hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-09 15:41:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
16,324 Commits 1,754 Branches 167 Tags
b8154d41b17995c0248dcbafee307c93356c67d7
Commit Graph

78 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
b09015380a add support for String.prototype.replaceAll 2020-09-21 10:50:04 +02:00
Erik Krogh Kristensen
15a74493e0 more permissive path elements in js/incomplete-url-substring-sanitization 2020-08-13 11:46:13 +02:00
Erik Krogh Kristensen
1d111c3e1f expand what urls are detected by js/incomplete-url-substring-sanitization 2020-08-12 14:25:35 +02:00
Esben Sparre Andreasen
aa87008775 JS: typo fixups 2020-05-18 12:19:46 +02:00
Esben Sparre Andreasen
b3691cd0e9 JS: change MembershipTest to MembershipCandidate 2020-05-18 11:51:00 +02:00
Esben Sparre Andreasen
ddb545c182 JS: introduce MembershipTests.qll and use in two locations 2020-05-18 09:50:00 +02:00
Erik Krogh Kristensen
3568439769 change getAnElementRead to getASubstringRead 2020-05-05 13:33:21 +02:00
Erik Krogh Kristensen
fe02137d0b change naming of StringSplitCall methods 2020-05-05 13:27:14 +02:00
Erik Krogh Kristensen
89f45372d1 introduce StringSplitCall and use it 2020-05-05 09:13:15 +02:00
Asger Feldthaus
7da0345c6a JS: Autoformat 2020-04-06 12:30:04 +01:00
Asger Feldthaus
2c6beadf68 JS: Recognize more forms of scheme checks 2020-04-06 12:30:03 +01:00
Asger Feldthaus
fefcf1a7a6 JS: Autoformat everything 2020-02-27 09:41:01 +00:00
Asger F
66db38266b JS: Add qldoc to HostnameRegexpShared 2019-11-15 09:27:21 +00:00
Asger F
77e5305b9b Update javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:21 +00:00
Asger F
4d1f7836f2 JS: Check for [^.] 2019-11-15 09:27:21 +00:00
Asger F
a7a90b4b7e JS: Disregard capture groups in lookaround assertions 2019-11-15 09:27:20 +00:00
Asger F
153d34638b JS: Fix a FP 2019-11-15 09:27:20 +00:00
Asger F
8c5b9b9195 JS: Add missing post-anchor case to MissingRegExpAnchor 2019-11-15 09:27:20 +00:00
Asger F
17ad97812e JS: Fix FPs from TLDs without a domain name 2019-11-15 09:27:20 +00:00
Asger F
e45c361d64 JS: Port IncompleteHostnameRegExp 2019-11-15 09:27:20 +00:00
Asger F
9ecab1b5d5 JS: Port unanchored RegExp query but for hostnames only 2019-11-15 09:27:20 +00:00
Asger F
e5f2f9e43e JS: Do not flag semi-anchored regexps in .replace() 2019-11-15 09:27:20 +00:00
Asger F
3e37950170 JS: Whitelist one more FP case 2019-11-15 09:27:20 +00:00
Asger F
2b151cd587 JS: Include anchor direction in message 2019-11-15 09:27:20 +00:00
Asger F
3e952cf564 JS: Restrict semi-anchored regex query more 2019-11-15 09:27:19 +00:00
Asger F
8bc89ee254 JS: Update semi-anchored regex query 2019-11-15 09:27:19 +00:00
Esben Sparre Andreasen
2ea7d141c8 Merge pull request #2310 from max-schaefer/js/insufficient-url-scheme-check 
JavaScript: Add query `IncompleteUrlSchemeCheck`
 2019-11-14 22:13:02 +01:00
Max Schaefer
3b1e6c362c JavaScript: Address review comments. 2019-11-14 17:11:59 +00:00
Max Schaefer
f804d316d7 Update javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-13 12:24:19 +00:00
Max Schaefer
ab583b7994 JavaScript: Add query IncompleteUrlSchemeCheck.ql. 2019-11-13 10:27:18 +00:00
Sauyon Lee
0040c9fb4c Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00
Esben Sparre Andreasen
e1d7434be4 JS: add query js/useless-regexp-character-escape 2019-10-16 00:15:54 +02:00
Max Schaefer
df739e0fca JavaScript: Fix performance regression in IncorrectSuffixCheck. 2019-09-16 15:25:17 +01:00
semmle-qlci
e899250e87 Merge pull request #1894 from asger-semmle/fp-incorrect-suffix-check 
Approved by xiemaisi
 2019-09-09 15:33:47 +01:00
Asger F
7007698de4 JS: Fix the FP 2019-09-06 15:39:40 +01:00
Anders Schack-Mulligen
ca45fb5a60 JavaScript: Autoformat. 2019-09-06 09:04:51 +02:00
Max Schaefer
80cfe070d4 JavaScript: Fix inconsistency in MissingRegExpAnchor.qhelp. 2019-08-12 10:29:21 +01:00
Max Schaefer
d3016593e4 JavaScript: Remove extra backslashes in MissingRegExpAnchor.qhelp. 2019-07-29 15:23:09 +01:00
Esben Sparre Andreasen
04868e5b97 JS: format qhelp examples 2019-06-03 17:05:19 +02:00
Esben Sparre Andreasen
9e0a97e82f JS: address qhelp review comments 2019-06-03 16:39:39 +02:00
Esben Sparre Andreasen
bf51c54338 JS: add RegExpPatternSource::getAParse to hide the subclasses 2019-06-03 14:23:22 +02:00
Esben Sparre Andreasen
14644270ac JS: fix comment typo 2019-06-03 08:32:35 +02:00
Esben Sparre Andreasen
7018a38691 JS: improve tests and regexp for js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
3289c629f7 JS: address minor review comments 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
0fa73b8331 JS: add query js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
69db54a03a JS: add anchors to js/incomplete-hostname-regexp examples 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
3358e49698 JS: refactor the predicate RegExp::regexp to three classes. 
This preserves the ad hoc message formatting in IncompleteHostnameRegExp.ql
 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
98ae2597bb JS: refactor IncompleteHostnameRegExp::regexp to RegExp.qll 2019-06-03 08:27:49 +02:00
Asger F
9293010e4c JS: Fix some FPs in IncorrectSuffixCheck 2019-05-16 10:56:17 +01:00
Esben Sparre Andreasen
9c65277b53 JS: reformulate js/incomplete-hostname-regexp with type tracking 2019-04-12 08:51:28 +02:00