hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,663 Commits 1,712 Branches 163 Tags
e00951edf078d8d99752f14722e2d9ce8994867e
Commit Graph

2023 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
73d1fac88e support named tuples where not all tuple elements are named 2020-08-17 16:20:26 +02:00
Erik Krogh Kristensen
d35d3f4271 add test for catch with type unknown 2020-08-13 09:37:55 +02:00
Erik Krogh Kristensen
d95d427c5b better support for the &&=, ||=, and ??= operators 2020-08-13 09:22:32 +02:00
Erik Krogh Kristensen
fd9eb1d40b use Identifier instead of just a plain string when getting tuple-element-names 2020-08-12 16:55:55 +02:00
Erik Krogh Kristensen
a7a016c5df update expected output 2020-08-12 13:29:43 +02:00
Erik Krogh Kristensen
0e33eae960 add dbscheme upgrade script 2020-08-12 11:50:32 +02:00
Erik Krogh Kristensen
26dcd2faae add support for getting the name from named tuple elements 2020-08-12 10:33:49 +02:00
Erik Krogh Kristensen
d2c87d0a2e add support for the new assign expression in TypeScript 4 2020-08-11 13:57:11 +02:00
Erik Krogh Kristensen
2f34990ae6 add another test for spread elements in tuple types 2020-08-11 13:57:11 +02:00
Erik Krogh Kristensen
ea583fe862 add basic support for named tuple elements 2020-08-11 13:57:11 +02:00
Erik Krogh Kristensen
2612e0c5dd add test for spread in tuple in non-last position 2020-08-11 13:57:11 +02:00
Erik Krogh Kristensen
b602a36a24 add test for generic spreads in a tuple 2020-08-11 13:57:11 +02:00
Erik Krogh Kristensen
aab2e6f803 update name of test file 2020-08-07 18:20:22 +02:00
Erik Krogh Kristensen
f70cb2e7b3 add test for new JSON serializers 2020-08-05 12:14:56 +02:00
CodeQL CI
8855ab8c8c Merge pull request #3835 from Raz0r/js/xss-protocol-sinks 
Approved by erik-krogh
 2020-08-03 15:40:05 +01:00
CodeQL CI
a4f8b19ae4 Merge pull request #3876 from erik-krogh/CWE078-Correctness 
Approved by esbena
 2020-08-03 15:38:51 +01:00
CodeQL CI
c8e5db189a Merge pull request #3913 from erik-krogh/topmost 
Approved by asgerf
 2020-08-03 13:18:22 +01:00
Erik Krogh Kristensen
f5cc14f980 fix typo 2020-08-03 13:49:21 +02:00
CodeQL CI
0bbdc70cdb Merge pull request #3864 from erik-krogh/exprString 
Approved by asgerf, esbena
 2020-08-03 09:25:17 +01:00
Max Schaefer
91762ec274 JavaScript: Add partial model for opener. 
3.5M weekly downloads.

Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
 2020-07-27 11:42:32 +01:00
Max Schaefer
9aa26fa4bc JavaScript: Add model for foreground-child. 
>1M weekly downloads, so seems worth doing.
 2020-07-27 11:37:06 +01:00
Max Schaefer
2f842042ea JavaScript: Model another execa function relevant for command injection. 2020-07-27 11:34:04 +01:00
semmle-qlci
e167b87150 Merge pull request #3932 from max-schaefer/portals-additions 
Approved by esbena
 2020-07-09 11:43:45 +01:00
Max Schaefer
7a1410e0d5 JavaScript: Update and expand tests. 2020-07-09 09:25:52 +01:00
Erik Krogh Kristensen
022cafebd3 make sure the consisntecy-checking library does not mix configurations 2020-07-08 10:28:41 +02:00
Erik Krogh Kristensen
ec38df69b3 update consistency comments for CWE-918 2020-07-08 10:24:55 +02:00
Erik Krogh Kristensen
c5285f7418 update inconsistency comment for CWE-843 2020-07-08 10:16:43 +02:00
Erik Krogh Kristensen
45b6906a0d move comments to match alert location for CWE-834 2020-07-08 10:16:04 +02:00
Erik Krogh Kristensen
71a3d49d2b update comments to match alert location for CWE-807 2020-07-08 10:15:26 +02:00
Erik Krogh Kristensen
d814e73023 update comment position to match alert location for CWE-798 2020-07-08 10:12:12 +02:00
Erik Krogh Kristensen
bcffc97de7 update comment position to match alert location for CWE-776 2020-07-08 10:10:31 +02:00
Erik Krogh Kristensen
2235634347 update consistency comments for CWE-754 2020-07-08 10:08:51 +02:00
Erik Krogh Kristensen
0d64a0f2c8 update consistency comment for CWE-730 2020-07-08 10:07:34 +02:00
Erik Krogh Kristensen
5a87628478 update consistency comments for CWE-611 2020-07-08 10:03:03 +02:00
Erik Krogh Kristensen
1f1c09af02 update consistency comments for CWE-601 2020-07-08 10:02:29 +02:00
Erik Krogh Kristensen
ce6a211340 update inconsistency comment for CWE-506 2020-07-08 10:01:40 +02:00
Erik Krogh Kristensen
bf36137834 update inconsistency comment for CWE-346 2020-07-08 10:01:04 +02:00
Erik Krogh Kristensen
16b0427dc4 update inconsistency comment for CWE-338 2020-07-08 10:00:19 +02:00
Erik Krogh Kristensen
9bcbedde46 update consistency comment in passwords.js 2020-07-08 09:55:00 +02:00
Erik Krogh Kristensen
664c5e64b4 add [INCONSISTENCY] comment in CodeInjection test 2020-07-08 09:48:12 +02:00
Erik Krogh Kristensen
00e900f1b1 only include named topmost package.json files for js/shell-command-constructed-from-input 2020-07-08 09:25:08 +02:00
Raz0r
3487ec17d0 add tests 2020-07-07 16:26:14 +03:00
Erik Krogh Kristensen
442ee8d1cc add consistency-checking for CWE-089 2020-07-06 19:02:50 +02:00
semmle-qlci
fe0c5a9ea6 Merge pull request #3892 from asger-semmle/js/redirect-starts-with-sanitizer 
Approved by esbena
 2020-07-06 17:04:30 +01:00
semmle-qlci
6d80445f24 Merge pull request #3851 from erik-krogh/queryStuff 
Approved by esbena
 2020-07-06 14:40:41 +01:00
Erik Krogh Kristensen
2a8b37e004 update consistency comments in unsafe-jquery-plugin.js 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-07-06 14:15:23 +02:00
Erik Krogh Kristensen
c986f3bb7c add consistency checking for CWE-079 2020-07-06 13:42:35 +02:00
Erik Krogh Kristensen
dc8042adeb introduce conistency-checking for CWE-078 2020-07-06 12:47:56 +02:00
Erik Krogh Kristensen
8585312271 fix typo in js/shell-command-constructed-from-input 2020-07-06 10:33:49 +02:00
Asger Feldthaus
b5104ae42d JS: Add StartsWith sanitizer 2020-07-03 14:46:07 +01:00