codeql

mirror of https://github.com/github/codeql.git synced 2026-01-16 07:54:52 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	a17d152ca4	Merge branch 'js-team-sprint' into priv-file-polish	2020-06-19 13:19:10 +02:00
Erik Krogh Kristensen	dcf617b235	Merge branch 'js-team-sprint' into bad-random-polish	2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen	1556b62007	Merge branch 'js-team-sprint' into priv-file-polish	2020-06-18 16:40:53 +02:00
Erik Krogh Kristensen	218338b4f1	Merge branch 'js-team-sprint' into bad-random-polish	2020-06-17 21:04:00 +02:00
Erik Krogh Kristensen	73f26956a6	Merge branch 'js-team-sprint' into priv-file-polish	2020-06-17 21:03:09 +02:00
Erik Krogh Kristensen	bdda587247	Merge branch 'js-team-sprint' into build-leaks	2020-06-17 19:51:30 +02:00
Erik Krogh Kristensen	fa0a8c3423	add documentation examples as tests	2020-06-17 11:37:32 +02:00
Erik Krogh Kristensen	639907967f	add home/rootdir as leaking folders	2020-06-17 10:46:42 +02:00
Erik Krogh Kristensen	6675ddae12	add more libraries that serve static files to js/exposure-of-private-files	2020-06-17 10:00:59 +02:00
Erik Krogh Kristensen	210e71cd93	update expected output	2020-06-16 21:52:59 +02:00
Erik Krogh Kristensen	5ce17bea60	add qhelp for js/bad-code-sanitization	2020-06-16 16:23:41 +02:00
Erik Krogh Kristensen	a0951f76b6	add additional taint steps when type-tracking RemoteFlowSource	2020-06-16 14:55:07 +02:00
Erik Krogh Kristensen	696879653a	add qhelp to js/biased-cryptographic-random	2020-06-16 11:10:09 +02:00
Erik Krogh Kristensen	3ef5dc74a1	add backtracking to find division that end up being rounded	2020-06-15 17:10:10 +02:00
semmle-qlci	b6b838774e	Merge pull request #3704 from asger-semmle/js/cve-serve Approved by esbena	2020-06-15 09:54:17 +01:00
Asger Feldthaus	315f3389d1	JS: Autoformat test	2020-06-12 19:58:05 +01:00
Asger F	d844e0025a	Merge pull request #3651 from esbena/js/bad-multicharacter-sanitization JS: initial version of IncompleteMultiCharacterSanitization.ql	2020-06-12 16:25:22 +01:00
Asger Feldthaus	5548606f21	JS: Add test	2020-06-12 13:02:33 +01:00
Erik Krogh Kristensen	01c51eea89	Merge pull request #3680 from erik-krogh/bad-code-sanitizer JS: Add query to detect bad code sanitizers	2020-06-12 14:00:21 +02:00
semmle-qlci	2342d3dba3	Merge pull request #3662 from asger-semmle/js/package-export-fixes Approved by esbena	2020-06-12 12:18:23 +01:00
Erik Krogh Kristensen	c9fc1a378d	Merge pull request #3663 from erik-krogh/bad-crypto JS: Introduce query to detect biased random number generators	2020-06-12 11:32:12 +02:00
Erik Krogh Kristensen	86b23b239e	Merge pull request #3656 from erik-krogh/destruct-yargs JS: support rest-patterns inside property patterns	2020-06-12 10:57:24 +02:00
Erik Krogh Kristensen	02c4a0477d	add tests for js/build-artifact-leak	2020-06-12 10:21:37 +02:00
Esben Sparre Andreasen	1bdae109c5	Merge pull request #3686 from esbena/js/insecure-http-options JS: add query js/disabling-certificate-validation	2020-06-12 08:40:12 +02:00
semmle-qlci	5c2f1169d0	Merge pull request #3679 from asger-semmle/js/dom-value-ref-restriction Approved by erik-krogh, esbena	2020-06-12 07:39:26 +01:00
Esben Sparre Andreasen	243e3ad9e3	Merge pull request #3672 from esbena/js/server-crashing-route-handler JS: add initial version of ServerCrash.ql	2020-06-12 08:38:37 +02:00
Erik Krogh Kristensen	ef72c03ca9	use simpler taint-step for DestructingPattern	2020-06-11 23:16:46 +02:00
Esben Sparre Andreasen	bc7f02156b	JS: replace class with two predicates (and improve alert message)	2020-06-11 13:20:46 +02:00
Erik Krogh Kristensen	7c7af8d841	less heuristics when flagging division that is rounded	2020-06-11 12:55:13 +02:00
Esben Sparre Andreasen	2e059376fd	JS: add query js/disabling-certificate-validation	2020-06-11 12:32:01 +02:00
Erik Krogh Kristensen	c375a0c611	fix compilation and update expected output	2020-06-11 11:16:38 +02:00
Erik Krogh Kristensen	1124816f73	fixing FPs in `js/biased-cryptographic-random`	2020-06-11 11:06:02 +02:00
Asger Feldthaus	4bb2e8b637	JS: Update test externs and include array indices	2020-06-11 09:53:55 +01:00
Erik Krogh Kristensen	aa3482cbae	improve detection of duplicate results with `js/code-injection`	2020-06-10 22:58:02 +02:00
Esben Sparre Andreasen	d6ae905eac	JS: remove speculative property access sink from js/server-crash	2020-06-10 21:40:12 +02:00
Erik Krogh Kristensen	373a437d71	add query to detect improperly sanitized code	2020-06-10 19:50:12 +02:00
Erik Krogh Kristensen	5c31b94761	autoformat and update expected output	2020-06-10 18:00:56 +02:00
Asger Feldthaus	f23c6030aa	JS: Restrict domValueRef to known DOM property names	2020-06-10 15:14:23 +01:00
Asger Feldthaus	bb2b7fb6fb	JS: Add test with class stored in global variable	2020-06-10 15:14:23 +01:00
Asger Feldthaus	36c4803694	JS: Add test	2020-06-10 14:08:33 +01:00
semmle-qlci	df79f2adc5	Merge pull request #3655 from asger-semmle/js/string-ops-regexp-test-fix Approved by esbena	2020-06-10 13:35:22 +01:00
Esben Sparre Andreasen	1d396524a3	JS: add initial version of ServerCrash.ql	2020-06-10 14:25:56 +02:00
Erik Krogh Kristensen	c4f61134f1	include the source of cryptographically random number in alert message	2020-06-10 13:32:46 +02:00
Erik Krogh Kristensen	7e8fd80327	use steps from InsecureRandomness, and use small-steps	2020-06-10 12:27:50 +02:00
Erik Krogh Kristensen	9189f23403	add support for secure-random	2020-06-10 10:39:02 +02:00
Erik Krogh Kristensen	16ec405724	add explanations about modulo by power of 2	2020-06-10 10:38:47 +02:00
Erik Krogh Kristensen	111f6d406c	introduce query to detect biased random number generators	2020-06-10 10:00:10 +02:00
Erik Krogh Kristensen	b8a9ac39f4	add lValueFlowStep for rest-pattern nested inside a property-pattern (and removed old incorrect approach)	2020-06-09 18:16:00 +02:00
Erik Krogh Kristensen	b6e0e6645f	Merge pull request #3645 from erik-krogh/infExposure JS: add query to detect accidential leak of private files	2020-06-09 17:38:31 +02:00
Erik Krogh Kristensen	b510e470b1	support rest-patterns inside property patterns	2020-06-09 13:28:56 +02:00

1 2 3 4 5 ...

1862 Commits