codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00

Author	SHA1	Message	Date
Max Schaefer	149ae5d7ab	JavaScript: Fix IllegalInvocation. This fixes false positives that arise when a call such as `f.apply` can either be interpreted as a reflective invocation of `f`, or a normal call to method `apply` of `f`.	2019-09-23 07:44:14 +01:00
semmle-qlci	6d9d859119	Merge pull request #1934 from asger-semmle/node-js-classification Approved by esben-semmle	2019-09-20 09:50:34 +01:00
semmle-qlci	6f2e485ace	Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible Approved by esben-semmle	2019-09-19 12:45:45 +01:00
Max Schaefer	4e1e7bc127	JavaScript: Apply review suggestion. Co-Authored-By: Esben Sparre Andreasen <42067045+esben-semmle@users.noreply.github.com>	2019-09-19 09:40:28 +01:00
Esben Sparre Andreasen	b631bfc8eb	Merge branch 'master' into node-js-classification	2019-09-19 09:42:26 +02:00
semmle-qlci	57a6c0c20d	Merge pull request #1918 from esben-semmle/js/improve-getAResponseDataNode Approved by asger-semmle	2019-09-18 14:03:45 +01:00
semmle-qlci	479fca9e30	Merge pull request #1946 from xiemaisi/js/top-level-await Approved by asger-semmle	2019-09-18 12:32:09 +01:00
semmle-qlci	b4b7314757	Merge pull request #1941 from xiemaisi/js/fix-incorrect-suffix-check-performance Approved by asger-semmle	2019-09-18 12:31:46 +01:00
Max Schaefer	3970ead7ab	JavaScript: Add support for `rate-limiter-flexible` package.	2019-09-18 12:25:33 +01:00
Max Schaefer	9ff5c7007a	JavaScript: Add support for top-level `await`.	2019-09-18 09:56:21 +01:00
Esben Sparre Andreasen	ac6554b7da	Merge branch 'master' into js/improve-getAResponseDataNode	2019-09-17 13:18:41 +02:00
Max Schaefer	df739e0fca	JavaScript: Fix performance regression in `IncorrectSuffixCheck`.	2019-09-16 15:25:17 +01:00
Esben Sparre Andreasen	a5645e168a	JS: exclude keys from whitelist	2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen	0e2d2f8662	JS: whitelist some hardcoded dummy-passwords in two queries	2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen	aa3f4a7048	JS: change passwords in tests	2019-09-16 10:09:59 +02:00
Asger F	a8e8ae868a	JS: Update extractor version string	2019-09-13 15:48:31 +01:00
Asger F	173f32d2ba	JS: Recognize 'require' calls in more cases	2019-09-13 15:48:31 +01:00
Asger F	3b7ecd5ccf	JS: Add NumModules metric	2019-09-13 15:48:31 +01:00
semmle-qlci	d0d3882121	Merge pull request #1919 from esben-semmle/js/fixup-1 Approved by asger-semmle, xiemaisi	2019-09-13 10:40:38 +01:00
semmle-qlci	1313821a25	Merge pull request #1904 from erik-semmle/passportModel Approved by asger-semmle, esben-semmle	2019-09-13 10:38:14 +01:00
semmle-qlci	72db219c13	Merge pull request #1910 from xiemaisi/js/unused-index-variable Approved by esben-semmle, shati-semmle	2019-09-11 14:33:32 +01:00
Max Schaefer	500cde68c3	JavaScript: Add new query `UnusedIndexVariable`.	2019-09-11 11:36:50 +01:00
Esben Sparre Andreasen	9aa0e711b2	JS: update expected output	2019-09-11 12:33:41 +02:00
Esben Sparre Andreasen	086c473c18	JS: sharpen js/http-to-file-access	2019-09-11 12:05:33 +02:00
Esben Sparre Andreasen	0e31cad027	JS: simplify `this.getStringValue()` to `getStringValue()`	2019-09-11 10:56:49 +02:00
Esben Sparre Andreasen	ee106ccff9	JS: simplify `asExpr().getStringValue()` calls	2019-09-11 10:56:57 +02:00
Esben Sparre Andreasen	aab17850d1	JS: eliminate redundant `ConstantString` casts	2019-09-11 10:56:49 +02:00
semmle-qlci	16c95d8c5e	Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting Approved by xiemaisi	2019-09-11 09:16:57 +01:00
Esben Sparre Andreasen	f3de75ae07	JS: update a js/code-injection test	2019-09-11 09:45:54 +02:00
Esben Sparre Andreasen	e41080fb40	JS: add RemoteServerResponse as a heuristic remote flow source	2019-09-11 09:38:18 +02:00
Esben Sparre Andreasen	f7bfc472c1	JS: treat server responses as untrusted for command injections	2019-09-11 09:38:18 +02:00
Esben Sparre Andreasen	3e42b078e8	JS: minor additions to ClientRequest::getAResponseDataNode	2019-09-11 09:24:59 +02:00
semmle-qlci	df1bf4a95b	Merge pull request #1907 from asger-semmle/mongoose-types Approved by xiemaisi	2019-09-10 12:05:57 +01:00
Max Schaefer	bdba647bf5	Merge pull request #1893 from erik-semmle/addXLinkHref JS: add xlink:href as xss target when using setAttribute	2019-09-09 15:56:47 +01:00
Asger F	ad5abc61cc	JS: Move typed test into separate test	2019-09-09 15:35:26 +01:00
Asger F	ea446f2aa1	JS: Use type info in mongodb/mongoose model	2019-09-09 15:35:26 +01:00
Asger F	8e397ad203	JS: Use type tracking in mongodb/mongoose model	2019-09-09 15:35:23 +01:00
semmle-qlci	e899250e87	Merge pull request #1894 from asger-semmle/fp-incorrect-suffix-check Approved by xiemaisi	2019-09-09 15:33:47 +01:00
semmle-qlci	89cba089b4	Merge pull request #1892 from asger-semmle/event-handler-sink Approved by esben-semmle	2019-09-09 15:33:21 +01:00
Erik Krogh Kristensen	03b210a8e1	made the two Passport classes in the Express model private	2019-09-09 13:04:47 +01:00
Erik Krogh Kristensen	3ebe6608c2	updated expected values for the Express test	2019-09-09 13:02:35 +01:00
erik-semmle	d01f84f015	fix comment in passport test Co-Authored-By: Esben Sparre Andreasen <42067045+esben-semmle@users.noreply.github.com>	2019-09-09 12:59:38 +01:00
semmle-qlci	2283195ebd	Merge pull request #1871 from asger-semmle/type-tracking-through-imports Approved by xiemaisi	2019-09-09 12:25:06 +01:00
Erik Krogh Kristensen	26f6b1d186	add model for passport.use in the Express model	2019-09-09 12:01:11 +01:00
Asger F	65862c922c	JS: Update tests	2019-09-09 10:53:13 +01:00
Asger F	631ff27d31	JS: Use ValueNode for all ImportSpecifiers	2019-09-09 10:53:13 +01:00
Asger F	61e1d793df	JS: Fixes in DeadStoreOfLocal	2019-09-09 10:51:21 +01:00
Asger F	5573279580	JS: regression test for DeadStoreOfLocal	2019-09-09 10:51:21 +01:00
Asger F	3b962dce22	JS: Add explicit type tracking test	2019-09-09 10:51:21 +01:00
Asger F	afcdc12e7b	JS: Use ValueNode, not SSA node, to model NamedImportSpecifier	2019-09-09 10:51:17 +01:00

1 2 3 4 5 ...

2076 Commits