hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,672 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

3250 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
8a9587fc91 JS: fix RegExp::getSuccessor/getPredecessor for sequence end/starts 2020-02-17 13:40:53 +01:00
Erik Krogh Kristensen
d1a58f1d17 Merge remote-tracking branch 'upstream/master' into CVE74 2020-02-17 13:18:52 +01:00
Erik Krogh Kristensen
5375604109 calling pop or shift on a SplitPath returns a PosixPath 2020-02-17 13:15:46 +01:00
Esben Sparre Andreasen
c5ee436b16 JS: add RegExp::getSuccessor/getPredecessor tests 2020-02-17 13:06:55 +01:00
Erik Krogh Kristensen
46cbeb0bc6 add more steps to the SplitPath label 2020-02-17 12:58:27 +01:00
semmle-qlci
23ed2bcc64 Merge pull request #2782 from asger-semmle/js/export-as-ns 
Approved by erik-krogh, max-schaefer
 2020-02-17 11:22:58 +00:00
Erik Krogh Kristensen
a6d644bac0 add support for path.normalize(path.realtive(...)) 2020-02-14 13:10:35 +01:00
Erik Krogh Kristensen
94814fa721 fix typos in the test 2020-02-14 13:03:35 +01:00
Erik Krogh Kristensen
d765a33b8d add support for "../" prefixes in sanitizer 2020-02-14 12:36:54 +01:00
Max Schaefer
f181111886 JavaScript: Add model of http2 compatibility API. 
Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.
 2020-02-14 11:14:31 +00:00
Erik Krogh Kristensen
3a146514ce add sanitizer for relative ".." in js/path-injection 2020-02-14 10:51:48 +01:00
semmle-qlci
da566a4484 Merge pull request #2828 from erik-krogh/CVE24 
Approved by esbena
 2020-02-14 09:12:48 +00:00
semmle-qlci
769dce511b Merge pull request #2788 from erik-krogh/CVE42-sink 
Approved by esbena
 2020-02-14 08:00:00 +00:00
Erik Krogh Kristensen
897bb4d801 add test for chrome-remote-interface 2020-02-13 15:12:45 +01:00
Erik Krogh Kristensen
0f511c92b4 Merge remote-tracking branch 'upstream/master' into FalsySanitizer 2020-02-10 09:54:58 +01:00
semmle-qlci
76ba48c6fb Merge pull request #2790 from esbena/js/model-send 
Approved by asgerf
 2020-02-07 21:30:54 +00:00
Asger Feldthaus
ad10414604 JS: Update expected output of existing test 2020-02-07 16:57:57 +00:00
Erik Krogh Kristensen
06e13cb3a1 Merge branch 'master' of git.semmle.com:Semmle/ql into FalsySanitizer 2020-02-07 16:13:02 +01:00
Erik Krogh Kristensen
c6668da02e expand how indirectCommandArguments are found 2020-02-07 15:00:05 +01:00
Erik Krogh Kristensen
1ece6b9afe update expected output of tests 2020-02-07 12:57:51 +01:00
semmle-qlci
125c6a071c Merge pull request #2787 from asger-semmle/js/lazy-cache-test-case 
Approved by esbena
 2020-02-07 11:53:04 +00:00
Esben Sparre Andreasen
736ccb98c2 JS: model the send library for js/path-injection 2020-02-07 12:45:32 +01:00
Erik Krogh Kristensen
8ea6070120 add indirect command injection sink for a concatenated array 2020-02-07 11:04:34 +01:00
Asger Feldthaus
a2fa6bb41f JS: Add test case for lazy-cache 2020-02-07 09:50:37 +00:00
Asger Feldthaus
f84af74d1d JS: Handle more libraries 2020-02-06 14:59:52 +00:00
Asger Feldthaus
c559ab13e7 JS: Add test and handle parameter with source object 2020-02-06 14:59:52 +00:00
Erik Krogh Kristensen
2865723059 add test for new barrier 2020-02-06 15:44:33 +01:00
Asger Feldthaus
7090124a1d JS: Implement type inference through export * as ns 2020-02-06 14:29:35 +00:00
Asger Feldthaus
2b77c7969d JS: Add tests for 'export * as ns' 2020-02-06 14:04:12 +00:00
Asger Feldthaus
f5c805bad1 JS: Move tests into one file 2020-02-06 13:55:29 +00:00
Asger Feldthaus
54c521d41c JS: Fix typo in test query 2020-02-06 13:50:06 +00:00
Erik Krogh Kristensen
1f7dda7fbc add dataflow barrier for if(xrandr) 2020-02-06 12:55:44 +01:00
Erik Krogh Kristensen
d8a30c48a3 update expected output of TaintedPath tests 2020-02-06 09:47:15 +01:00
semmle-qlci
5125dc7939 Merge pull request #2730 from esbena/js/model-path-parse 
Approved by asgerf
 2020-02-05 21:35:55 +00:00
semmle-qlci
163285bee7 Merge pull request #2735 from asger-semmle/prototype-pollution-manual-dataflow 
Approved by esbena
 2020-02-05 12:52:59 +00:00
semmle-qlci
53763c789f Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path 
Approved by erik-krogh
 2020-02-05 10:53:39 +00:00
semmle-qlci
52f34d7178 Merge pull request #2715 from erik-krogh/PrivateFields 
Approved by asgerf
 2020-02-05 10:20:28 +00:00
Erik Krogh Kristensen
ffc6fddddd update expected test output 2020-02-05 10:52:40 +01:00
Esben Sparre Andreasen
f6ad22dd1f Merge pull request #2758 from asger-semmle/js/string-concat-concat 
JS: Model concat() calls as string concatenation
 2020-02-05 10:41:02 +01:00
Erik Krogh Kristensen
76aca02752 change the pseudo-property on URL to a two-stage process 2020-02-05 10:27:03 +01:00
Erik Krogh Kristensen
e525cf0959 generalize isAdditionalLoadStoreStep such that it loads and stores different properties 2020-02-05 09:40:16 +01:00
Asger Feldthaus
b4df03767d JS: Ignore obvious Array.prototype.concat calls 2020-02-04 16:36:41 +00:00
Erik Krogh Kristensen
8d37c03209 using pseudo-properties to model URL parsing 2020-02-04 16:30:07 +01:00
Asger Feldthaus
c185cededf JS: More pruning and more data flow 2020-02-04 15:06:42 +00:00
semmle-qlci
4b89eee683 Merge pull request #2757 from max-schaefer/js/resolveMainModule-extensions 
Approved by asgerf
 2020-02-04 13:07:08 +00:00
Erik Krogh Kristensen
15e26666cd add declaration for private field in syntax error test 2020-02-04 14:05:09 +01:00
Asger Feldthaus
bf2c944b4f JS: Model concat() calls as string concatenation 2020-02-04 10:20:37 +00:00
Max Schaefer
e21c24c60e JavaScript: Add failing test case. 2020-02-04 09:39:04 +00:00
semmle-qlci
bd51ef35b7 Merge pull request #2731 from erik-krogh/CVE527 
Approved by esbena
 2020-02-04 08:38:26 +00:00
Esben Sparre Andreasen
bbd60f52ba JS: add additional flow steps to js/path-injection 2020-02-03 16:36:25 +01:00