019-06-05 08:09:19 +01:00
semmle-qlci
80ff63a3bb Merge pull request #1387 from esben-semmle/js/unanchored-url-regex 
Approved by mc-semmle, xiemaisi
 2019-06-03 17:27:08 +01:00
Esben Sparre Andreasen
04868e5b97 JS: format qhelp examples 2019-06-03 17:05:19 +02:00
Esben Sparre Andreasen
9e0a97e82f JS: address qhelp review comments 2019-06-03 16:39:39 +02:00
Esben Sparre Andreasen
bf51c54338 JS: add RegExpPatternSource::getAParse to hide the subclasses 2019-06-03 14:23:22 +02:00
Max Schaefer
d8a101df6d JavaScript: Shrink Configurations.qll some more. 2019-06-03 10:32:25 +01:00
Esben Sparre Andreasen
14644270ac JS: fix comment typo 2019-06-03 08:32:35 +02:00
Esben Sparre Andreasen
7018a38691 JS: improve tests and regexp for js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
3289c629f7 JS: address minor review comments 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
0fa73b8331 JS: add query js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
69db54a03a JS: add anchors to js/incomplete-hostname-regexp examples 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
3358e49698 JS: refactor the predicate RegExp::regexp to three classes. 
This preserves the ad hoc message formatting in IncompleteHostnameRegExp.ql
 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
98ae2597bb JS: refactor IncompleteHostnameRegExp::regexp to RegExp.qll 2019-06-03 08:27:49 +02:00
Max Schaefer
3097037a6f Merge pull request #1290 from esben-semmle/js/semver-lib 
JS: add SemVer library
 2019-05-31 08:09:24 +01:00
Max Schaefer
5ac408d641 JavaScript: Remove a few more configurations from AllConfigurations.qll. 
This works around BDD node exhaustion we get due to the complex type
hierarchy caused by importing many configurations at once. I've also
renamed the library accordingly.
 2019-05-30 13:13:16 +01:00
Esben Sparre Andreasen
eb13ab52cf JS: sharpen js/prototype-pollution with version analysis 2019-05-27 22:32:32 +02:00
semmle-qlci
2b5b8751ea Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps 
Approved by esben-semmle, xiemaisi
 2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen
3af3c5413b Merge pull request #1318 from asger-semmle/prototype-pollution-query2 
Move prototype pollution query into suite
 2019-05-21 12:23:41 +02:00
Asger F
ba69e19e95 JS: Address doc review 2019-05-20 16:46:27 +01:00
Asger F
9293010e4c JS: Fix some FPs in IncorrectSuffixCheck 2019-05-16 10:56:17 +01:00
Asger F
682f2790cd JS: Address comments 2019-05-15 10:09:56 +01:00
Asger F
778244878a JS: Normalize whitespace 2019-05-14 10:31:28 +01:00
Asger F
fd9765b99f JS: Add qhelp 2019-05-13 17:31:12 +01:00
Asger F
0c715f7540 JS: Lower precision to medium 2019-05-13 15:20:40 +01:00