hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-15 09:51:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
29,770 Commits 1,784 Branches 169 Tags
b2016bddac4cdae9b97dc9eb4ea4e8dd44643523
Commit Graph

6764 Commits

Author SHA1 Message Date
Asger Feldthaus
b2016bddac JS: Merge concepts of client/database in MongoDB model 2021-12-15 16:00:19 +01:00
Asger Feldthaus
23480b2d8f JS: Remove stray TODO 2021-12-07 10:49:14 +01:00
Asger F
614c80706f Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-07 10:48:44 +01:00
Asger Feldthaus
5559681916 JS: Change note 2021-12-07 10:46:18 +01:00
Asger Feldthaus
635ac0a209 JS: Fix perf issue in data flow step generation 2021-12-07 10:46:18 +01:00
Asger Feldthaus
da8e67b7ee JS: Use routing trees to detect deeply tainted req.body 2021-12-07 10:46:18 +01:00
Asger Feldthaus
7492293c5b JS: Add test with route handler indirection 2021-12-07 10:46:18 +01:00
Asger Feldthaus
3cbe94ac0a JS: Add consistency checks to TemplateObjectInjection test 2021-12-07 10:46:18 +01:00
Asger Feldthaus
64db70f3ac JS: Add explicit body-parsers to TemplateObjectInjection test 2021-12-07 10:46:18 +01:00
Asger Feldthaus
8af430d40f JS: Shift line numbers in TemplateObjectInjection test 2021-12-07 10:46:17 +01:00
Asger Feldthaus
5f8ea3965d JS: Do not flag auth endpoints that are immune to Login CSRF 2021-12-07 10:46:17 +01:00
Asger Feldthaus
66b1612e5e JS: Treat non-cookie based auth as CSRF preventer 2021-12-07 10:46:17 +01:00
Asger Feldthaus
b73219392b JS: Improve precision of missing CSRF middleware 2021-12-07 10:46:17 +01:00
Asger Feldthaus
d0e94e655d JS: Exclude error handling from auth calls 2021-12-07 10:46:17 +01:00
Asger Feldthaus
400bf10cc3 JS: Move fastify-specific route handler step into extension point 2021-12-07 10:46:17 +01:00
Asger Feldthaus
71820569e1 JS: Instantiate for Fastify 2021-12-07 10:46:15 +01:00
Asger Feldthaus
cfb9265f0a JS: Add template steps for res.locals.x 2021-12-07 10:44:53 +01:00
Asger Feldthaus
5269933461 JS: Port missing rate limiting query 2021-12-07 10:44:19 +01:00
Asger Feldthaus
389a3c9073 JS: Port CSRF query 2021-12-07 10:43:06 +01:00
Asger Feldthaus
16fa066636 JS: Fix false negative in Mongo model 2021-12-07 10:43:05 +01:00
Asger Feldthaus
3dd5d4d7b4 JS: Instantiate for Express and add tests 2021-12-07 10:43:03 +01:00
Asger Feldthaus
aae4260819 JS: Routing model 2021-12-07 10:41:55 +01:00
Asger Feldthaus
e9575c3df6 JS: Support AdditionalUseStep in API graphs 2021-12-07 10:41:52 +01:00
Erik Krogh Kristensen
a077345227 Merge pull request #7180 from erik-krogh/apiLabel2 
JS: Make the edges of API-graphs into IPA types
 2021-12-01 15:33:04 +01:00
Erik Krogh Kristensen
0a3d62c92a rename mod -> module 2021-12-01 13:48:16 +01:00
Erik Krogh Kristensen
148da611c6 make the ApiLabel class non-abstract 2021-12-01 13:45:52 +01:00
yoff
e63f9141e5 Merge pull request #7233 from RasmusWL/fix-cleartext-logging-cwes 
JS/Py: Fix cleartext logging CWEs
 2021-11-29 15:58:10 +01:00
Erik Krogh Kristensen
c13cad7e87 Merge branch 'main' into apiLabel2 2021-11-29 13:43:11 +01:00
Henry Mercer
29eb66d772 JS: Add ML models to .gitignore 2021-11-25 17:06:37 +00:00
Henry Mercer
2af509595b JS: Add ML models specification to ATM query pack definition 
This will allow us to resolve the ATM machine learning models that will
be distributed within this pack.
 2021-11-25 16:42:38 +00:00
Erik Krogh Kristensen
1e752f305d apply the explicit this patch to new code 2021-11-24 15:26:19 +01:00
Erik Krogh Kristensen
08ce03cd93 Merge branch 'main' into explicit-this 2021-11-24 15:24:58 +01:00
Rasmus Wriedt Larsen
c05ffd4d00 JS/PY: Remove CWE-315 form CleartextLogging 
Since it is not relevant for this query:

CWE-315: Cleartext Storage of Sensitive Information in a Cookie

See https://cwe.mitre.org/data/definitions/315.html
 2021-11-24 14:59:18 +01:00
Erik Krogh Kristensen
87a1ccd428 Merge branch 'main' into getRubyInSync 2021-11-23 20:20:37 +01:00
Henry Mercer
245edd41ff Merge pull request #7186 from github/henrymercer/rename-available-models-predicate 
JS: [Internal only] Rename the available ML models external predicate
 2021-11-22 18:26:46 +00:00
Erik Krogh Kristensen
e9df860431 refactor implementation to make Label implementations private 2021-11-22 12:17:19 +01:00
Erik Krogh Kristensen
6060f2e3e3 remove unused alias edge 2021-11-22 09:03:40 +01:00
Erik Krogh Kristensen
c369b28a2a optimizations in global data flow 2021-11-22 09:03:40 +01:00
Erik Krogh Kristensen
f39872e649 cache more predicates 2021-11-22 09:03:36 +01:00
Erik Krogh Kristensen
089d030bc2 make ApiLabel into a IPA type, and cache the public API of ApiGraphs 2021-11-22 09:03:33 +01:00
Henry Mercer
8ba864e897 JS: Rename the available ML models external predicate 2021-11-19 12:56:03 +00:00
Anders Schack-Mulligen
1f3f7e9ccc Merge pull request #7169 from erik-krogh/useMatches 
use matches instead of regexpMatch/prefix/suffix
 2021-11-19 11:42:47 +01:00
Erik Krogh Kristensen
ee858d840e get ReDoSUtil in sync for ruby 2021-11-18 16:49:34 +01:00
Erik Krogh Kristensen
011fc20963 use matches instead of regexpMatch 2021-11-18 15:41:25 +01:00
Erik Krogh Kristensen
2af7817691 use min() instead of rank[1] 2021-11-18 14:26:55 +01:00
Erik Krogh Kristensen
1cca377e7d Merge pull request #6561 from erik-krogh/htmlReg 
JS/Py/Ruby: add a bad-tag-filter query
 2021-11-18 09:39:13 +01:00
Erik Krogh Kristensen
474c808373 Merge pull request #7137 from erik-krogh/functionExport 
JS: recognize library inputs when the library exports "through" a function
 2021-11-17 09:49:02 +01:00
Erik Krogh Kristensen
a7cd097ca2 Merge pull request #6756 from erik-krogh/extractBigReg 
JS: extract regexp literals for string concatenations
 2021-11-16 13:33:21 +01:00
Erik Krogh Kristensen
b9ea4a8709 recognize library inputs when the library exports "through" a function 2021-11-15 22:43:38 +01:00
Erik Krogh Kristensen
12c24c07df improve the got model 2021-11-15 21:52:12 +01:00