hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,711 Commits 1,672 Branches 157 Tags
c945ece80ddcb1535e583c1ab039dbadd38b4d62
Commit Graph

842 Commits

Author SHA1 Message Date
CodeQL CI
209fe8d7e5 Merge pull request #5049 from erik-krogh/singleQuote 
Approved by esbena
 2021-02-02 13:48:42 -08:00
CodeQL CI
4fdbda3543 Merge pull request #5056 from erik-krogh/react 
Approved by asgerf
 2021-02-02 01:40:08 -08:00
Erik Krogh Kristensen
ca435763b0 separate message for double and single quotes 2021-02-01 23:54:12 +01:00
Esben Sparre Andreasen
9678534f25 JS: add tests for some syntactic XSS vector obfuscations 2021-02-01 10:20:23 +01:00
Erik Krogh Kristensen
aae69c6537 update expected output 2021-02-01 09:33:52 +01:00
Erik Krogh Kristensen
c9ec983cd8 add js/client-side-unvalidated-url-redirection test for script tags inside react code 2021-01-29 12:50:43 +01:00
Erik Krogh Kristensen
39591687ba add js/code-injection sink for script tags in React 2021-01-29 12:50:17 +01:00
Erik Krogh Kristensen
3f1e81533c support html attribute concatenations with single quotes 2021-01-29 10:37:37 +01:00
CodeQL CI
527c41520e Merge pull request #4951 from esbena/js/reintroduce-server-crash 
Approved by erik-krogh
 2021-01-22 06:37:50 -08:00
CodeQL CI
bdfb81064d Merge pull request #4969 from asgerf/js/angular-dom-santizier-from-core 
Approved by erik-krogh
 2021-01-19 08:45:15 -08:00
Esben Sparre Andreasen
3015dcd310 JS: reformulate js/server-crash. Support promises and shorter paths. 2021-01-19 09:08:52 +01:00
CodeQL CI
fc2fe6cccb Merge pull request #4928 from esbena/js/rewrite-multi-sanitization 
Approved by asgerf
 2021-01-18 05:11:42 -08:00
Asger Feldthaus
3db6069372 JS: Add test for new sink 2021-01-18 10:55:34 +00:00
Asger Feldthaus
2752b4ba64 JS: Shift line numbers in test 2021-01-18 10:54:39 +00:00
CodeQL CI
4229f556cb Merge pull request #4751 from erik-krogh/logInjection 
Approved by asgerf, mchammer01
 2021-01-14 00:32:46 -08:00
Esben Sparre Andreasen
1bc7d68a50 Update javascript/ql/test/query-tests/Security/CWE-730/server-crash.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-13 14:49:42 +01:00
Esben Sparre Andreasen
d591c519a8 JS: reformulate js/server-crash as a path problem 2021-01-13 00:08:28 +01:00
CodeQL CI
1c8547c897 Merge pull request #4774 from erik-krogh/forms 
Approved by asgerf
 2021-01-12 02:01:38 -08:00
Esben Sparre Andreasen
847687974f JS: only select non-nullable terms in the broken sanitizer 2021-01-12 08:50:19 +01:00
Esben Sparre Andreasen
40cfbab335 JS: address review feedback 2021-01-12 08:49:08 +01:00
Esben Sparre Andreasen
2dbd762bd9 JS: reintroduce reverted js/server-crash 
This reverts commit 0a8d15ccc4.
 2021-01-11 14:13:41 +01:00
Esben Sparre Andreasen
580a24e982 JS: rewrite js/incomplete-multi-character-sanitization 2021-01-11 11:26:45 +01:00
Erik Krogh Kristensen
2aa59a3f8b support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input 2021-01-07 13:58:25 +01:00
Erik Krogh Kristensen
bfd8d1b1e9 Merge branch 'main' into revertSum 2021-01-06 23:04:08 +01:00
Erik Krogh Kristensen
f1cee70e82 add class-field flowstep to js/shell-command-constructed-from-input 2021-01-06 14:37:00 +01:00
Erik Krogh Kristensen
530a4aea35 Merge branch 'main' into shellSanitizer 2020-12-22 13:57:15 +01:00
CodeQL CI
2bb96369f1 Merge pull request #4868 from erik-krogh/boundShell 
Approved by esbena
 2020-12-22 03:35:42 -08:00
CodeQL CI
7c6b4d7324 Merge pull request #4865 from esbena/js/fix-execa-model 
Approved by erik-krogh
 2020-12-22 03:32:26 -08:00
Erik Krogh Kristensen
da9a4e5267 add test 2020-12-22 11:22:25 +01:00
Esben Sparre Andreasen
34a09ff522 JS: add js/conditional-bypass example as a test case 2020-12-22 09:34:25 +01:00
Esben Sparre Andreasen
ab4f3ea259 JS: fixup for execa.shell and execa.shellSync models 2020-12-22 09:06:18 +01:00
Esben Sparre Andreasen
ba714a1214 JS: add execa.shell tests 2020-12-22 09:01:43 +01:00
Erik Krogh Kristensen
876ba7ef2d add typeof sanitizer to js/shell-command-constructed-from-input 2020-12-21 14:16:55 +01:00
CodeQL CI
41ef7a3fce Merge pull request #4733 from erik-krogh/args 
Approved by esbena
 2020-12-16 06:51:26 -08:00
CodeQL CI
287954e0d8 Merge pull request #4686 from erik-krogh/buildFp 
Approved by esbena
 2020-12-16 06:42:41 -08:00
CodeQL CI
9ff6d68a9b Merge pull request #4778 from asgerf/js/more-prototype-pollution 
Approved by erik-krogh, mchammer01
 2020-12-11 13:58:09 -08:00
CodeQL CI
8129d0c0ac Merge pull request #4762 from asgerf/js/template-sinks-in-code-injection 
Approved by erik-krogh, mchammer01
 2020-12-07 04:35:11 -08:00
Asger Feldthaus
254ac7f963 JS: Fix TypeofCheck 2020-12-07 10:46:00 +00:00
Asger Feldthaus
f132b4a279 JS: Add type confusion sink for prototype pollution checks 2020-12-07 10:16:38 +00:00
Asger Feldthaus
daab3c1437 JS: Add tests and fix some bugs 2020-12-07 10:16:38 +00:00
Asger Feldthaus
0a7513fdfb JS: Move and rename test cases as well 2020-12-07 10:16:38 +00:00
Erik Krogh Kristensen
3bad75dae5 better support for forms in js/xss-through-dom 2020-12-03 16:57:41 +01:00
Asger Feldthaus
20d9848f07 JS: Add test case 2020-12-03 15:08:43 +00:00
Asger Feldthaus
68d2bc861d JS: Update test expectations 2020-12-03 15:01:50 +00:00
CodeQL CI
edbbc846d0 Merge pull request #4753 from max-schaefer/js/more-nosql-query-args 
Approved by asgerf, mchammer01
 2020-12-03 08:46:47 +00:00
Asger Feldthaus
6211fe718b JS: Add test 2020-12-01 17:05:48 +00:00
Erik Krogh Kristensen
9a31ed13ac add test case 2020-12-01 09:18:40 +01:00
Max Schaefer
978d2db252 JavaScript: Add models for more Mongoose methods. 2020-11-30 16:32:13 +00:00
Erik Krogh Kristensen
fd0d5c9e46 add command parsing model for "commander" 2020-11-27 09:58:00 +00:00
Erik Krogh Kristensen
653ebf7668 add command parsing model for "dashdash" 2020-11-27 09:57:05 +00:00