hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 15:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,601 Commits 1,673 Branches 157 Tags
bed8a68d2805a68096eff3d1c3c94068eda9baa2
Commit Graph

4673 Commits

Author SHA1 Message Date
CodeQL CI
9ff6d68a9b Merge pull request #4778 from asgerf/js/more-prototype-pollution 
Approved by erik-krogh, mchammer01
 2020-12-11 13:58:09 -08:00
Asger F
ed729a1963 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-12-09 09:59:55 +00:00
Asger Feldthaus
fd293d07d7 JS: Address doc review 2020-12-09 09:58:52 +00:00
CodeQL CI
8129d0c0ac Merge pull request #4762 from asgerf/js/template-sinks-in-code-injection 
Approved by erik-krogh, mchammer01
 2020-12-07 04:35:11 -08:00
Asger Feldthaus
04f51bef5e JS: Add missing qldoc 2020-12-07 10:52:38 +00:00
Asger Feldthaus
f96c425a72 JS: Deny -> block 2020-12-07 10:50:01 +00:00
Asger Feldthaus
254ac7f963 JS: Fix TypeofCheck 2020-12-07 10:46:00 +00:00
Asger Feldthaus
0496642b0b JS: Add test for captured flow into callback 2020-12-07 10:34:27 +00:00
Asger Feldthaus
355cfaaf42 JS: Autoformat 2020-12-07 10:16:39 +00:00
Asger Feldthaus
1b0bec9143 JS: Remove magic from barrier guard predicates 2020-12-07 10:16:39 +00:00
Asger Feldthaus
fe86465a0b JS: Refactor store/load flow a bit 2020-12-07 10:16:38 +00:00
Asger Feldthaus
f132b4a279 JS: Add type confusion sink for prototype pollution checks 2020-12-07 10:16:38 +00:00
Asger Feldthaus
e10a22ec26 JS: Restrict size of some predicates 2020-12-07 10:16:38 +00:00
Asger Feldthaus
daab3c1437 JS: Add tests and fix some bugs 2020-12-07 10:16:38 +00:00
Asger Feldthaus
0a7513fdfb JS: Move and rename test cases as well 2020-12-07 10:16:38 +00:00
Asger Feldthaus
479dcf56ad JS: Update to use more inclusive language 2020-12-07 10:16:38 +00:00
Asger Feldthaus
ca38a1c8b9 JS: Update CWE tags 2020-12-07 10:16:38 +00:00
Asger Feldthaus
25161ed338 JS: Move all prototype pollution queries to CWE-915 2020-12-07 10:16:38 +00:00
Asger Feldthaus
877b4b0752 JS: Move and rename other prototype pollution queries 2020-12-07 10:16:38 +00:00
Asger Feldthaus
972c4d61e5 JS: Add PrototypePollutingAssignment 2020-12-07 10:16:38 +00:00
Asger Feldthaus
ef52c46aed JS: Add spread step in TaintedObject 2020-12-07 10:16:37 +00:00
CodeQL CI
0f5f0ed99e Merge pull request #4776 from asgerf/js/electron-openshell 
Approved by erik-krogh
 2020-12-04 09:12:44 +00:00
Asger Feldthaus
f0516dd9e0 JS: Address review comments 2020-12-04 09:07:44 +00:00
Asger Feldthaus
20d9848f07 JS: Add test case 2020-12-03 15:08:43 +00:00
Asger Feldthaus
68d2bc861d JS: Update test expectations 2020-12-03 15:01:50 +00:00
Asger Feldthaus
757398f5fd JS: Add upgrade script and stats 2020-12-03 13:58:39 +00:00
Asger Feldthaus
3b3052d792 JS: Autoformat 2020-12-03 13:58:39 +00:00
Asger Feldthaus
5676891e44 JS: Add TemplateLiteralTypeExpr 2020-12-03 13:58:39 +00:00
Asger F
254072dd6d Merge pull request #4546 from toufik-airane/main 
JS: Add ElectronShellOpenExternalSink class for Electron framework security
 2020-12-03 13:20:46 +00:00
CodeQL CI
edbbc846d0 Merge pull request #4753 from max-schaefer/js/more-nosql-query-args 
Approved by asgerf, mchammer01
 2020-12-03 08:46:47 +00:00
Asger Feldthaus
412939d071 JS: Autoformat 2020-12-02 13:08:32 +00:00
Asger Feldthaus
5561e8f1f6 JS: Delete old query and update qhelp 2020-12-01 17:05:48 +00:00
Asger Feldthaus
6211fe718b JS: Add test 2020-12-01 17:05:48 +00:00
Asger Feldthaus
1459d9197d JS: Adjust alert message for template sinks 2020-12-01 17:05:48 +00:00
Asger Feldthaus
8412a6bcbb JS: Add template injection sinks to js/code-injection 2020-12-01 17:05:48 +00:00
Max Schaefer
978d2db252 JavaScript: Add models for more Mongoose methods. 2020-11-30 16:32:13 +00:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Jonas Jensen
ad4b2beafa Merge pull request #4727 from criemen/remove-abstract-classes 
C++/C#/JS/Python/Java XML.qll: Remove abstract from class hierarchy.
 2020-11-27 08:17:21 +01:00
Cornelius Riemenschneider
3bfb398516 Autoformat XML.qll. 2020-11-25 18:20:50 +01:00
Cornelius Riemenschneider
7eec988fb5 XML.qll: Remove abstract from class hierarchy. 2020-11-25 17:22:03 +01:00
CodeQL CI
34ffcb5677 Merge pull request #4593 from asgerf/js/react-hot 
Approved by erik-krogh
 2020-11-25 12:01:38 +00:00
CodeQL CI
395403789e Merge pull request #4585 from erik-krogh/moreReDoS 
Approved by asgerf
 2020-11-24 18:52:36 +00:00
CodeQL CI
4be158b362 Merge pull request #4708 from erik-krogh/emptyName 
Approved by asgerf
 2020-11-24 17:34:55 +00:00
CodeQL CI
8c68463e76 Merge pull request #4711 from erik-krogh/locType 
Approved by asgerf
 2020-11-24 13:10:32 +00:00
Erik Krogh Kristensen
f03429a4b8 change description for source root folder 2020-11-23 23:46:44 +01:00
Erik Krogh Kristensen
33dab1717e treat nodes with type "Location" as a location source - but not if we can track it from an original node with type "Location" 2020-11-23 17:03:50 +01:00
Erik Krogh Kristensen
f7f9beeefd avoid reporting empty names in js/exposure-of-private-files 2020-11-23 14:24:42 +01:00
Erik Krogh Kristensen
02d5fbf46b remove superfluous space 2020-11-23 14:22:16 +01:00
Erik Krogh Kristensen
234730419b restrict computation of ConcatenationRoot::getConstantStringParts to results that are less than 1 million chars long 2020-11-23 10:29:47 +01:00
Asger Feldthaus
f894cf2074 JS: Add support for react-hot-loader 2020-11-20 15:28:32 +00:00