hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-12 22:14:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,504 Commits 1,681 Branches 158 Tags
ff0a9bfc4888179bcbaa3192c73cd04c0955c000
Commit Graph

2863 Commits

Author SHA1 Message Date
semmle-qlci
7a5aae7432 Merge pull request #3630 from erik-krogh/DevServer 
Approved by asgerf
 2020-06-22 12:59:13 +01:00
Erik Krogh Kristensen
8d1b080d78 limit size of getStringValue 2020-06-22 10:29:53 +02:00
Erik Krogh Kristensen
c860151e8d recognize instances of express from webpack-dev-server 2020-06-19 14:15:25 +02:00
Erik Krogh Kristensen
11cc97d286 add basic support for importing from neighbouring packages 2020-06-19 14:15:10 +02:00
Esben Sparre Andreasen
4126d5b59e Merge pull request #3646 from dellalibera/master 
[javascript] CodeQL query to detect missing origin validation in cross-origin communication via postMessage
 2020-06-19 11:43:57 +02:00
Esben Sparre Andreasen
baaa31665a Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 2020-06-19 09:05:13 +02:00
Alessio Della Libera
eba64dba7c Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:46 +02:00
Alessio Della Libera
c0271b1627 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:38 +02:00
Alessio Della Libera
ffc9a449ab Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:45 +02:00
Alessio Della Libera
e84339d5bf Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:36 +02:00
ubuntu
71a7ec593c Use StringOps to identify functions used for verifing the origin 2020-06-18 19:41:07 +02:00
ubuntu
c490cfdfa5 Create another branch 2020-06-17 19:51:14 +02:00
ubuntu
4ccfdef71d Add CodeQL query to detect Log Injection in JS code 2020-06-17 19:44:58 +02:00
Erik Krogh Kristensen
cd111fe350 Merge pull request #3721 from asger-semmle/js/non-linear-pattern-msg 
JS: Improve alert message in js/non-linear-pattern
 2020-06-17 13:10:56 +02:00
ubuntu
22cb45beab Merge remote-tracking branch 'upstream/master' 2020-06-17 11:13:13 +02:00
ubuntu
3104f8a37b Remove Fields in PostMessageEvent 2020-06-16 18:30:00 +02:00
Alessio Della Libera
68b2a6c848 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:27:21 +02:00
Alessio Della Libera
8843522d14 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:26:42 +02:00
Alessio Della Libera
72dc6510b2 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:22:55 +02:00
semmle-qlci
07bff646d8 Merge pull request #3641 from asger-semmle/js/pre-call-graph-steps 
Approved by erik-krogh
 2020-06-16 13:41:55 +01:00
Asger Feldthaus
23d28967a7 JS: Autoformat 2020-06-15 20:40:17 +01:00
Asger Feldthaus
824054ba62 JS: Change note and updated help 2020-06-15 17:34:36 +01:00
Asger Feldthaus
7091a9f704 JS: Special-case alert message for type annotations 2020-06-15 17:17:47 +01:00
Asger Feldthaus
c8ab69af11 JS: Avoid duplicate alerts 2020-06-15 16:57:54 +01:00
semmle-qlci
3728e1afd3 Merge pull request #3715 from asger-semmle/js/returned-functions 
Approved by erik-krogh, esbena
 2020-06-15 15:32:54 +01:00
semmle-qlci
57c8dd85a4 Merge pull request #2801 from esbena/js/bulky-route-handler-registration 
Approved by asgerf
 2020-06-15 13:06:22 +01:00
Asger Feldthaus
4b3faabcc8 JS: Autoformat 2020-06-15 11:16:55 +01:00
Asger Feldthaus
c7f74e47e2 JS: Autoformat 2020-06-15 09:51:42 +01:00
Asger Feldthaus
4c536dde20 JS: Propagate locally returned functions out of calls 2020-06-12 10:07:37 +01:00
Jonas Jensen
abd05bcff1 Merge pull request #3596 from robertbrignull/more-suites 
Add more code-scanning suites
 2020-06-12 09:08:20 +02:00
ubuntu
e8b05b70c4 Added support for detecting unsafe methods used for origin verification 2020-06-10 23:11:03 +02:00
ubuntu
cf3142e083 Updated qhelp with a third example 2020-06-10 23:09:35 +02:00
ubuntu
92f9f320f9 Added new example of an unsafe event.origin verification 2020-06-10 23:07:05 +02:00
semmle-qlci
b841cacb83 Merge pull request #3676 from max-schaefer/js/global-access-paths-minor-fixes 
Approved by erik-krogh
 2020-06-10 20:02:55 +01:00
Max Schaefer
0f2186c844 JavaScript: Fix a few typos. 2020-06-10 16:44:24 +01:00
ubuntu
ab65ec40c0 Add Codeql to detect missing 'Message.origin' validation when using postMessage API 2020-06-08 20:18:34 +02:00
Asger Feldthaus
2d9b9fa584 JS: Use PreCallGraphStep in select array steps 2020-06-08 13:45:28 +01:00
Asger Feldthaus
3d2bbbd3db JS: Add PreCallGraphStep extension point 2020-06-08 13:45:28 +01:00
Asger Feldthaus
1f2ab605bd JS: Add store/load steps to AdditionalTypeTrackingStep 2020-06-08 13:45:28 +01:00
semmle-qlci
ff6936caa7 Merge pull request #3625 from erik-krogh/CVE714 
Approved by asgerf
 2020-06-05 12:21:10 +01:00
semmle-qlci
69a1e11c06 Merge pull request #3609 from erik-krogh/CredFN 
Approved by asgerf, esbena
 2020-06-05 10:49:01 +01:00
Erik Krogh Kristensen
82cf53897f TypeOfCheck -> TypeOfUndefinedSanitizer 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-05 11:35:39 +02:00
Erik Krogh Kristensen
05d7be8e23 autoformat 2020-06-05 09:59:45 +02:00
Erik Krogh Kristensen
96ca4cf7eb add missing quote 2020-06-04 19:45:24 +00:00
Erik Krogh Kristensen
815671f5d0 add sanitizer guard for typeof undefined 2020-06-04 21:32:26 +02:00
Esben Sparre Andreasen
f618d430e7 JS: simplify HTTP::ContainerCollection, and improve expressivity(!) 2020-06-04 14:34:52 +02:00
semmle-qlci
70131e6ac8 Merge pull request #3598 from asger-semmle/js/regexp-test 
Approved by esbena
 2020-06-04 09:05:21 +01:00
Erik Krogh Kristensen
7c26efbc12 case insensitive authorization header 2020-06-03 15:23:51 +02:00
Erik Krogh Kristensen
b508ad41c8 don't have a separate fetch module 2020-06-03 15:20:06 +02:00
Erik Krogh Kristensen
46cd0143d8 Update javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-03 15:18:10 +02:00