hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,046 Commits 1,672 Branches 157 Tags
ee43db1b58455865dc5f08dd38d174a25ec60ea0
Commit Graph

3365 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
ee43db1b58 slightly expand the $().each model 2020-04-23 16:49:47 +02:00
Erik Krogh Kristensen
448ed150df allow the empty string to flow to a JQuery XSS sink 2020-04-23 16:45:37 +02:00
Erik Krogh Kristensen
96896fd7f5 second round of UnsafeJQueryPlugin reuse 2020-04-23 15:12:32 +02:00
Erik Krogh Kristensen
ea569dba78 update doc for JQuery plugin predicate 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 15:03:39 +02:00
Erik Krogh Kristensen
1954a60b6e reuse existing predicate from UnsafeJqueryPlugin 2020-04-23 14:25:34 +02:00
Erik Krogh Kristensen
09b6727e6d refactor $.each model 2020-04-23 14:24:56 +02:00
Erik Krogh Kristensen
ce106981b3 add tests 2020-04-23 14:24:33 +02:00
Erik Krogh Kristensen
e7d8cd8e8c Merge remote-tracking branch 'upstream/master' into MoarJQuery 2020-04-23 14:10:53 +02:00
semmle-qlci
36b28386f8 Merge pull request #3332 from erik-krogh/JGrowl 
Approved by esbena
 2020-04-23 13:06:00 +01:00
Erik Krogh Kristensen
6897dda614 model that this in $().each(callback) is a DOM-node 2020-04-23 13:51:17 +02:00
Erik Krogh Kristensen
8de86967aa model that this in a jQuery plugin is a jQuery object 2020-04-23 13:48:54 +02:00
semmle-qlci
801ce89c67 Merge pull request #3099 from esbena/js/introduce-poi-utility 
Approved by erik-krogh
 2020-04-23 12:14:00 +01:00
Erik Krogh Kristensen
d8c498bd15 add NOT OK comment 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 12:17:25 +02:00
Erik Krogh Kristensen
e1423b0fa5 add test for jGrowl 2020-04-23 11:58:06 +02:00
Erik Krogh Kristensen
90652eeb25 add $.jGrowl as an XSS sink 2020-04-23 10:44:41 +02:00
semmle-qlci
da3292606c Merge pull request #3191 from erik-krogh/XssDom 
Approved by esbena, mchammer01
 2020-04-23 09:17:07 +01:00
Esben Sparre Andreasen
a66b4b55fe Update javascript/ql/src/experimental/poi/PoI.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-23 09:47:21 +02:00
Esben Sparre Andreasen
161c05dced Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-23 08:41:54 +02:00
Erik Krogh Kristensen
957e4073b0 use getABoundCallbackParameter in SocketIO 2020-04-22 21:56:34 +02:00
Erik Krogh Kristensen
40822e10b4 add SocketIO test case 2020-04-22 21:55:20 +02:00
Esben Sparre Andreasen
a0e6562208 JS: address review feedback 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
2747e2a0c7 JS: formatting 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
2186ca7efc JS: address non-semantic review feedback 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
27e5fce0ed JS: make the default PoIConfiguration/enabled inclusive 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
3b45bcd285 JS: remove the standard PoI configurations 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
dd6378f1d0 JS: address PoI review comments 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
b2ca3d2bdc JS: improve PoI::alertQuery docstring 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
a386d2dcee JS: add missing expected output 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
607d46e2f9 JS: improve PoI tests 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
c407cc072e JS: autoformat 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
e4ea089a0b JS: add experimental PoI module 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
ec73c97422 JS: refactor ClassifyFiles.qll from ClassifyFiles.ql 2020-04-22 14:24:34 +02:00
Erik Krogh Kristensen
ac26741816 reuse existing SanitizerGuard from UnsafeJQueryPlugin 2020-04-22 14:16:15 +02:00
Erik Krogh Kristensen
0a29d132d0 reuse existing logic in DomBasedXss 2020-04-22 13:50:43 +02:00
Erik Krogh Kristensen
7bfea946fd update links in xss-through-dom qhelp 2020-04-22 10:23:03 +02:00
Erik Krogh Kristensen
8811455d49 Merge remote-tracking branch 'upstream/master' into XssDom 2020-04-22 10:20:40 +02:00
Erik Krogh Kristensen
76503d3536 user controlled -> user-controlled 2020-04-22 10:08:01 +02:00
Erik Krogh Kristensen
947e9828da Update javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-22 10:07:50 +02:00
semmle-qlci
2fb711e460 Merge pull request #3169 from erik-krogh/Maps 
Approved by asgerf, esbena
 2020-04-21 12:12:06 +01:00
Erik Krogh Kristensen
59b94b3d1b revert back to having 2 separate cases in JQuery::MethodCall 2020-04-21 13:08:06 +02:00
semmle-qlci
53abf83229 Merge pull request #3304 from asger-semmle/js/typescript-unary-type-expr 
Approved by erik-krogh
 2020-04-21 10:38:59 +01:00
semmle-qlci
2ecef33c9d Merge pull request #3299 from asger-semmle/js/flows-to-redundant-check 
Approved by esbena
 2020-04-21 10:00:34 +01:00
semmle-qlci
80c20cb66e Merge pull request #3297 from asger-semmle/js/isambient-refactor 
Approved by esbena
 2020-04-21 09:36:14 +01:00
Asger Feldthaus
883846dfb6 JS: Fix extraction of negative number literal types 2020-04-20 16:17:15 +01:00
Asger Feldthaus
ca60e8264e JS: Autoformat 2020-04-20 14:42:41 +01:00
Erik Krogh Kristensen
9fc29ee0f8 update qhelp 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
73b0aa4004 add more attributes potentially vulnerable to xss-through-dom 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
12f4ce8111 merge two cases of jQuery method calls 2020-04-20 13:28:55 +02:00
Erik Krogh Kristensen
8b254f7b49 Merge remote-tracking branch 'upstream/master' into Maps 2020-04-20 13:00:39 +02:00
Asger Feldthaus
bccc27f1e7 JS: Rephrase flowsTo to avoid redundant SourceNode::Range check 2020-04-20 10:57:52 +01:00