github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
12 937 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

3653 Коммитов

Автор SHA1 Сообщение Дата
Erik Krogh Kristensen 124c4cb15e Merge branch 'master' of github.com:github/codeql into OptionalSanitizer 2020-05-26 13:59:57 +02:00
Erik Krogh Kristensen e5afdc53be use HtmlSanitizerCall to recognize sanitizers 2020-05-26 13:34:49 +02:00
Erik Krogh Kristensen 3e3372be4b recognize DOMPurify.sanitize as a HTML sanitizer 2020-05-26 13:34:33 +02:00
Jonas Jensen 5deeda0337
Merge pull request #3387 from geoffw0/tostringperf 
C++: Eliminate recursion from toString().
 2020-05-26 13:24:43 +02:00
semmle-qlci be5b343a0c
Merge pull request #3564 from max-schaefer/js/reflective-argument-access 
Approved by asgerf
 2020-05-26 12:09:13 +01:00
semmle-qlci 4b0354c4bc
Merge pull request #3555 from max-schaefer/js/require-flow 
Approved by asgerf
 2020-05-26 10:54:21 +01:00
Max Schaefer 7ddf5ced23 JavaScript: Update expected output for unrelated tests. 2020-05-26 10:49:30 +01:00
semmle-qlci 4b56229ca0
Merge pull request #3527 from esbena/js/fastify 
Approved by asgerf
 2020-05-26 10:44:59 +01:00
semmle-qlci df205b617e
Merge pull request #3539 from asger-semmle/js/capture-level-flow 
Approved by erik-krogh
 2020-05-26 10:42:14 +01:00
Max Schaefer 9d3a9d71f1 JavaScript: Add basic support for reasoning about reflective parameter accesses. 
Currently, only `arguments[c]` for a constant value `c` is supported.

This allows us to detect the prototype-pollution vulnerabilities in (old versions of) `extend`, `jquery`, and `node.extend`.
 2020-05-26 09:59:29 +01:00
Max Schaefer a39e8b4802 JavaScript: Add test for `FlowSteps::argumentPassing` predicate. 2020-05-26 09:51:06 +01:00
Erik Krogh Kristensen 9254df1f78 sanitize optionally sanitized values 2020-05-26 00:09:11 +02:00
Erik Krogh Kristensen 8fac3a1403 add IsEmptyGuard to TaintTracking 2020-05-26 00:09:08 +02:00
Jonas Jensen 6fc9e1d84c C++/JavaScript: Improve CodeDuplication.qll QLDoc 
I took most of the docs from the corresponding predicates in
JavaScript's `CodeDuplication.qll`. Where JavaScript had a corresponding
predicate but didn't have QLDoc, I added new QLDoc to both.
 2020-05-25 18:59:48 +02:00
Max Schaefer 573fdaa424 JavaScript: Track `require` through local data flow. 2020-05-24 20:00:10 +01:00
semmle-qlci b9ecf1a304
Merge pull request #3447 from erik-krogh/LibCmdInjection 
Approved by asgerf, mchammer01
 2020-05-22 17:10:57 +01:00
Asger Feldthaus 75be3b7ecb JS: Add test case for missed captured flow 2020-05-21 16:14:13 +01:00
Erik Krogh Kristensen b297837969
Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-05-21 14:32:02 +02:00
Esben Sparre Andreasen b31f83a5af JS: fixup expected output 2020-05-21 13:47:16 +02:00
Esben Sparre Andreasen e588e59f9b JS: fixup 2020-05-21 13:42:28 +02:00
Esben Sparre Andreasen c400b45cd6 JS: make the Fastify model support `isUserControlledObject` 2020-05-21 13:42:28 +02:00
Esben Sparre Andreasen 894033df8a JS: de-boilerplate the fastify model: address expr/dataflow comments 2020-05-21 13:42:28 +02:00
Esben Sparre Andreasen 74fc33e2a8 JS: make the qldoc check happy 2020-05-21 13:42:27 +02:00
Esben Sparre Andreasen a76c70d2d7 JS: model fastify 2020-05-21 13:42:27 +02:00
semmle-qlci 8df7b7c42a
Merge pull request #3525 from erik-krogh/ZipTaint 
Approved by asgerf
 2020-05-20 16:45:02 +01:00
Erik Krogh Kristensen a23cde1354 autoformat 2020-05-20 15:36:46 +02:00
Erik Krogh Kristensen 5a3eec87c0 rename isTaintedPathStep to isPosixPathStep 2020-05-20 13:44:14 +02:00
Erik Krogh Kristensen 97c199e10d
update docstring 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-20 13:40:12 +02:00
semmle-qlci c15d22d9f8
Merge pull request #3516 from asger-semmle/js/typescript-3.9.2 
Approved by erik-krogh
 2020-05-20 11:31:57 +01:00
semmle-qlci 2bbc1c2af0
Merge pull request #3478 from erik-krogh/PromiseAll 
Approved by asgerf, esbena
 2020-05-20 11:03:05 +01:00
semmle-qlci 29b8a0db92
Merge pull request #3508 from asger-semmle/js/shared-data-flow-node 
Approved by esbena
 2020-05-20 10:58:09 +01:00
Erik Krogh Kristensen 33e0f25f3c use NodeJSLib::Path instead of DataFlow::moduleMember 2020-05-20 10:30:23 +02:00
Erik Krogh Kristensen 7c51dff0f7 share implementation between TaintedPath and ZipSlip 2020-05-20 10:10:04 +02:00
Erik Krogh Kristensen 5b569a4d6d add a sanitizer for chained replace-calls 2020-05-19 19:16:58 +02:00
Asger Feldthaus 9d006327df JS: Update qldoc for ValueNode 2020-05-19 15:57:07 +01:00
semmle-qlci 26dfca80f6
Merge pull request #3510 from max-schaefer/cull-boring-queries 
Approved by asgerf, esbena
 2020-05-19 15:41:53 +01:00
Asger Feldthaus b39e0ec091 JS: Update output due to whitelisting change 2020-05-19 15:30:36 +01:00
Max Schaefer a803120414 Lower precision for a number of queries. 
These queries are currently run by default, but don't have their results displayed.

