hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 07:15:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
19,123 Commits 1,738 Branches 165 Tags
d8c9dba99007d8475a55bfe67778f2e43be99203
Commit Graph

5278 Commits

Author SHA1 Message Date
Asger Feldthaus
d8c9dba990 JS: Autoformat 2021-01-18 12:19:09 +00:00
Asger Feldthaus
5f4016be76 JS: Cache Import.getImportedModule 2021-01-18 12:19:09 +00:00
Asger Feldthaus
c5f2c04f16 JS: Add upgrade script 2021-01-18 12:19:09 +00:00
Asger Feldthaus
1b4a4ea2fa JS: Bump extractor version string 2021-01-18 12:19:09 +00:00
Asger Feldthaus
44c5d36e83 JS: Simple RxJS model 2021-01-18 12:19:09 +00:00
Asger Feldthaus
00cd0644f0 JS: Implement getAResponseDataNode 2021-01-18 12:19:09 +00:00
Asger Feldthaus
2f3cef177b JS: More steps in Angular2 model 2021-01-18 12:19:09 +00:00
Asger Feldthaus
c8901b62f5 JS: Add test for $any step 2021-01-18 12:19:08 +00:00
Asger Feldthaus
2ba98da107 JS: Only extract local vars in TemplateTopLevel 
Angular template expressions cannot refer to global variables, any
unqualified identifier is a reference to a property provided by the
component.

We extract them as implicitly declared local variables which the
QL model can then connect with data flow steps.
 2021-01-18 12:19:08 +00:00
Asger Feldthaus
faad466aa8 JS: Add ScopeKind enum 2021-01-18 12:19:08 +00:00
Asger Feldthaus
07cfceee19 JS: TRAP test for angular templates 2021-01-18 12:19:08 +00:00
Asger Feldthaus
3c0867125b JS: Remove FP in TargetBlank 2021-01-18 12:19:08 +00:00
Asger Feldthaus
97f7cb4dc1 JS: Track location information using SourceMaps 2021-01-18 12:19:08 +00:00
Asger Feldthaus
898d22d2f4 JS: Simplify HTML element access 2021-01-18 12:19:08 +00:00
Asger Feldthaus
f24af58a60 JS: Extract mapping from HTML node to parent Expression 2021-01-18 12:19:08 +00:00
Asger Feldthaus
3b666a5646 JS: Extract mapping from TopLevel to parent HTML node 2021-01-18 12:19:08 +00:00
Asger Feldthaus
8848ee2d10 JS: Extract HTML from inline templates 2021-01-18 12:19:08 +00:00
Asger Feldthaus
6bf9345258 JS: Add test for class with locally-unused field 2021-01-18 12:19:08 +00:00
Asger Feldthaus
cc952bd2a4 JS: Reorganize test a bit 2021-01-18 12:19:08 +00:00
Asger Feldthaus
1ab36dc81f JS: Flow through *ngFor loops 2021-01-18 12:19:08 +00:00
Asger Feldthaus
29dd8470d5 JS: Fix offset of *ngFor snippet 2021-01-18 12:18:27 +00:00
Asger Feldthaus
0da207a5f9 JS: Update test with pipes 2021-01-18 12:18:27 +00:00
Asger Feldthaus
d80313be4f JS: Model pipe classes 2021-01-18 12:18:27 +00:00
Asger Feldthaus
debb5691a1 JS: Make PipeRefExpr a SourceNode 2021-01-18 12:18:27 +00:00
Asger Feldthaus
fcb8124376 JS: Expose data flow node for field declaration 2021-01-18 12:18:26 +00:00
Asger Feldthaus
9ee893c9c1 JS: Add data flow steps in Angular2 model 2021-01-18 12:16:13 +00:00
Asger Feldthaus
77fcf3d8a2 JS: Support postfix "!" operator in templates 2021-01-18 12:16:13 +00:00
Asger Feldthaus
c08ba1416d JS: Add new SourceType for angular templates 2021-01-18 12:16:13 +00:00
Asger Feldthaus
b1d45a6773 JS: Mark angular pipe refs as incomplete 2021-01-18 12:16:13 +00:00
Asger Feldthaus
4b5a861ee6 JS: Add TopLevelKind enum 2021-01-18 12:16:13 +00:00
Asger Feldthaus
9b99f56d44 JS: isAngularTemplateAttributeName 2021-01-18 12:16:13 +00:00
Asger Feldthaus
ed27c8b13f JS: Add test and fix bug in pipe parser 2021-01-18 12:16:13 +00:00
Asger Feldthaus
16a2a60b9a JS: Add AngularPipeRef 2021-01-18 12:16:13 +00:00
Asger Feldthaus
928a382ad5 JS: Add parser for angular expressions 2021-01-18 12:16:13 +00:00
Asger Feldthaus
5fa3b17956 JS: Tolerate Angular-specific HTML attribute names 2021-01-15 14:51:10 +00:00
Asger Feldthaus
f33630aab6 JS: Reformat HTMLExtractor 2021-01-15 14:51:10 +00:00
CodeQL CI
4229f556cb Merge pull request #4751 from erik-krogh/logInjection 
Approved by asgerf, mchammer01
 2021-01-14 00:32:46 -08:00
Erik Krogh Kristensen
c98dacf842 changes based on doc review 2021-01-13 10:38:19 +01:00
CodeQL CI
1c8547c897 Merge pull request #4774 from erik-krogh/forms 
Approved by asgerf
 2021-01-12 02:01:38 -08:00
CodeQL CI
807fc94627 Merge pull request #4921 from erik-krogh/moreShellSan 
Approved by esbena
 2021-01-08 00:58:26 -08:00
Erik Krogh Kristensen
6423c32990 Update javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-07 22:02:39 +01:00
CodeQL CI
c193d9f375 Merge pull request #4823 from erik-krogh/furtherReDoS 
Approved by esbena
 2021-01-07 05:24:07 -08:00
Erik Krogh Kristensen
7eab08511b add source code examples to blocksCharInAccess 2021-01-07 13:58:26 +01:00
Erik Krogh Kristensen
8b03ab0c01 update docstring for getAShellChar 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-07 13:58:26 +01:00
Erik Krogh Kristensen
2aa59a3f8b support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input 2021-01-07 13:58:25 +01:00
Erik Krogh Kristensen
7e21081b70 add comment about regexp detected by js/polynomial-redos 2021-01-07 12:06:12 +01:00
Erik Krogh Kristensen
bfd8d1b1e9 Merge branch 'main' into revertSum 2021-01-06 23:04:08 +01:00
CodeQL CI
9d4cd0aa85 Merge pull request #4862 from erik-krogh/shellSanitizer 
Approved by esbena
 2021-01-06 11:16:12 -08:00
Erik Krogh Kristensen
f1cee70e82 add class-field flowstep to js/shell-command-constructed-from-input 2021-01-06 14:37:00 +01:00
Erik Krogh Kristensen
28cffa1e07 add comment in isFork about /(a*)*/ regular expressions 2021-01-06 10:44:13 +01:00