hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,265 Commits 1,673 Branches 157 Tags
f7437422c190ccf2bcd4d960aa3ffc2cc73838bc
Commit Graph

5961 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
af0723c185 Merge pull request #5656 from asgerf/js/files-diagnostics 
JS: Add file diagnostics queries
 2021-04-29 11:53:11 +02:00
CodeQL CI
3240536d0e Merge pull request #5798 from erik-krogh/trackLoc 
Approved by esbena
 2021-04-29 00:45:21 -07:00
Erik Krogh Kristensen
dfd63e5d5a track window object to where .location is read 2021-04-28 18:52:00 +02:00
Erik Krogh Kristensen
d5450f1df6 use isWildcardLike in MetacharEscapeSanitizer 2021-04-28 11:46:50 +02:00
Erik Krogh Kristensen
d07c71c99d unlimited repetition of a wildcard is also a wildcard 2021-04-28 11:46:35 +02:00
Erik Krogh Kristensen
160fa148f1 move InfiniteRepetitionQuantifier to Regexp.qll 2021-04-28 11:39:28 +02:00
Erik Krogh Kristensen
e60628d463 add global replacements using inverted char classes as a sanitizer for DOM based XSS 2021-04-28 11:29:30 +02:00
CodeQL CI
2b9fb79b1d Merge pull request #5786 from erik-krogh/anser 
Approved by esbena
 2021-04-27 14:40:48 -07:00
Erik Krogh Kristensen
9178f4b1c5 add support for the anser library 2021-04-27 15:57:17 +02:00
Chris Smowton
78b9682a4e Fix dead links in JS externs too 2021-04-23 15:46:48 +01:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
CodeQL CI
635fb4c25a Merge pull request #5685 from erik-krogh/markdownIt 
Approved by asgerf
 2021-04-22 14:55:31 -07:00
CodeQL CI
bdb41423e2 Merge pull request #5748 from asgerf/js/rate-limiting-fixes 
Approved by erik-krogh
 2021-04-22 05:56:50 -07:00
Asger Feldthaus
fe8deeaf6b JS: Autoformat 2021-04-21 23:13:57 +01:00
Asger Feldthaus
e98bfe921e JS: QLDoc 2021-04-21 22:14:50 +01:00
Asger Feldthaus
bb7934b381 JS: Change note 2021-04-21 21:20:12 +01:00
Asger Feldthaus
c113cfd8b7 JS: Autoformat 2021-04-21 21:13:07 +01:00
Asger Feldthaus
2c9a6e7bef JS: Cache function-wrapping steps in type-tracking stage 2021-04-21 13:45:58 +01:00
Erik Krogh Kristensen
357e1c0802 Update javascript/ql/src/semmle/javascript/frameworks/Markdown.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-04-20 19:57:47 +02:00
Asger Feldthaus
43ca8ea5f7 JS: Fix perf issue in forwardsParameter 2021-04-20 15:15:12 +01:00
Erik Krogh Kristensen
62dfd1fa7d improve the markdown-it model 2021-04-20 15:23:03 +02:00
Erik Krogh Kristensen
19c5889775 use mayHaveBooleanValue 2021-04-20 14:39:54 +02:00
Erik Krogh Kristensen
13d915927b add change note 2021-04-20 14:39:54 +02:00
Erik Krogh Kristensen
7046f1a902 add taint-step for markdown-it when the HTML flag is set 2021-04-20 14:39:54 +02:00
Asger Feldthaus
f8d428cb2d JS: Use function-forwarding steps when tracking rate limiters 2021-04-20 13:00:42 +01:00
Asger Feldthaus
581f4ed757 JS: Generalize handling of route handler wrapper functions 2021-04-20 12:46:40 +01:00
Erik Krogh Kristensen
9e6f28e335 fix bad join order in Xss.qll 2021-04-19 13:17:49 +02:00
CodeQL CI
578ce1e512 Merge pull request #5683 from asgerf/js/typescript-template-literal-type-crash 
Approved by erik-krogh
 2021-04-15 05:11:11 -07:00
Asger Feldthaus
f8570bb293 JS: Update TRAP 2021-04-15 10:16:46 +01:00
Asger Feldthaus
cb736c8c82 JS: Change note 2021-04-15 09:37:57 +01:00
Asger Feldthaus
b4a2a9db25 JS: Fix extraction of non-substitution template literal types 2021-04-15 09:23:45 +01:00
Erik Krogh Kristensen
fd23e0bdda use more API nodes in XmlParsers, and recognize more results from parsing XML 2021-04-14 11:48:31 +02:00
CodeQL CI
f341d5010d Merge pull request #5662 from asgerf/js/simpler-json-api 
Approved by erik-krogh
 2021-04-13 04:37:56 -07:00
CodeQL CI
646639bc73 Merge pull request #5460 from erik-krogh/forgery-2 
Approved by asgerf
 2021-04-13 03:57:04 -07:00
Asger Feldthaus
e77117f902 JS: Autoformat 2021-04-13 10:29:14 +01:00
Asger Feldthaus
929d9da4b4 JS: Migrate to new JSON API 2021-04-13 10:29:13 +01:00
Asger Feldthaus
7c13163413 JS: Lift JSON accessors to JSONValue 2021-04-13 10:29:13 +01:00
CodeQL CI
310a2c8bb3 Merge pull request #5655 from erik-krogh/cert 
Approved by esbena
 2021-04-12 07:31:04 -07:00
Asger Feldthaus
d2fad180f8 JS: Add test 2021-04-12 15:07:45 +01:00
Asger Feldthaus
24de826133 JS: Add file diagnostics errors 2021-04-12 14:11:38 +01:00
Erik Krogh Kristensen
32737a17fb add change note 2021-04-12 15:09:13 +02:00
Erik Krogh Kristensen
172d6139e2 support all ClientRequests in js/disabling-certificate-validation 2021-04-12 15:06:10 +02:00
CodeQL CI
e8d835b422 Merge pull request #5638 from erik-krogh/smartInliner 
Approved by esbena
 2021-04-12 04:17:25 -07:00
Max Schaefer
cd57e61f65 Rename MkHasUnderlyingType to MkTypeUse. 2021-04-12 11:30:15 +02:00
Erik Krogh Kristensen
91d28fb8b0 cleanup in API-graphs 2021-04-12 11:30:15 +02:00
Erik Krogh Kristensen
17c4bbbc4e allow parameters that end with "Command" in js/shell-command-constructed-from-input 2021-04-12 09:57:40 +02:00
CodeQL CI
6fd4a8afff Merge pull request #5567 from asgerf/js/sql-models 
Approved by esbena
 2021-04-09 07:11:10 -07:00
CodeQL CI
be2fe6e171 Merge pull request #5630 from erik-krogh/urlStep 
Approved by esbena
 2021-04-09 07:05:43 -07:00
CodeQL CI
8d2768b2ce Merge pull request #5634 from erik-krogh/fileSource 
Approved by asgerf
 2021-04-09 07:04:42 -07:00
Erik Krogh Kristensen
595bdedb22 rename predicate to getStem, and update regexp 2021-04-09 13:07:54 +02:00