hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

3250 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
7c7af8d841 less heuristics when flagging division that is rounded 2020-06-11 12:55:13 +02:00
Esben Sparre Andreasen
2e059376fd JS: add query js/disabling-certificate-validation 2020-06-11 12:32:01 +02:00
Erik Krogh Kristensen
c375a0c611 fix compilation and update expected output 2020-06-11 11:16:38 +02:00
Erik Krogh Kristensen
1124816f73 fixing FPs in js/biased-cryptographic-random 2020-06-11 11:06:02 +02:00
Asger Feldthaus
4bb2e8b637 JS: Update test externs and include array indices 2020-06-11 09:53:55 +01:00
Erik Krogh Kristensen
aa3482cbae improve detection of duplicate results with js/code-injection 2020-06-10 22:58:02 +02:00
Esben Sparre Andreasen
d6ae905eac JS: remove speculative property access sink from js/server-crash 2020-06-10 21:40:12 +02:00
Erik Krogh Kristensen
373a437d71 add query to detect improperly sanitized code 2020-06-10 19:50:12 +02:00
Erik Krogh Kristensen
5c31b94761 autoformat and update expected output 2020-06-10 18:00:56 +02:00
Asger Feldthaus
f23c6030aa JS: Restrict domValueRef to known DOM property names 2020-06-10 15:14:23 +01:00
Asger Feldthaus
bb2b7fb6fb JS: Add test with class stored in global variable 2020-06-10 15:14:23 +01:00
Asger Feldthaus
36c4803694 JS: Add test 2020-06-10 14:08:33 +01:00
semmle-qlci
df79f2adc5 Merge pull request #3655 from asger-semmle/js/string-ops-regexp-test-fix 
Approved by esbena
 2020-06-10 13:35:22 +01:00
Esben Sparre Andreasen
1d396524a3 JS: add initial version of ServerCrash.ql 2020-06-10 14:25:56 +02:00
Erik Krogh Kristensen
c4f61134f1 include the source of cryptographically random number in alert message 2020-06-10 13:32:46 +02:00
Erik Krogh Kristensen
7e8fd80327 use steps from InsecureRandomness, and use small-steps 2020-06-10 12:27:50 +02:00
Erik Krogh Kristensen
9189f23403 add support for secure-random 2020-06-10 10:39:02 +02:00
Erik Krogh Kristensen
16ec405724 add explanations about modulo by power of 2 2020-06-10 10:38:47 +02:00
Erik Krogh Kristensen
111f6d406c introduce query to detect biased random number generators 2020-06-10 10:00:10 +02:00
Erik Krogh Kristensen
b8a9ac39f4 add lValueFlowStep for rest-pattern nested inside a property-pattern (and removed old incorrect approach) 2020-06-09 18:16:00 +02:00
Erik Krogh Kristensen
b6e0e6645f Merge pull request #3645 from erik-krogh/infExposure 
JS: add query to detect accidential leak of private files
 2020-06-09 17:38:31 +02:00
Erik Krogh Kristensen
b510e470b1 support rest-patterns inside property patterns 2020-06-09 13:28:56 +02:00
Erik Krogh Kristensen
b04d7015ae fix test 2020-06-09 11:23:46 +02:00
Asger Feldthaus
0345036420 JS: Fix 'match' call in StringOps::RegExpTest 2020-06-09 10:07:36 +01:00
Esben Sparre Andreasen
2d2468463b JS: initial version of IncompleteMultiCharacterSanitization.ql 2020-06-09 08:59:59 +02:00
Erik Krogh Kristensen
167239e745 add query to detect accidential leak of private files 2020-06-08 23:41:14 +02:00
Erik Krogh Kristensen
0f06f04e32 extend support for yargs for js/indirect-command-line-injection 2020-06-08 16:45:09 +02:00
Asger Feldthaus
53280a6b11 JS: Add test demonstrating new flow 2020-06-08 14:25:21 +01:00
Esben Sparre Andreasen
872ee13ba6 JS: formatting 2020-06-08 10:04:37 +02:00
Esben Sparre Andreasen
fa35a6a694 JS: formatting 2020-06-08 08:13:58 +02:00
semmle-qlci
ff6936caa7 Merge pull request #3625 from erik-krogh/CVE714 
Approved by asgerf
 2020-06-05 12:21:10 +01:00
semmle-qlci
69a1e11c06 Merge pull request #3609 from erik-krogh/CredFN 
Approved by asgerf, esbena
 2020-06-05 10:49:01 +01:00
Erik Krogh Kristensen
f70453c544 autoformat 2020-06-05 10:10:57 +02:00
Erik Krogh Kristensen
815671f5d0 add sanitizer guard for typeof undefined 2020-06-04 21:32:26 +02:00
Erik Krogh Kristensen
5ce2987cb2 adjust comments to reflect that tainted-path have no array-steps 2020-06-04 16:15:37 +02:00
Esben Sparre Andreasen
f618d430e7 JS: simplify HTTP::ContainerCollection, and improve expressivity(!) 2020-06-04 14:34:52 +02:00
Esben Sparre Andreasen
44ebf84f4c JS: more express tests 2020-06-04 14:33:03 +02:00
Max Schaefer
9549b01e3c JavaScript: Turn on experimental language features for two tests. 
All other tests already pass with experimental features turned on, so once this is merged we can do so by default.
 2020-06-04 11:27:31 +01:00
Erik Krogh Kristensen
60320a9d78 update TaintedPath to use new consistency checking 2020-06-04 11:00:40 +02:00
Erik Krogh Kristensen
68ca8e23c0 introduce consistency-checking utility predicates 2020-06-04 11:00:01 +02:00
Erik Krogh Kristensen
c7c46ea3d6 update test comments to be consistent 2020-06-04 10:55:09 +02:00
Erik Krogh Kristensen
550c578c3c use MemberShipTest in TaintedPath 2020-06-04 10:51:08 +02:00
Erik Krogh Kristensen
d513e6c5b5 update comments in TaintedPath tests 2020-06-04 10:40:14 +02:00
semmle-qlci
70131e6ac8 Merge pull request #3598 from asger-semmle/js/regexp-test 
Approved by esbena
 2020-06-04 09:05:21 +01:00
Erik Krogh Kristensen
a90c8769ee update expected output 2020-06-03 15:24:04 +02:00
Erik Krogh Kristensen
a1940979ba support credentials in a Buffer 2020-06-03 12:02:00 +02:00
Erik Krogh Kristensen
ba44ebe8a8 better support for browser based fetch API 2020-06-03 11:51:24 +02:00
Erik Krogh Kristensen
3622fb8716 support more variants of the Headers API 2020-06-03 11:50:10 +02:00
Esben Sparre Andreasen
afee864295 JS: make use of the colletions type tracking steps 2020-06-03 08:19:34 +02:00
Esben Sparre Andreasen
36b7574ac1 JS: add additional route handler registration tests 2020-06-03 08:18:11 +02:00