codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	fef918ac13	JS: add query "Unsafe jQuery plugin"	2020-01-31 19:33:04 +01:00
Asger F	654f145772	JS: Add PrototypePollutionUtility query	2020-01-14 10:52:59 +00:00
Max Schaefer	308da0774d	Merge pull request #2525 from asger-semmle/promise-missing-await JS: New query: missing await	2020-01-08 15:29:45 +00:00
Asger F	9928762769	JS: Add RegExpAlwaysMatches query	2020-01-06 13:48:02 +00:00
Asger F	45524d8b19	JS: Add to correctness-core suite	2019-12-12 16:05:05 +00:00
Max Schaefer	ab583b7994	JavaScript: Add query `IncompleteUrlSchemeCheck.ql`.	2019-11-13 10:27:18 +00:00
semmle-qlci	04f0c22f24	Merge pull request #2203 from erik-krogh/ignorePureFunction Approved by max-schaefer, mchammer01	2019-11-06 09:09:11 +00:00
Erik Krogh Kristensen	df3c70e57e	add js/ignore-array-result to correctness-core suite	2019-11-05 10:40:14 +01:00
Esben Sparre Andreasen	207692a7a1	add missing .ql extension to suite file name	2019-10-23 11:18:48 +02:00
semmle-qlci	1c79ec550e	Merge pull request #2092 from esben-semmle/js/brittle-system-reflection-command Approved by mchammer01, xiemaisi	2019-10-22 08:36:44 +01:00
semmle-qlci	0dcb189e67	Merge pull request #2162 from xiemaisi/js/remove-deprecated-queries Approved by esben-semmle	2019-10-22 07:15:58 +01:00
Esben Sparre Andreasen	5a983cb535	JS: add query js/shell-command-injection-from-environment	2019-10-21 23:31:55 +02:00
Max Schaefer	55fb86d618	JavaScript: Remove deprecated queries. These queries have all been deprecated since 1.17 (released in July 2018). I think it's time to say goodbye.	2019-10-21 14:42:02 +01:00
Erik Krogh Kristensen	9eda120de4	implement a new query to detect unreachable overloaded methods in TypeScript	2019-10-21 13:34:42 +02:00
Esben Sparre Andreasen	e1d7434be4	JS: add query js/useless-regexp-character-escape	2019-10-16 00:15:54 +02:00
Erik Krogh Kristensen	c4f27ed4cc	rename TaintedLength to LoopBoundInjection	2019-09-13 11:12:01 +01:00
Erik Krogh Kristensen	dc891dc420	added js/loop-bound-injection to javascript security suite	2019-09-12 15:50:50 +01:00
Max Schaefer	500cde68c3	JavaScript: Add new query `UnusedIndexVariable`.	2019-09-11 11:36:50 +01:00
Esben Sparre Andreasen	bf4a324a86	JS: add query js/indirect-command-line-injection	2019-07-31 09:24:25 +02:00
Esben Sparre Andreasen	0fa73b8331	JS: add query js/regex/missing-regexp-anchor	2019-06-03 08:29:52 +02:00
Max Schaefer	74688bb600	Merge pull request #1341 from esben-semmle/js/sync-suites JS: Add queries to the manual suite for LGTM constistency	2019-05-31 08:18:08 +01:00
Esben Sparre Andreasen	189ac6c2bd	JS: add js/prototype-pollution to the security suite	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	c651e3a155	JS: Add queries to the manual suite for LGTM constistency	2019-05-20 12:32:11 +02:00
Max Schaefer	83e0f3bc8d	Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 JS: Captured Nodes, type inference + a query	2019-03-01 10:48:52 +00:00
Jason Reed	86bbb5fb18	JS: Add ZipSlip query to security suite	2019-02-28 15:46:34 -05:00
Esben Sparre Andreasen	91dccc3356	JS: add query js/unused-property	2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen	235625d03a	Merge branch 'master' into js/vue-support-1	2019-02-06 16:57:16 +01:00
Esben Sparre Andreasen	a78dd422b6	JS: add query `js/vue/arrow-method-on-vue-instance`	2019-02-06 09:38:00 +01:00
Max Schaefer	aeb8cc62b2	JavaScript: Reclassify `PostMessageStar` as CWE-201.	2019-01-31 08:08:52 +00:00
Max Schaefer	769e407c24	JavaScript: Add new query `PostMessageStar`.	2019-01-30 10:26:43 +00:00
Max Schaefer	94242b3b94	JavaScript: Exclude step summary query from `flow-summaries` suite. In its current form, this query produces way too many results.	2019-01-09 09:09:58 +00:00
Max Schaefer	f4fed3657d	JavaScript: Add flow summary extraction queries.	2019-01-09 09:09:58 +00:00
Max Schaefer	b4f400fb23	Merge remote-tracking branch 'upstream/next' into qlucie/master	2019-01-04 10:35:57 +00:00
semmle-qlci	8174fb51ae	Merge pull request #705 from asger-semmle/loop-index-concurrent-modification Approved by mc-semmle, xiemaisi	2019-01-03 17:06:12 +00:00
Asger F	bc59e65222	JS: update suite file	2019-01-02 11:42:47 +00:00
Asger F	d595f20cb1	JS: add to correctness-more suite	2018-12-17 15:29:10 +00:00
Jonas Jensen	5ac5aa0c2a	Merge remote-tracking branch 'upstream/master' into mergeback-20181217	2018-12-17 13:42:45 +01:00
Aditya Sharad	f92456fcad	Merge master into next. Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`, resolved by accepting test output (combining changes).	2018-12-12 17:26:18 +00:00
Esben Sparre Andreasen	ab519d4abf	JS: rename query "Incomplete URL regular expression" -> "Incomplete regular expression for hostnames".	2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen	52ca696ff4	JS: add query js/incomplete-url-regexp	2018-12-10 22:20:29 +01:00
Esben Sparre Andreasen	229eea00dc	JS: add query js/incomplete-url-substring-sanitization	2018-12-06 15:53:20 +01:00
Asger F	0462eb4b50	JS: add IncorrectSuffixCheck query	2018-12-03 11:23:02 +00:00
Max Schaefer	52b8a6bb56	Merge branch 'master' into js/invalid-entity-transcoding	2018-11-30 16:49:20 +00:00
Max Schaefer	10166be535	JavaScript: Add new query `DoubleEscaping`.	2018-11-30 09:39:00 +00:00
Asger F	f85e30aa6c	Merge pull request #571 from xiemaisi/js/numeric-constant-interpreted-as-code JavaScript: Add new query `HardcodedDataInterpretedAsCode`.	2018-11-29 17:07:48 +00:00
Asger F	6d7ac885ec	JS: add to correctness-more suite	2018-11-29 11:22:14 +00:00
Max Schaefer	5f16406ad7	JavaScript: Add new query `HardcodedDataInterpretedAsCode`.	2018-11-29 09:52:31 +00:00
Max Schaefer	2889e07eb8	JavaScript: Add new query `UnvalidatedDynamicMethodCall`.	2018-11-28 08:16:31 +00:00
Asger F	4ae2493798	JS: rename query to Unsafe Dynamic Method Access	2018-11-21 12:34:18 +00:00
Asger F	a2e5003c09	JS: add to security suite	2018-11-20 15:57:18 +00:00

1 2

62 Commits