codeql

mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	c34b089bc5	autoformat	2021-10-28 16:02:36 +02:00
Erik Krogh Kristensen	0372ccce02	simplify regexp Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-10-27 20:04:24 +02:00
Erik Krogh Kristensen	af64b319ee	update documentation strings Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-10-27 19:54:52 +02:00
Erik Krogh Kristensen	9c8a51bca6	cache `SensitiveExpr`	2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen	038438edca	assume that setting the secure/httpOnly flag to some unknown value is good	2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen	5228196f79	fix typos and update docs	2021-10-26 13:47:21 +02:00
Erik Krogh Kristensen	92d59aa11c	refactor most of the `isSensitive` predicates into a common helper predicate	2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen	834d5ec6ad	add session{key,id} as sensitive info	2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen	283b8231cb	add more cookie models	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	2cb3d2c53f	documentation overhaul on client-exposed-cookie (and restricting it to server-side)	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	f36accf3e6	only report clear-text cookies for sensitive cookies	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	6858acc6a9	port experimental cookie models to non-experimental	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	26a24a3895	prepare move to non-experimental	2021-10-26 13:46:57 +02:00
Geoffrey White	a0e501c3a9	Sync identical files.	2021-10-15 14:34:02 +01:00
Geoffrey White	8f30b8b586	Autoformat.	2021-10-14 16:00:23 +01:00
Geoffrey White	f08d2ee759	Merge branch 'main' into setliterals	2021-10-14 14:39:39 +01:00
Geoffrey White	b9cce57db4	JS: Fix mistake.	2021-10-14 14:22:43 +01:00
Geoffrey White	882adc8e50	JS: Set literals.	2021-10-14 14:22:42 +01:00
Anders Schack-Mulligen	8b6baa250c	Merge pull request #6878 from aschackmull/remove-singleton-setliteral C++/C#/Java/JavaScript/Python: Remove singleton set literals.	2021-10-14 14:53:05 +02:00
Mathias Vorreiter Pedersen	47a85bbb1d	Merge pull request #6869 from MathiasVP/fix-prefix/suffix-equality Java/JS/Python: Replace '.prefix'/'.suffix' with '.matches'	2021-10-14 13:47:03 +01:00
Tom Hvitved	f5420333e2	Sync shared files	2021-10-14 11:49:02 +02:00
Anders Schack-Mulligen	57cb300759	C++/C#/Java/JavaScript/Python: Remove singleton set literals.	2021-10-14 11:34:22 +02:00
Mathias Vorreiter Pedersen	a2371370ff	Merge pull request #6865 from MathiasVP/fix-if-none C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction	2021-10-13 19:47:55 +01:00
Mathias Vorreiter Pedersen	4991301f36	JS: Fix incorrect fix.	2021-10-13 19:45:02 +01:00
Mathias Vorreiter Pedersen	f3bb0a676e	JS: Replace '.prefix'/'.suffix' with '.matches'.	2021-10-13 13:23:07 +01:00
Mathias Vorreiter Pedersen	887849857d	JS: Replace 'if p() then q() else none()' with a conjunction.	2021-10-13 12:13:55 +01:00
yoff	f6122c8a6c	Merge pull request #6734 from erik-krogh/regBehind JS/PY: do not filter away regular expressions with lookbehinds	2021-10-10 13:54:26 +02:00
Henry Mercer	83cbc86f50	JS: Move `ClassifyFiles.qll` to library pack This allows us to use this library in packs that depend on the `codeql/javascript-all` library pack.	2021-10-06 16:08:06 +01:00
CodeQL CI	40d98ad678	Merge pull request #6789 from asgerf/js/restrict-package-exports Approved by erik-krogh	2021-10-05 06:20:23 +01:00
Asger Feldthaus	cbd577694c	JS: Autoformat	2021-10-04 13:30:15 +02:00
yoff	1ce9426adf	Merge pull request #6761 from RasmusWL/cryptodome-sha3 Python/JS: Recognize SHA-3 hash functions	2021-10-01 13:33:36 +02:00
Asger Feldthaus	600e5bad0d	JS: Exclude methods declared private/protected	2021-10-01 11:46:32 +02:00
Asger Feldthaus	af1b04de9c	JS: Restrict what property names that are considered public exports	2021-10-01 11:42:03 +02:00
Rasmus Wriedt Larsen	987b573709	Fix `hasLocationInfo` URL reference Follow up to https://github.com/github/codeql/pull/5830	2021-09-29 13:47:58 +02:00
Rasmus Wriedt Larsen	ded3088529	Python/JS: Recognize SHA-3 hash functions Official names are SHA3-224, SHA3-256, SHA3-384, SHA3-512 as per https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf	2021-09-27 12:08:40 +02:00
Erik Krogh Kristensen	805d1d170c	do not filter away regular expressions with lookbehinds	2021-09-22 17:14:29 +02:00
CodeQL CI	b228398b87	Merge pull request #6587 from erik-krogh/ts44 Approved by asgerf	2021-09-15 04:00:13 -07:00
Erik Krogh Kristensen	48b763c7e9	add qldoc to StaticInitializer::getBody	2021-09-14 20:40:46 +02:00
Erik Krogh Kristensen	e3ed6c2523	refactor StaticInitializer into it's own class	2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen	ffd51e725f	add getter for static initializer blocks	2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen	3b6c8c5191	Merge branch 'main' into clipBoard	2021-09-14 20:21:37 +02:00
Tom Hvitved	63e28c57cd	JavaScript: Drop redundant columns from `files` and `folders` relations	2021-09-14 10:25:37 +02:00
Erik Krogh Kristensen	8e98dcefb1	add clipboard data as a RemoteFlowSource	2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen	3983aceb48	recognize types of the form "HTML%Element" as dom values	2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen	05cc6bcf8a	adjust regexp libraries to how unpaired surrogate are parsed now	2021-09-13 14:02:05 +01:00
CodeQL CI	e8fc3c8ead	Merge pull request #5888 from erik-krogh/casting Approved by asgerf	2021-09-10 09:11:39 -07:00
CodeQL CI	27f2d417c1	Merge pull request #6652 from asgerf/js/type-tracking-through-callback Approved by erik-krogh	2021-09-10 04:11:14 -07:00
Erik Krogh Kristensen	a756ffa3a6	use the new `instanceof` syntax for `NodeJSClientRequest`	2021-09-10 09:30:37 +02:00
CodeQL CI	cd26d97dd7	Merge pull request #6549 from erik-krogh/moreDom Approved by asgerf	2021-09-08 05:10:47 -07:00
Asger Feldthaus	db1de18cc2	JS: Support transitive callback-passing	2021-09-08 13:08:16 +02:00

1 2

99 Commits