hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,352 Commits 1,671 Branches 157 Tags
ee0140e7044ea81b7b08c20e68dbcce54ab5366b
Commit Graph

5987 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
ee0140e704 share code between unsafe-shell and unsafe-html queries 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
23908f9ec2 remove flowpaths that has a returns without a matching call 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
6e754c70aa add test for js/html-constructed-from-input 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
e86a3b5e57 add js/html-constructed-from-input query 2021-05-06 11:04:49 +02:00
Erik Krogh Kristensen
a400a1e9d4 split the markdown steps into a separate class 2021-05-06 10:44:39 +02:00
CodeQL CI
69cd9dfb7d Merge pull request #5826 from erik-krogh/moreLib 
Approved by esbena
 2021-05-05 04:40:49 -07:00
Erik Krogh Kristensen
e333267e69 require that the factory function is in a main module file 2021-05-05 12:00:38 +02:00
Erik Krogh Kristensen
fc3f5adbbb more source code examples in PackageExports.qll 2021-05-05 11:48:41 +02:00
Erik Krogh Kristensen
28eef264e5 recognize the define(..) call in PackageExports.qll 2021-05-05 11:23:25 +02:00
Erik Krogh Kristensen
3ca670146e remove outdated comment 2021-05-05 11:10:45 +02:00
CodeQL CI
b160badbf6 Merge pull request #5768 from erik-krogh/cacheMore 
Approved by esbena
 2021-05-04 04:16:15 -07:00
Erik Krogh Kristensen
aaf754ebf5 recognize more library input 2021-05-04 10:06:14 +02:00
CodeQL CI
6931d9a6f7 Merge pull request #5785 from edvraa/httponlyjs 
Approved by esbena
 2021-05-03 23:14:26 -07:00
edvraa
6fa2f1e653 update test message 2021-05-04 00:32:01 +03:00
Edwin
27c680e28b Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-03 16:41:09 +03:00
edvraa
cef845ac47 Support string expressions 2021-05-03 13:46:56 +03:00
edvraa
ea38f0d3bd a new test for simple flow 2021-05-03 12:19:05 +03:00
edvraa
000826af11 typo 2021-05-03 12:18:43 +03:00
edvraa
65183cde80 Move to experimental 2021-05-03 09:59:52 +03:00
edvraa
bd99114cd6 Comments added 2021-05-03 09:55:04 +03:00
edvraa
a24c1c8114 fix comment 2021-05-03 00:36:38 +03:00
edvraa
fa94fedfc3 simple dataflow for sensitive name 2021-05-03 00:36:26 +03:00
edvraa
97bc7e38d2 check for sensitive property name 2021-05-03 00:31:29 +03:00
edvraa
7ab91bb185 Inline getOptionsArgument 2021-05-03 00:09:15 +03:00
Rasmus Wriedt Larsen
af0723c185 Merge pull request #5656 from asgerf/js/files-diagnostics 
JS: Add file diagnostics queries
 2021-04-29 11:53:11 +02:00
CodeQL CI
3240536d0e Merge pull request #5798 from erik-krogh/trackLoc 
Approved by esbena
 2021-04-29 00:45:21 -07:00
Erik Krogh Kristensen
dfd63e5d5a track window object to where .location is read 2021-04-28 18:52:00 +02:00
Erik Krogh Kristensen
d5450f1df6 use isWildcardLike in MetacharEscapeSanitizer 2021-04-28 11:46:50 +02:00
Erik Krogh Kristensen
d07c71c99d unlimited repetition of a wildcard is also a wildcard 2021-04-28 11:46:35 +02:00
Erik Krogh Kristensen
160fa148f1 move InfiniteRepetitionQuantifier to Regexp.qll 2021-04-28 11:39:28 +02:00
Erik Krogh Kristensen
e60628d463 add global replacements using inverted char classes as a sanitizer for DOM based XSS 2021-04-28 11:29:30 +02:00
CodeQL CI
2b9fb79b1d Merge pull request #5786 from erik-krogh/anser 
Approved by esbena
 2021-04-27 14:40:48 -07:00
Erik Krogh Kristensen
9178f4b1c5 add support for the anser library 2021-04-27 15:57:17 +02:00
edvraa
3aec9c1a41 Cookies without HttpOnly 2021-04-27 16:28:32 +03:00
Erik Krogh Kristensen
4e8ae77b6f cache more predicates 2021-04-26 08:57:20 +02:00
Chris Smowton
78b9682a4e Fix dead links in JS externs too 2021-04-23 15:46:48 +01:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
CodeQL CI
635fb4c25a Merge pull request #5685 from erik-krogh/markdownIt 
Approved by asgerf
 2021-04-22 14:55:31 -07:00
CodeQL CI
bdb41423e2 Merge pull request #5748 from asgerf/js/rate-limiting-fixes 
Approved by erik-krogh
 2021-04-22 05:56:50 -07:00
Asger Feldthaus
fe8deeaf6b JS: Autoformat 2021-04-21 23:13:57 +01:00
Asger Feldthaus
e98bfe921e JS: QLDoc 2021-04-21 22:14:50 +01:00
Asger Feldthaus
bb7934b381 JS: Change note 2021-04-21 21:20:12 +01:00
Asger Feldthaus
c113cfd8b7 JS: Autoformat 2021-04-21 21:13:07 +01:00
Asger Feldthaus
2c9a6e7bef JS: Cache function-wrapping steps in type-tracking stage 2021-04-21 13:45:58 +01:00
Erik Krogh Kristensen
357e1c0802 Update javascript/ql/src/semmle/javascript/frameworks/Markdown.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-04-20 19:57:47 +02:00
Asger Feldthaus
43ca8ea5f7 JS: Fix perf issue in forwardsParameter 2021-04-20 15:15:12 +01:00
Erik Krogh Kristensen
62dfd1fa7d improve the markdown-it model 2021-04-20 15:23:03 +02:00
Erik Krogh Kristensen
19c5889775 use mayHaveBooleanValue 2021-04-20 14:39:54 +02:00
Erik Krogh Kristensen
13d915927b add change note 2021-04-20 14:39:54 +02:00
Erik Krogh Kristensen
7046f1a902 add taint-step for markdown-it when the HTML flag is set 2021-04-20 14:39:54 +02:00