hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-27 01:21:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
36,559 Commits 1,761 Branches 168 Tags
d6c4e9ccf172698e85bae1741e784ffa4ec8d5b1
Commit Graph

7519 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
d6c4e9ccf1 Remove 2020 sinks from TaintedPath.ql 2022-05-12 12:38:00 +00:00
tombolton
411da97077 update XssThroughDom with Eriks recent changes 2022-05-12 13:35:40 +01:00
tombolton
1009a8262e replace StoredXss with CodeInjection in alert counting query 2022-05-12 12:14:11 +01:00
tombolton
87f793e446 remove additional XssThroughDom import 2022-05-12 12:13:24 +01:00
tombolton
599f86f746 fix case in ExtractEndpointData.qll 2022-05-12 11:57:27 +01:00
tombolton
7b50325c13 update docstrings of CodeInjection and XssThroughDom queries 2022-05-12 11:43:47 +01:00
tombolton
3a6c4d2567 explicitly include individual boosted queries in the ATM suite 2022-05-12 11:40:09 +01:00
tombolton
2beb5001d3 add XssThroughDomATM.ql 2022-05-12 11:39:13 +01:00
tombolton
eebfe8edd7 use new module names based on depreciation warning 2022-05-12 11:36:59 +01:00
tombolton
d2344d12f6 fix case in CodeInjectionATM.qll 2022-05-12 11:36:29 +01:00
tombolton
1be7d9c6b7 add XssThroughDom and CodeInjection to mapping query 2022-05-12 11:36:02 +01:00
tombolton
cc35409b34 add XssThroughDom and CodeInjection to ExtractEndpointData.qll 2022-05-12 11:21:33 +01:00
tombolton
244fc5aa34 add XssThroughDom and CodeInjection to Queries.qll 2022-05-12 11:09:02 +01:00
tombolton
a0391f124a add CodeInjection sink to the endpoint types 2022-05-12 11:05:04 +01:00
tombolton
f5ecc7e8b5 add CodeInjection extraction and evaluation queries 2022-05-12 11:04:31 +01:00
tombolton
7034156172 fix docstrings in XssThroughDom queries 2022-05-12 11:00:01 +01:00
tombolton
1aa33529b9 add XssThroughDom extraction and evaluation queries 2022-05-12 10:41:25 +01:00
Erik Krogh Kristensen
5e02a76dfd add support for typed NextJS route-handlers 2022-05-11 09:45:34 +02:00
Erik Krogh Kristensen
e80ee46fe4 add model for the cash library 2022-05-09 21:01:07 +02:00
CodeQL CI
e099b94cc4 Merge pull request #9081 from asgerf/js/global-step-refactor 
Approved by erik-krogh
 2022-05-09 06:30:37 -07:00
Erik Krogh Kristensen
53b26eba17 Merge pull request #8724 from erik-krogh/postMessage 
JS: promote the `js/missing-origin-verification` query
 2022-05-09 12:28:58 +02:00
Erik Krogh Kristensen
fe1e47bc17 Merge pull request #8710 from bananabr/dragAndDrop 
JS: drag and drop API Xss sources
 2022-05-09 12:22:28 +02:00
Erik Krogh Kristensen
611a412f2a Merge pull request #8990 from bananabr/selection 
JS: Selection API DOM text source
 2022-05-09 12:22:18 +02:00
Asger F
88b5bbe024 JS: Update test expectation 2022-05-09 11:55:07 +02:00
Mathias Vorreiter Pedersen
176e40f139 Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1 
Post-release preparation for codeql-cli-2.9.1
 2022-05-06 13:15:17 +01:00
github-actions[bot]
1a25457178 Post-release preparation for codeql-cli-2.9.1 2022-05-05 19:05:50 +00:00
Erik Krogh Kristensen
58db9226dc add missing word in qhelp 2022-05-05 14:24:45 +02:00
Erik Krogh Kristensen
2d7c7ff372 apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-05-05 13:03:35 +02:00
Asger F
c4d597d60f JS: Enumerate type-tracking steps through global access paths 2022-05-05 12:59:10 +02:00
Erik Krogh Kristensen
bf6663ab12 run the autoformatter 2022-05-05 09:16:27 +02:00
Daniel Santos
33e85f8db8 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-04 11:43:56 -05:00
Erik Krogh Kristensen
0d8bef7e92 Merge pull request #6736 from erik-krogh/polyReplace 
JS: track flow through string replace calls that just replace single chars for js/polynomial-redos
 2022-05-04 16:30:20 +02:00
Erik Krogh Kristensen
8425eaf919 Merge pull request #8549 from erik-krogh/unreachableJoin 
JS: fix bad join in js/unreachable-method-overloads
 2022-05-04 16:28:06 +02:00
Erik Krogh Kristensen
b4d4b51bc7 Merge pull request #8147 from erik-krogh/cacheReg 
JS: cache RegExpCreationNode::getAReference
 2022-05-04 16:25:25 +02:00
bananabr
2e2d4c6e1f updated tests to consider document.getSelection() 2022-05-03 21:03:35 -05:00
Daniel Santos
880e3e1885 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-03 11:38:32 -05:00
Daniel Santos
4cd6dcc4d0 Update javascript/ql/lib/change-notes/2022-04-30-xss-selection-source.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-03 11:37:45 -05:00
Daniel Santos
d52980573a Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-03 11:37:26 -05:00
Anders Schack-Mulligen
249f771fad Merge pull request #8952 from cklin/fix-ql-comments-syntax 
Fix syntax errors in QL comments
 2022-05-03 11:15:56 +02:00
Daniel Santos
fddb465260 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-02 14:00:45 -05:00
bananabr
ed58ee86fe documented getSelectionCall 2022-05-01 20:41:43 -05:00
bananabr
57ae07017f adds the Selection API as a new DOM text source 2022-04-30 18:27:31 -05:00
Erik Krogh Kristensen
f87312d4ba have ApiGraphModelsSpecific.qll mention all the required predicates/types 2022-04-30 20:29:44 +02:00
Henry Mercer
d3e92f72c4 JS: Nit: Fix typo in QLDoc 2022-04-29 10:54:07 +01:00
Erik Krogh Kristensen
080271f14f Merge pull request #8221 from erik-krogh/libProto 
JS: recognize more module exports from the factory pattern
 2022-04-29 11:23:53 +02:00
Stephan Brandauer
fa377ac763 Merge pull request #8946 from kaeluka/deepFillIn-FN 
JS: fix a FN for prototype polluting function query
 2022-04-29 10:14:41 +01:00
Erik Krogh Kristensen
b74d1fdb1a Merge pull request #8783 from erik-krogh/jsAbstractBi 
JS: don't initialize sanitizer-guards in the standard library
 2022-04-29 11:12:16 +02:00
Stephan Brandauer
3f13a5e082 fix a FN for prototype polluting function query 2022-04-28 22:00:09 +02:00
Chuan-kai Lin
d6f0bbb816 Fix syntax errors in QL comments 2022-04-28 11:53:36 -07:00
github-actions[bot]
8e4cf190e9 Release preparation for version 2.9.1 2022-04-28 11:59:05 +00:00