hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,351 Commits 1,672 Branches 157 Tags
d8a96dd7713045de9bc3d7f536d4b5e2fa11a38f
Commit Graph

754 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
87d283aa6c add tests for third party command execution libraries (and two small fixes) 2020-02-25 10:50:59 +01:00
Erik Krogh Kristensen
fb94af9764 remove the last dependency on PrettyPrinting 2020-02-24 13:18:15 +01:00
Erik Krogh Kristensen
473787a426 refactor the getOptionsArg predicate into the SystemCommandExecution class 2020-02-24 12:59:20 +01:00
Erik Krogh Kristensen
44db0f4e5d better printing of the options arg 2020-02-21 15:39:49 +01:00
Erik Krogh Kristensen
75410e5760 big refactor of UselessUseOfCal 2020-02-21 14:26:42 +01:00
Erik Krogh Kristensen
b1cbfce50b use SystemCommandExecution and a few small fixes 2020-02-20 14:17:37 +01:00
Erik Krogh Kristensen
12c0291dde require that an options object has a known set of properties 2020-02-20 11:35:11 +01:00
Erik Krogh Kristensen
b5ef45e6c2 add isSync predicate to SystemCommandExecution 2020-02-20 11:30:23 +01:00
Erik Krogh Kristensen
a193cb110e support arrow functions in the callbacks 2020-02-20 11:13:39 +01:00
Erik Krogh Kristensen
56f3e431f9 update expected output 2020-02-20 10:28:53 +01:00
Erik Krogh Kristensen
bdab9ee12b change useless cat query to only flag instances that can be re-written to 2020-02-19 16:59:28 +01:00
Erik Krogh Kristensen
344060e139 accept IO redirections as OK 2020-02-19 10:12:24 +01:00
Erik Krogh Kristensen
73a7d406a5 add query for useless use of cat 2020-02-18 19:18:45 +01:00
Esben Sparre Andreasen
abe7aeef7c Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
semmle-qlci
da566a4484 Merge pull request #2828 from erik-krogh/CVE24 
Approved by esbena
 2020-02-14 09:12:48 +00:00
semmle-qlci
769dce511b Merge pull request #2788 from erik-krogh/CVE42-sink 
Approved by esbena
 2020-02-14 08:00:00 +00:00
Erik Krogh Kristensen
897bb4d801 add test for chrome-remote-interface 2020-02-13 15:12:45 +01:00
Erik Krogh Kristensen
c6668da02e expand how indirectCommandArguments are found 2020-02-07 15:00:05 +01:00
Esben Sparre Andreasen
736ccb98c2 JS: model the send library for js/path-injection 2020-02-07 12:45:32 +01:00
Erik Krogh Kristensen
8ea6070120 add indirect command injection sink for a concatenated array 2020-02-07 11:04:34 +01:00
Asger Feldthaus
f84af74d1d JS: Handle more libraries 2020-02-06 14:59:52 +00:00
Asger Feldthaus
c559ab13e7 JS: Add test and handle parameter with source object 2020-02-06 14:59:52 +00:00
Erik Krogh Kristensen
d8a30c48a3 update expected output of TaintedPath tests 2020-02-06 09:47:15 +01:00
semmle-qlci
163285bee7 Merge pull request #2735 from asger-semmle/prototype-pollution-manual-dataflow 
Approved by esbena
 2020-02-05 12:52:59 +00:00
semmle-qlci
53763c789f Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path 
Approved by erik-krogh
 2020-02-05 10:53:39 +00:00
semmle-qlci
52f34d7178 Merge pull request #2715 from erik-krogh/PrivateFields 
Approved by asgerf
 2020-02-05 10:20:28 +00:00
Asger Feldthaus
c185cededf JS: More pruning and more data flow 2020-02-04 15:06:42 +00:00
Erik Krogh Kristensen
15e26666cd add declaration for private field in syntax error test 2020-02-04 14:05:09 +01:00
semmle-qlci
bd51ef35b7 Merge pull request #2731 from erik-krogh/CVE527 
Approved by esbena
 2020-02-04 08:38:26 +00:00
Esben Sparre Andreasen
bbd60f52ba JS: add additional flow steps to js/path-injection 2020-02-03 16:36:25 +01:00
Erik Krogh Kristensen
e3189aaa47 raise syntax error on declaration of private method, and add syntax tests for private fields 2020-02-03 16:00:25 +01:00
Esben Sparre Andreasen
c70997febf JS: address review comments for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
2ad9b843ae JS: fix FP for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
cfd567f01d JS: fix FP for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
9e247921fc JS: add FP tests for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
fef918ac13 JS: add query "Unsafe jQuery plugin" 2020-01-31 19:33:04 +01:00
Erik Krogh Kristensen
e6d46b9279 add test for new prefix check on TaintedPath 2020-01-31 12:35:03 +01:00
Erik Krogh Kristensen
162c19c348 changes based on review 2020-01-30 14:04:04 +01:00
Erik Krogh Kristensen
7637ebcc03 Merge remote-tracking branch 'upstream/master' into exceptionFPs 2020-01-30 10:56:41 +01:00
Asger Feldthaus
b98db62e82 JS: Recognize req.user a cookie access 2020-01-24 09:44:20 +00:00
Asger Feldthaus
a68bb9ffd1 JS: Ignore calls and csrf/captcha access 2020-01-23 15:32:05 +00:00
Asger Feldthaus
b1ec3e1bf2 JS: Add test and dont check predecessors 2020-01-23 14:59:03 +00:00
Erik Krogh Kristensen
6494649125 fix a number of FPs in js/exception-xss 2020-01-20 15:11:57 +01:00
semmle-qlci
4efc418e2c Merge pull request #2617 from asger-semmle/prototype-pollution-utility 
Approved by esbena, mchammer01
 2020-01-16 13:02:07 +00:00
Asger Feldthaus
6d9306366c JS: ignore useless-expr in first stmt in try block 2020-01-15 11:49:23 +00:00
semmle-qlci
3c4749be88 Merge pull request #2624 from asger-semmle/js-duplicate-alert-strict-mode 
Approved by max-schaefer
 2020-01-14 11:59:45 +00:00
Asger F
2c05ee8ab8 JS: Add regression test 2020-01-14 10:53:00 +00:00
Asger F
9bd3c4a11c JS: Add sanitizer for "in" exprs 2020-01-14 10:53:00 +00:00
Asger Feldthaus
7ac30e2289 JS: Add test for rephinement nodes 2020-01-14 10:53:00 +00:00
Asger F
a447645c10 JS: Add test with typeof on value 2020-01-14 10:52:59 +00:00