hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,287 Commits 1,712 Branches 163 Tags
f4f8ce0d362a4e6e721237b711958fa8941fb016
Commit Graph

5666 Commits

Author SHA1 Message Date
CodeQL CI
f4f8ce0d36 Merge pull request #6294 from erik-krogh/arrify 
Approved by asgerf
 2021-07-16 02:08:19 -07:00
CodeQL CI
8ef57366c4 Merge pull request #6278 from erik-krogh/toUnicodeInAngular 
Approved by asgerf
 2021-07-16 02:07:18 -07:00
CodeQL CI
b14139f3a0 Merge pull request #6261 from max-schaefer/js/module-constructor 
Approved by asgerf
 2021-07-16 00:28:30 -07:00
Erik Krogh Kristensen
2b6790e914 update expected output 2021-07-15 15:54:51 +02:00
Erik Krogh Kristensen
d2c74480b9 add taint step through flatten libraries 2021-07-15 12:36:07 +02:00
Erik Krogh Kristensen
77f4d56cd9 add taint step through array-union, array-uniq, and uniq 2021-07-15 12:32:29 +02:00
Erik Krogh Kristensen
5ff7d208b7 add taint step through arrify 2021-07-15 11:24:50 +02:00
Erik Krogh Kristensen
e64f29fe8f add support for Array.prototype.find and polyfills 2021-07-15 11:16:06 +02:00
Erik Krogh Kristensen
f6f63e2811 add model for the array-from polyfill 2021-07-15 10:51:55 +02:00
Erik Krogh Kristensen
73491d88da use the new .toUnicode method in the Angular2 model 2021-07-14 10:19:48 +02:00
CodeQL CI
436168aa4f Merge pull request #6267 from erik-krogh/read-pkg 
Approved by asgerf
 2021-07-14 01:01:33 -07:00
CodeQL CI
f9b539e5b9 Merge pull request #6253 from asgerf/js/more-precise-capture-steps 
Approved by erik-krogh
 2021-07-13 07:42:07 -07:00
Erik Krogh Kristensen
086c9c8156 remove redundant getACall() 
Co-authored-by: Asger F <asgerf@github.com>
 2021-07-13 16:32:14 +02:00
CodeQL CI
9d59cba644 Merge pull request #6262 from erik-krogh/slash 
Approved by asgerf
 2021-07-13 05:44:55 -07:00
CodeQL CI
c87fe95d52 Merge pull request #6258 from erik-krogh/case 
Approved by asgerf
 2021-07-13 05:44:49 -07:00
CodeQL CI
b34f444c88 Merge pull request #6254 from erik-krogh/json2csv 
Approved by asgerf
 2021-07-13 05:44:36 -07:00
Erik Krogh Kristensen
07bc5856db add the cwd option from read-pkg as sink for path-injection 2021-07-12 23:43:15 +02:00
Erik Krogh Kristensen
cadbdcff0a add missing qldoc in MooTools.qll 2021-07-12 23:20:51 +02:00
Erik Krogh Kristensen
899e54fbc9 add support for the slash library 2021-07-12 16:36:54 +02:00
Max Schaefer
ce24215dd5 JavaScript: Improve modelling of Module.prototype._compile sink. 2021-07-12 15:32:21 +01:00
Max Schaefer
70c82c83ac JavaScript: Make ModuleVarNode and ExportsVarNode more easily accessible. 2021-07-12 15:31:40 +01:00
Asger F
d8927e5612 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-07-12 14:23:58 +02:00
Erik Krogh Kristensen
d22ebadcf2 add support for many more case changing libraries 2021-07-12 14:09:34 +02:00
Erik Krogh Kristensen
a5d1325d3f add support for the change-case library 2021-07-12 13:37:06 +02:00
Erik Krogh Kristensen
bef7e61e76 add support for the fast-json-stringify library 2021-07-12 11:13:01 +02:00
Erik Krogh Kristensen
40aa970db3 add support for the strip-json-comments library 2021-07-12 11:08:50 +02:00
Erik Krogh Kristensen
23c3be6860 add support for the json-cycle library 2021-07-12 11:03:39 +02:00
Erik Krogh Kristensen
94cbc4b2c0 add step through the fclone library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
f99a33598f add support for the safe-stable-stringify library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
d6300bced3 add support for the replicator library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
babf657d9d add support for the teleport-javascript library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
9261b7f859 add support for the flatted library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
1792c9a611 add taint step through the prettyjson library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
0bfff1eb7e add support for the json5 library 2021-07-12 10:51:42 +02:00
Erik Krogh Kristensen
cb3bd4901b add taint step through the json2csv library 2021-07-12 10:51:42 +02:00
CodeQL CI
1d56748eed Merge pull request #6200 from yoff/pythonJS-make-expbtlib-private 
Approved by RasmusWL, esbena
 2021-07-02 09:09:18 -07:00
Asger Feldthaus
457ce14ca6 JS: Summarize steps into captured variables 2021-07-02 13:42:42 +02:00
Asger Feldthaus
093ff41170 JS: Update tests 2021-07-02 13:31:17 +02:00
Asger Feldthaus
ff49aaa684 JS: Do not capture own variables 2021-07-02 13:17:32 +02:00
Asger Feldthaus
8befb03cb9 JS: Add test case with spurious call/return flow 2021-07-02 13:17:32 +02:00
Rasmus Lerchedahl Petersen
6f2642607e Python: make the import of RedosUtil public 
This mirrors `SuperlinearBacktracking.qll`
An alternative is to keep it private and import it again
in the query files.
 2021-07-02 12:32:04 +02:00
Rasmus Lerchedahl Petersen
77c329fb0f Python/JS: Make much more private 2021-07-02 12:13:52 +02:00
Asger Feldthaus
c3b7d85341 JS: Update test output after rebasing 2021-07-02 11:57:45 +02:00
Asger Feldthaus
7249d2892a JS: Add comment to VueTemplateSink class 2021-07-02 11:55:56 +02:00
Asger Feldthaus
0105b829c4 JS: Update test output 2021-07-02 11:55:56 +02:00
Asger Feldthaus
6d9b96f6e8 JS: Dont use getALocalSource() when marking Vue template sinks 2021-07-02 11:55:56 +02:00
Asger Feldthaus
472b41f5e1 JS: Update React to handle string literals being SourceNodes 2021-07-02 11:55:56 +02:00
Asger Feldthaus
39c204ac39 JS: Treat string literals as source nodes 2021-07-02 11:55:56 +02:00
CodeQL CI
61ee193dc0 Merge pull request #6197 from asgerf/js/recompose 
Approved by esbena
 2021-07-02 00:58:06 -07:00
Esben Sparre Andreasen
0cf9c95981 Merge pull request #6193 from esbena/esbena/mootools-xss 
JS: add Mootools XSS sinks
 2021-07-02 09:24:56 +02:00