hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-08 08:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
68,288 Commits 1,731 Branches 164 Tags
dae2aeb7d384e84d2656930c6de2a943190175ea
Commit Graph

71 Commits

Author SHA1 Message Date
aegilops
86afd54a9b Moved new query to 'experimental' 
Moved lists of domains to data extensions, including adding those to the overall qlpack.yml

Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io
 2024-07-09 16:38:01 +01:00
Maiky
d0cf2a978c Merge branch 'main' into maikypedia/javascript-cors 2024-06-27 20:24:42 +02:00
Erik Krogh Kristensen
db768960f4 Merge pull request #15060 from am0o0/amammad-js-envinjection 
JS: Env Injection query
 2024-06-20 21:27:21 +02:00
Erik Krogh Kristensen
555d7e5958 Merge pull request #14293 from am0o0/amammad-js-CodeInjection_dynamic_import 
JS: Dynamic import as code injection sink
 2024-06-20 21:19:57 +02:00
am0o0
f0a467e80b update tests 2024-06-13 14:52:22 +02:00
am0o0
9db334d02f update select statement, update test cases 2024-06-07 21:26:20 +02:00
am0o0
2c9340331d update test cases expected results 2024-06-07 21:16:31 +02:00
am0o0
5e0a78c4c7 make predicate for env key and value nodes, use propertyRead/Write instead of API nodes to find env key and value assignments, fix a bug thanks to @erik-krogh 2024-06-07 21:15:30 +02:00
am0o0
1033bf9c4c remove unused imports from javascript test cases 2024-06-07 06:04:12 +02:00
am0o0
b9e3b3310e update the remote flow based query thanks to @erik-krogh, update tests and separate the local and remote query tests 2024-06-07 06:01:49 +02:00
am0o0
12df7dee17 Merge branch 'amammad-js-JWT' of https://github.com/amammad/codeql into amammad-js-JWT 2024-06-06 14:04:46 +02:00
Am
af016f9416 Merge branch 'github:main' into amammad-js-JWT 2024-06-06 15:33:26 +03:30
Am
e3e59e02e5 Merge branch 'github:main' into amammad-js-CodeInjection_dynamic_import 2024-06-04 16:22:06 +04:00
am0o0
2b929c4d2d remove old expected test file 2024-05-25 20:45:34 +02:00
am0o0
1fc481ce81 v2: it is basically the first stable version :)) 2024-05-25 20:43:36 +02:00
am0o0
ea05b297a3 update expected test files 2024-05-25 19:40:37 +02:00
am0o0
14daf58767 update tests, add test cases for query with local sources 2024-05-25 18:17:56 +02:00
am0o0
8fde8c2db4 change test dir name 2024-05-25 13:54:31 +02:00
am0o0
0895f7d971 update qlref files 2024-05-21 22:48:17 +02:00
am0o0
c470c078dc move to experimental 2024-05-21 22:42:16 +02:00
erik-krogh
c166cb406a Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-21 08:48:12 +02:00
GitHub Security Lab
df10a7e7f0 Merge branch 'main' into amammad-js-bombs 2024-01-25 11:23:38 +01:00
amammad
102f09aa23 extend tests 2023-12-10 20:33:00 +01:00
amammad
18d0b28024 v1 2023-12-10 20:27:21 +01:00
amammad
1547cd0546 added inline tests, move to experimental dir 2023-12-05 18:59:46 +01:00
Maiky
d661f7f482 Add Flow Labels 2023-11-22 19:50:16 +01:00
amammad
eb552b7c93 add failingPositiveTests to inlinetests 2023-11-22 08:00:38 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
Maiky
acac534ed0 Forgot .js 2023-10-16 19:29:57 +02:00
Maiky
07ad596f77 Add coverage for express 2023-10-16 16:48:32 +02:00
amammad
32859eb057 move to experimental 2023-10-10 22:46:44 +02:00
amammad
00b6e1f0b0 fix tests 2023-10-08 11:03:19 +02:00
Maiky
816eebbb51 Add .qhelp and apply some review changes 2023-10-02 18:05:39 +02:00
amammad
921198ed30 add separate query for sinks that accepts data: URL 2023-09-28 20:33:38 +10:00
amammad
8a80a734d8 fix an accident :) 2023-06-26 20:20:00 +10:00
amammad
307187f6c1 V1 2023-06-23 06:06:37 +10:00
jarlob
39ff3c72a2 Remove label sanitizer because it is prone to race conditions 2023-04-03 23:28:31 +02:00
jarlob
c6eaf194a5 Remove empty.js as it is not needed anymore 2023-04-03 15:09:40 +02:00
Erik Krogh Kristensen
2f8c9a5a2c Merge pull request #12171 from erik-krogh/reg-dot 
JS: dont recognize regexps that match dot as sanitizers
 2023-02-14 14:10:44 +01:00
erik-krogh
4140598769 update expected output for experimental query 2023-02-14 00:08:13 +01:00
erik-krogh
49f5e89f36 update expected output for experimental query 2023-01-23 22:29:49 +01:00
erik-krogh
ba2734909f JS: don't use deprecated files in tests 2022-11-17 22:12:50 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Erik Krogh Kristensen
5ebea8c75a fix express in the POI test 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
9cb7522bc1 change RouteSetup to a DataFlow::Node 2022-09-05 15:45:31 +02:00
Erik Krogh Kristensen
2a65d1d3ec move js/actions/injection out of experimental 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
8fb54c3f32 move js/resource-exhaustion out of experimental 2022-04-12 15:51:36 +02:00
luciaromeroML
1f2618b893 new test case for unknown base url 2021-09-27 17:37:11 -03:00
Nati Pesaresi
629efb85fb ternary operator 2021-09-02 17:55:09 -03:00
valeria-meli
0b5c8909dd tests 2021-08-03 18:00:49 -03:00