hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

114 Commits

Author SHA1 Message Date
Stephan Brandauer
fb66ccff39 handlebars taint step: conservatively assume unknown templates have no flow to helpers 2022-04-13 09:27:59 +02:00
Stephan Brandauer
9c3fcb6268 precise tracking of handlebars arguments 2022-03-28 17:26:43 +02:00
Stephan Brandauer
a28e9c5b6e documentation for handlebars.js flow step 2022-03-24 13:08:52 +01:00
Stephan Brandauer
0bd9e9f298 add handlebars taint step 2022-03-24 11:46:16 +01:00
Erik Krogh Kristensen
b59c7911a3 update locations of expected output 2022-02-07 15:23:26 +01:00
Erik Krogh Kristensen
ca5f91e587 recognize more startswith sanitizers for path-injection queries 2022-02-07 14:19:13 +01:00
Erik Krogh Kristensen
edcb3ba902 add file sources from jszip to js/zip-slip 2022-02-04 14:39:49 +01:00
Stephan Brandauer
4ee290acd3 update test for 'node:' prefix 2022-01-25 14:25:44 +01:00
Stephan Brandauer
20ea825e4a test for 'node:' prefix for importing node modules 2022-01-25 13:43:16 +01:00
Esben Sparre Andreasen
9ffc02944d add file write model for express-fileupload mv 2021-12-10 15:05:34 +01:00
Asger Feldthaus
f14f9449ee JS: Use getAMatchedString instead of getConstantString 2021-11-08 15:35:35 +01:00
Asger Feldthaus
b3e64f1669 JS: Add test 2021-11-08 15:32:43 +01:00
Asger Feldthaus
5f4c1dd19b JS: Support regexp-based path traversal check 2021-11-02 14:12:05 +01:00
Asger Feldthaus
83edcf515b JS: Add test for regexp-based sanitizer 2021-11-02 14:12:04 +01:00
Erik Krogh Kristensen
32ac8778bd add the cwd option to shell executions as a sink to js/path-injection 2021-08-23 07:32:05 +02:00
Asger Feldthaus
cb0075f15a JS: Remove use of deprecated API 2021-08-12 09:30:43 +02:00
CodeQL CI
a02a82caac Merge pull request #6284 from erik-krogh/qs 
Approved by asgerf
 2021-07-16 02:11:59 -07:00
Erik Krogh Kristensen
14b26f2a68 add mkdirp as a sink for tainted-path 2021-07-14 19:32:22 +02:00
Erik Krogh Kristensen
f462c9bb76 add taint through the parseqs library 2021-07-14 17:22:35 +02:00
Erik Krogh Kristensen
bec1818fc7 add taint through the normalize-url library 2021-07-14 17:15:14 +02:00
Erik Krogh Kristensen
193ddfc771 add taint through the qs library 2021-07-14 16:56:51 +02:00
CodeQL CI
436168aa4f Merge pull request #6267 from erik-krogh/read-pkg 
Approved by asgerf
 2021-07-14 01:01:33 -07:00
Erik Krogh Kristensen
07bc5856db add the cwd option from read-pkg as sink for path-injection 2021-07-12 23:43:15 +02:00
Erik Krogh Kristensen
899e54fbc9 add support for the slash library 2021-07-12 16:36:54 +02:00
Erik Krogh Kristensen
4360e5dcbc add model of the thenify library 2021-06-22 11:55:58 +02:00
Erik Krogh Kristensen
61cc415a32 add model of the util.promisify library 2021-06-22 11:55:58 +02:00
Erik Krogh Kristensen
2f3ea4412f add model of the pify library 2021-06-22 11:55:54 +02:00
CodeQL CI
169e67cbb8 Merge pull request #5990 from erik-krogh/prettier 
Approved by asgerf
 2021-06-08 12:17:24 -07:00
Erik Krogh Kristensen
5961dd1459 add another test for the resolve library 2021-06-06 22:54:12 +02:00
Erik Krogh Kristensen
dd2fe2a489 add the resolve library as a sink to js/path-injection 2021-06-06 22:04:32 +02:00
Erik Krogh Kristensen
788c5ba701 add support for the prettier API 2021-06-02 15:33:08 +02:00
Erik Krogh Kristensen
3b82452d76 detect fs modules that pass through a reduce call 2021-03-25 14:47:43 +01:00
Erik Krogh Kristensen
2f3869f41b add model for puppeteer 2021-03-17 10:03:51 +01:00
Erik Krogh Kristensen
d95d427c5b better support for the &&=, ||=, and ??= operators 2020-08-13 09:22:32 +02:00
semmle-qlci
45ef3ec4a8 Merge pull request #3619 from erik-krogh/CWE022-Correctness 
Approved by asgerf
 2020-07-01 20:07:58 +01:00
Esben Sparre Andreasen
c7f67fafd9 JS: support additional promisification of the fs-module members 2020-06-30 09:10:30 +02:00
Erik Krogh Kristensen
926f2c139f require that a write must dominate the enclosing stmt of a read 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
e467d3ccbf use dominating write check in js/path-injection 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
5ce2987cb2 adjust comments to reflect that tainted-path have no array-steps 2020-06-04 16:15:37 +02:00
Erik Krogh Kristensen
60320a9d78 update TaintedPath to use new consistency checking 2020-06-04 11:00:40 +02:00
Erik Krogh Kristensen
c7c46ea3d6 update test comments to be consistent 2020-06-04 10:55:09 +02:00
Erik Krogh Kristensen
550c578c3c use MemberShipTest in TaintedPath 2020-06-04 10:51:08 +02:00
Erik Krogh Kristensen
d513e6c5b5 update comments in TaintedPath tests 2020-06-04 10:40:14 +02:00
Erik Krogh Kristensen
7c51dff0f7 share implementation between TaintedPath and ZipSlip 2020-05-20 10:10:04 +02:00
Erik Krogh Kristensen
5a5192b890 add testing for complex path sanitizer in ZipSlip 2020-05-19 10:17:15 +02:00
Erik Krogh Kristensen
e7d1b12ac8 add test 2020-05-14 20:31:23 +02:00
Erik Krogh Kristensen
b12e21edcc add test for new zipslip sanitizer 2020-05-14 10:11:37 +02:00
Erik Krogh Kristensen
4175d36269 add test case 2020-05-14 09:46:54 +02:00
Erik Krogh Kristensen
d46148c045 add test case 2020-05-12 14:23:28 +02:00
Erik Krogh Kristensen
eca98b42d2 basic support for util.promisify for NodeJSFileSystemAccess 2020-04-17 09:54:37 +02:00