hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,168 Commits 1,672 Branches 157 Tags
d946a61d6e98cd561f2844b0500049b83208b19f
Commit Graph

3849 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
d946a61d6e update expected output 2020-09-03 13:32:54 +02:00
Erik Krogh Kristensen
1f9749fbfe revert mailto: change in TargetBlank.ql 2020-09-03 09:39:01 +02:00
Erik Krogh Kristensen
d7a96d685a simplify implementation of getDelimiterMatchingRegexp 2020-09-03 09:37:43 +02:00
Erik Krogh Kristensen
f0a0f41c3c allow urls that are prefixed with # or ? in js/unsafe-external-link 2020-09-02 10:19:42 +02:00
Erik Krogh Kristensen
f7edf28d0d allow mailto links in js/unsafe-external-link 2020-08-31 16:01:28 +02:00
Erik Krogh Kristensen
f4060723bb add stats for new properties 2020-08-28 12:43:26 +02:00
Erik Krogh Kristensen
038cca814a Merge branch 'main' into ts4 2020-08-28 10:27:49 +02:00
CodeQL CI
80cb8be405 Merge pull request #4155 from asger-semmle/js/lower-duplicate-element-id-precision 
Approved by esbena
 2020-08-28 08:52:58 +01:00
CodeQL CI
ac94869978 Merge pull request #3978 from dellalibera/js/insecure-cookies 
Approved by esbena
 2020-08-28 08:31:38 +01:00
Asger Feldthaus
e7a0bc6be6 JS: Lower precision of ambiguous HTML ID attribute 2020-08-27 15:51:34 +01:00
Esben Sparre Andreasen
9aa1404646 JS: fix formatting of InsecureCookie.qll 2020-08-27 09:44:45 +02:00
Esben Sparre Andreasen
67278d9c93 Merge pull request #4141 from esbena/js/clarify-sanitization 
JS: make sanitization a "common" technique rather than "important"
 2020-08-27 08:08:17 +02:00
ubuntu
cd1d50b637 Update expected output 2020-08-26 23:50:15 +02:00
Alessio Della Libera
dcf51c75e9 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 23:33:52 +02:00
Esben Sparre Andreasen
d27442e846 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-26 20:18:54 +02:00
Esben Sparre Andreasen
89305865d0 JS: make sanitization a "common" technique rather than "important" 2020-08-26 15:41:54 +02:00
Alessio Della Libera
e027c8cc13 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 01:48:05 +02:00
Alessio Della Libera
a1f64e26cf Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 01:47:52 +02:00
Alessio Della Libera
3bd7615a75 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 01:47:37 +02:00
Alessio Della Libera
57cf447188 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 01:46:59 +02:00
CodeQL CI
722b1a24f6 Merge pull request #4087 from erik-krogh/thisJsx 
Approved by asgerf
 2020-08-25 10:20:32 +01:00
CodeQL CI
844abc51e8 Merge pull request #4108 from erik-krogh/packType 
Approved by asgerf
 2020-08-25 10:17:28 +01:00
ubuntu
22f5ae4ad4 Format code 2020-08-24 18:53:37 +02:00
CodeQL CI
e2c6a01c00 Merge pull request #4097 from erik-krogh/createRequire 
Approved by esbena
 2020-08-24 15:57:10 +01:00
Erik Krogh Kristensen
309346841a Merge branch 'main' into packType 2020-08-24 12:44:24 +02:00
Erik Krogh Kristensen
eb84f97e7f Merge branch 'main' into ts4 2020-08-24 12:20:48 +02:00
Erik Krogh Kristensen
db57f3661e Merge branch 'main' into ts4 2020-08-21 15:08:30 +02:00
Erik Krogh Kristensen
65a1769d43 Merge branch 'main' into asyncCalls 2020-08-21 14:58:27 +02:00
Erik Krogh Kristensen
bbbb0a2c5e specialize module.createRequire support to ES2015 modules 2020-08-21 14:14:05 +02:00
CodeQL CI
29183fa0a1 Merge pull request #4067 from erik-krogh/noBin 
Approved by esbena
 2020-08-20 23:07:02 +01:00
Erik Krogh Kristensen
68f7942820 Merge branch 'main' into noBin 2020-08-20 15:58:15 +02:00
Erik Krogh Kristensen
fa8edeed6a change StoredXss example to use TypeTracking 2020-08-20 15:05:38 +02:00
Erik Krogh Kristensen
906705f84c add SourceNode example to the TrackedNode deprecation description 2020-08-20 15:01:40 +02:00
Erik Krogh Kristensen
372e1a3d84 support the "type" field on package.json files while extracting 2020-08-20 14:26:15 +02:00
Erik Krogh Kristensen
fe41521e0c add tutorial for how to get around TrackedNodes deprecation 2020-08-20 12:46:17 +02:00
Erik Krogh Kristensen
8f68f512df deprecate TrackedNodes.qll 2020-08-20 11:26:22 +02:00
Erik Krogh Kristensen
3d5c1560e4 basic support for .cjs files 2020-08-19 10:53:57 +02:00
Erik Krogh Kristensen
103f739d16 add test for types of modules 2020-08-19 10:52:38 +02:00
Erik Krogh Kristensen
1e65ed2228 support module.createRequire 2020-08-18 14:43:03 +02:00
Erik Krogh Kristensen
d1b3963e2d correctly treat ES2015 modules as being in strict-mode in the extractor 2020-08-18 10:13:20 +02:00
Erik Krogh Kristensen
eb5dfe8438 autoformat 2020-08-17 22:46:20 +02:00
Erik Krogh Kristensen
73d1fac88e support named tuples where not all tuple elements are named 2020-08-17 16:20:26 +02:00
Erik Krogh Kristensen
83ed41b247 move indices comment into plain comment 2020-08-17 15:43:52 +02:00
Erik Krogh Kristensen
c28889225a skip binary files when extracting JavaScript 2020-08-17 15:21:15 +02:00
CodeQL CI
c917cd02bd Merge pull request #4054 from erik-krogh/urlIncludes 
Approved by esbena
 2020-08-17 13:54:25 +01:00
Erik Krogh Kristensen
6f28ddf1f8 proper support for this inside a JSX-name 2020-08-17 14:23:42 +02:00
ubuntu
8ec91ef0c6 Change polarity predicate isInsecure 2020-08-16 15:23:29 +02:00
ubuntu
5d6e6be4e4 Add query-tests 2020-08-16 15:02:52 +02:00
ubuntu
3e9142bf71 Remove examples 2020-08-16 14:58:37 +02:00
ubuntu
2a322976c6 Changed .qhelp 2020-08-16 14:57:04 +02:00