Looking through results on LGTM.com, they are either false positives (e.g., `BitwiseSignCheck` which flags many perfectly harmless operations and `CompareIdenticalValues` which mostly flags NaN checks) or harmless results that developers are unlikely to care about (e.g., `EmptyArrayInit` or `MisspelledIdentifier`).

With this PR, the only queries that are still run but not displayed are security queries, where different considerations may apply.
 2020-05-19 13:43:17 +01:00
Erik Krogh Kristensen b71919299b
Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-19 14:03:03 +02:00
Asger F 875c3706e3
Update javascript/ql/src/semmle/javascript/CFG.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-19 12:08:51 +01:00
Asger Feldthaus 3f30564d93 JS: Autoformat 2020-05-19 12:05:32 +01:00
Asger Feldthaus 525b9871e0 JS: Update benign test output changes 2020-05-19 11:07:08 +01:00
Asger Feldthaus b5b93f33bc JS: Bump to TypeScript 3.9.2 2020-05-19 11:07:08 +01:00
Erik Krogh Kristensen 0275ea955b update expected output 2020-05-19 10:29:07 +02:00
Erik Krogh Kristensen a4450c36f6 autoformat 2020-05-19 10:26:36 +02:00
Erik Krogh Kristensen 5a5192b890 add testing for complex path sanitizer in ZipSlip 2020-05-19 10:17:15 +02:00
semmle-qlci 0c081a8e87
Merge pull request #3497 from esbena/js/yield-and-local-objects 
Approved by asgerf, erik-krogh
 2020-05-19 09:02:22 +01:00
semmle-qlci 0d762066f5
Merge pull request #3504 from erik-krogh/unique 
Approved by esbena
 2020-05-19 08:35:08 +01:00
Asger Feldthaus 91b9e95010 JS: Fix join ordering in analysis of add expressions 2020-05-18 22:45:59 +01:00
Asger Feldthaus 6a37e4b7a3 JS: Cache clobberedProp 2020-05-18 22:45:59 +01:00