codeql

mirror of https://github.com/github/codeql.git synced 2026-01-06 19:20:25 +01:00

Author	SHA1	Message	Date
Asger F	699d3a0a0a	JS: Update a RegExp injection test RegExpInjection does not use client-side sources, but one of its tests was using postMessage events as the taint source. Updating the test to use a different taint source.	2024-08-16 14:20:34 +02:00
Asger F	40daa9c906	JS: Update RegExpInjection test and expectations	2023-05-26 14:05:36 +02:00
erik-krogh	393649b7ce	don't call environment variables for command-line arguments	2023-02-14 14:27:41 +01:00
erik-krogh	36478124ae	add process.env and process.argv etc. as source for `js/regex-injection`	2023-02-14 14:21:53 +01:00
erik-krogh	368f84785b	fix some more style-guide violations in the alert-messages	2022-10-07 11:22:22 +02:00
erik-krogh	aa56ca37ae	make the alert messages of taint-tracking queries more consistent	2022-09-05 14:04:52 +02:00
Asger Feldthaus	16e3681fd3	JS: Update RegExpInjection test case	2021-06-22 12:00:04 +02:00
Erik Krogh Kristensen	33641c84f6	recognize sanitizing string replace call for regexp-injection	2021-05-14 11:58:27 +02:00
Erik Krogh Kristensen	ab53f3b380	add `array.filter()` as a taint-step	2021-05-05 12:03:14 +02:00
Max Schaefer	b42026a90a	JavaScript: Update expected output.	2019-10-29 15:36:24 +00:00
Max Schaefer	dc1d1c2f22	JavaScript: Update expected output.	2019-10-29 15:30:06 +00:00
Max Schaefer	6964945c74	JavaScript: Restrict `edges` to only contain `nodes`.	2019-10-29 15:03:52 +00:00
Asger F	50a77ea843	JS: update test expectations	2019-03-06 08:41:03 +00:00
Max Schaefer	9221b62ded	JavaScript: Update expectd test output for security path queries to include `nodes` and `edges` query predicates.	2018-11-14 09:32:31 +00:00
Esben Sparre Andreasen	b9d825b379	JS: better matching of String.prototype.search in js/regex-injection	2018-09-05 08:35:00 +02:00
Pavel Avgustinov	b55526aa58	QL code and tests for C#/C++/JavaScript.	2018-08-02 17:53:23 +01:00

16 Commits