hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

44 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
d1d4ebb3b5 add values written to the global scope as exports 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
d790f3ccbb add test for unsafe-code-construction query 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
955ad8c458 add JSON.stringify as a code-injection sanitizer 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
68a5c1f5b5 add code-injection sink for calls to node 2022-02-07 13:34:18 +01:00
Asger Feldthaus
cb0075f15a JS: Remove use of deprecated API 2021-08-12 09:30:43 +02:00
Max Schaefer
ce24215dd5 JavaScript: Improve modelling of Module.prototype._compile sink. 2021-07-12 15:32:21 +01:00
Erik Krogh Kristensen
2ba2642c7a add more template sinks for the js/code-injection query 2021-06-22 20:24:42 +02:00
Asger Feldthaus
710cca5395 JS: Update expectations with new sources 2021-03-16 13:28:12 +00:00
Erik Krogh Kristensen
aae69c6537 update expected output 2021-02-01 09:33:52 +01:00
Erik Krogh Kristensen
39591687ba add js/code-injection sink for script tags in React 2021-01-29 12:50:17 +01:00
Asger Feldthaus
68d2bc861d JS: Update test expectations 2020-12-03 15:01:50 +00:00
Asger Feldthaus
6211fe718b JS: Add test 2020-12-01 17:05:48 +00:00
Max Schaefer
e1d90e90ad JavaScript: Add modelling for Module.prototype._compile. 2020-10-19 09:42:17 +01:00
Erik Krogh Kristensen
b8154d41b1 type-track objects where the "$where" property has been written 2020-09-24 20:55:25 +02:00
Erik Krogh Kristensen
664c5e64b4 add [INCONSISTENCY] comment in CodeInjection test 2020-07-08 09:48:12 +02:00
Erik Krogh Kristensen
210e71cd93 update expected output 2020-06-16 21:52:59 +02:00
Erik Krogh Kristensen
5ce17bea60 add qhelp for js/bad-code-sanitization 2020-06-16 16:23:41 +02:00
Erik Krogh Kristensen
a0951f76b6 add additional taint steps when type-tracking RemoteFlowSource 2020-06-16 14:55:07 +02:00
Erik Krogh Kristensen
c375a0c611 fix compilation and update expected output 2020-06-11 11:16:38 +02:00
Erik Krogh Kristensen
aa3482cbae improve detection of duplicate results with js/code-injection 2020-06-10 22:58:02 +02:00
Erik Krogh Kristensen
373a437d71 add query to detect improperly sanitized code 2020-06-10 19:50:12 +02:00
semmle-qlci
14664be467 Merge pull request #3468 from p0/imp/nodejs-vm-sinks 
Approved by esbena
 2020-05-18 11:10:13 +01:00
Pavel Avgustinov
ab2d059ed4 JavaScript: Model extra sinks in vm module 2020-05-14 10:01:40 +01:00
Esben Sparre Andreasen
7722d77c86 JS: add the NoSQL $where as a sink for js/code-injection 2020-05-13 08:30:22 +02:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Esben Sparre Andreasen
f3de75ae07 JS: update a js/code-injection test 2019-09-11 09:45:54 +02:00
Asger F
f7654d6f1c JS: Add test 2019-09-06 14:42:07 +01:00
Max Schaefer
28d8011bcf JavaScript: Add models for popular base64 transcoders. 2019-03-13 08:20:58 +00:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Asger F
ad6add383c JS: improve concatenation-sanitizer for property injection 2019-01-14 15:34:01 +00:00
Max Schaefer
b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
Asger F
ce18aca62b JS: update expected output 2018-12-19 11:30:46 +00:00
Asger F
61ef6552c3 JS: handle both data() and taint() source labels 2018-11-22 09:59:31 +00:00
Asger F
4ae2493798 JS: rename query to Unsafe Dynamic Method Access 2018-11-21 12:34:18 +00:00
Asger F
7d80847832 JS: add qhelp example to test suite 2018-11-20 18:44:18 +00:00
Asger F
49cd2876c9 JS: use StringConcatenation library in ConcatSanitizer 2018-11-20 18:12:07 +00:00
Asger F
2239f863f7 JS: add query MethodNameInjection 2018-11-20 15:57:18 +00:00
Asger F
bc3b983768 JS: move CodeInjection tests into subfolder 2018-11-20 14:24:37 +00:00
Max Schaefer
9221b62ded JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates. 2018-11-14 09:32:31 +00:00
semmle-qlci
44e4b25f42 Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Robert Marsh
aaeda5dfcc JavaScript: add the ESLint attack as a test 2018-08-17 10:16:52 -07:00
Max Schaefer
199990feea JavaScript: Add WebView-related taint sinks for CodeInjection, DomBasedXss and ServerSideUrlRedirect. 2018-08-10 15:59:27 +01:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00