codeql

Граф коммитов

Автор	SHA1	Сообщение	Дата
Esben Sparre Andreasen	5a6e692807	add js/server-crash to the security suite	2021-01-21 08:43:13 +01:00
Asger Feldthaus	e42ca881a3	JS: Update security suite after move to CWE-915	2020-12-07 10:16:38 +00:00
Asger Feldthaus	972c4d61e5	JS: Add PrototypePollutingAssignment	2020-12-07 10:16:38 +00:00
Asger Feldthaus	e7a0bc6be6	JS: Lower precision of ambiguous HTML ID attribute	2020-08-27 15:51:34 +01:00
Asger F	552b7ad3ca	Merge pull request #3765 from asger-semmle/js-team-sprint-merge2 JS: Merge js-team-sprint	2020-06-23 12:58:27 +01:00
Asger Feldthaus	1efd71a681	JS: Sort security suite	2020-06-22 16:40:55 +01:00
Asger Feldthaus	8cc41a0c84	JS: Add new queries to security suite	2020-06-22 16:40:19 +01:00
Asger F	7d54b02fb9	Merge branch 'js-team-sprint' into js/delay-slow-query-merge	2020-06-22 16:34:49 +01:00
Asger Feldthaus	5cd2c7cdb2	JS: Reduce precision of js/unused-npm-dependency	2020-06-22 15:25:24 +01:00
Esben Sparre Andreasen	9a0bbb31f4	Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" This reverts commit `eca5e2df8a`, reversing changes made to `1548eca994`.	2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen	3be094ea5b	JS: polish js/incomplete-html-attribute-sanitization	2020-06-22 14:35:00 +02:00
Esben Sparre Andreasen	3f67e90374	JS: rename query, support timeouts, add documentation, add to suite	2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen	708fd3d73f	JS: add query to query suite	2020-04-24 09:17:46 +02:00
Max Schaefer	3c785ecaa7	JavaScript: Move flow summaries to `experimental`. Also update description and change note to call out their experimental character more clearly.	2020-03-09 12:57:20 +00:00
Esben Sparre Andreasen	fef918ac13	JS: add query "Unsafe jQuery plugin"	2020-01-31 19:33:04 +01:00
Asger F	654f145772	JS: Add PrototypePollutionUtility query	2020-01-14 10:52:59 +00:00
Max Schaefer	308da0774d	Merge pull request #2525 from asger-semmle/promise-missing-await JS: New query: missing await	2020-01-08 15:29:45 +00:00
Asger F	9928762769	JS: Add RegExpAlwaysMatches query	2020-01-06 13:48:02 +00:00
Asger F	45524d8b19	JS: Add to correctness-core suite	2019-12-12 16:05:05 +00:00
Max Schaefer	ab583b7994	JavaScript: Add query `IncompleteUrlSchemeCheck.ql`.	2019-11-13 10:27:18 +00:00
semmle-qlci	04f0c22f24	Merge pull request #2203 from erik-krogh/ignorePureFunction Approved by max-schaefer, mchammer01	2019-11-06 09:09:11 +00:00
Erik Krogh Kristensen	df3c70e57e	add js/ignore-array-result to correctness-core suite	2019-11-05 10:40:14 +01:00
Esben Sparre Andreasen	207692a7a1	add missing .ql extension to suite file name	2019-10-23 11:18:48 +02:00
semmle-qlci	1c79ec550e	Merge pull request #2092 from esben-semmle/js/brittle-system-reflection-command Approved by mchammer01, xiemaisi	2019-10-22 08:36:44 +01:00
semmle-qlci	0dcb189e67	Merge pull request #2162 from xiemaisi/js/remove-deprecated-queries Approved by esben-semmle	2019-10-22 07:15:58 +01:00
Esben Sparre Andreasen	5a983cb535	JS: add query js/shell-command-injection-from-environment	2019-10-21 23:31:55 +02:00
Max Schaefer	55fb86d618	JavaScript: Remove deprecated queries. These queries have all been deprecated since 1.17 (released in July 2018). I think it's time to say goodbye.	2019-10-21 14:42:02 +01:00
Erik Krogh Kristensen	9eda120de4	implement a new query to detect unreachable overloaded methods in TypeScript	2019-10-21 13:34:42 +02:00
Esben Sparre Andreasen	e1d7434be4	JS: add query js/useless-regexp-character-escape	2019-10-16 00:15:54 +02:00
Erik Krogh Kristensen	c4f27ed4cc	rename TaintedLength to LoopBoundInjection	2019-09-13 11:12:01 +01:00
Erik Krogh Kristensen	dc891dc420	added js/loop-bound-injection to javascript security suite	2019-09-12 15:50:50 +01:00
Max Schaefer	500cde68c3	JavaScript: Add new query `UnusedIndexVariable`.	2019-09-11 11:36:50 +01:00
Esben Sparre Andreasen	bf4a324a86	JS: add query js/indirect-command-line-injection	2019-07-31 09:24:25 +02:00
Esben Sparre Andreasen	0fa73b8331	JS: add query js/regex/missing-regexp-anchor	2019-06-03 08:29:52 +02:00
Max Schaefer	74688bb600	Merge pull request #1341 from esben-semmle/js/sync-suites JS: Add queries to the manual suite for LGTM constistency	2019-05-31 08:18:08 +01:00
Esben Sparre Andreasen	189ac6c2bd	JS: add js/prototype-pollution to the security suite	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	c651e3a155	JS: Add queries to the manual suite for LGTM constistency	2019-05-20 12:32:11 +02:00
Max Schaefer	83e0f3bc8d	Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 JS: Captured Nodes, type inference + a query	2019-03-01 10:48:52 +00:00
Jason Reed	86bbb5fb18	JS: Add ZipSlip query to security suite	2019-02-28 15:46:34 -05:00
Esben Sparre Andreasen	91dccc3356	JS: add query js/unused-property	2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen	235625d03a	Merge branch 'master' into js/vue-support-1	2019-02-06 16:57:16 +01:00
Esben Sparre Andreasen	a78dd422b6	JS: add query `js/vue/arrow-method-on-vue-instance`	2019-02-06 09:38:00 +01:00
Max Schaefer	aeb8cc62b2	JavaScript: Reclassify `PostMessageStar` as CWE-201.	2019-01-31 08:08:52 +00:00
Max Schaefer	769e407c24	JavaScript: Add new query `PostMessageStar`.	2019-01-30 10:26:43 +00:00
Max Schaefer	94242b3b94	JavaScript: Exclude step summary query from `flow-summaries` suite. In its current form, this query produces way too many results.	2019-01-09 09:09:58 +00:00
Max Schaefer	f4fed3657d	JavaScript: Add flow summary extraction queries.	2019-01-09 09:09:58 +00:00
Max Schaefer	b4f400fb23	Merge remote-tracking branch 'upstream/next' into qlucie/master	2019-01-04 10:35:57 +00:00
semmle-qlci	8174fb51ae	Merge pull request #705 from asger-semmle/loop-index-concurrent-modification Approved by mc-semmle, xiemaisi	2019-01-03 17:06:12 +00:00
Asger F	bc59e65222	JS: update suite file	2019-01-02 11:42:47 +00:00
Asger F	d595f20cb1	JS: add to correctness-more suite	2018-12-17 15:29:10 +00:00

1 2

76 Коммитов