github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
12 937 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

3653 Коммитов

Автор SHA1 Сообщение Дата
semmle-qlci 8d41ce1630
Merge pull request #3480 from erik-krogh/moreSlip 
Approved by esbena
 2020-05-16 21:17:27 +01:00
Asger Feldthaus 897a3e39c9 JS: Autoformat 2020-05-16 09:37:16 +01:00
Asger Feldthaus 0171c9e10c JS: Autoformat 2020-05-16 09:25:18 +01:00
Asger Feldthaus d279845a43 JS: Minor fixes 2020-05-16 09:24:53 +01:00
Erik Krogh Kristensen e2cd7e6230 more precise taint-tracking for Promise.all 2020-05-15 22:02:41 +02:00
Asger Feldthaus 5249e84359 JS: Type track spanner model 2020-05-15 17:27:30 +01:00
Asger Feldthaus d225715828 JS: Type track mssql model 2020-05-15 17:27:30 +01:00
Asger Feldthaus 6dcee5a0ef JS: Type track sqlite model 2020-05-15 17:27:30 +01:00
Asger Feldthaus 84cd02cf01 JS: Type track pg model 2020-05-15 17:27:27 +01:00
Asger Feldthaus f7771f17d1 JS: Type track mysql model 2020-05-15 17:27:27 +01:00
Asger Feldthaus 3e9849b7c4 JS: Type track sequelize model 2020-05-15 17:27:24 +01:00
Esben Sparre Andreasen 1c5bffc095 JS: fix some FNs in the qhelp examples 2020-05-15 12:40:38 +02:00
Erik Krogh Kristensen 3138918f1d add test for promise inside Promise.all 2020-05-15 11:49:29 +02:00
Asger Feldthaus d84f1b47c2 JS: Refactor RequestInputAccess to use source nodes 2020-05-15 09:59:28 +01:00
Asger Feldthaus da974f1527 JS: Add test with dynamic access to req.query 2020-05-15 09:59:28 +01:00
Asger Feldthaus 659e2ff709 JS: Tweak evaluation of route handler params 2020-05-15 09:59:27 +01:00
Asger F b9995b784d Update javascript/ql/src/semmle/javascript/frameworks/ConnectExpressShared.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-15 09:59:27 +01:00
Asger Feldthaus a982cdc39c JS: Autoformat 2020-05-15 09:59:27 +01:00
Asger Feldthaus bfbe70a7a9 JS: Fixes 2020-05-15 09:59:27 +01:00
Asger Feldthaus 82d3a7eb23 JS: Go back to disjunction 😭 2020-05-15 09:59:27 +01:00
Asger Feldthaus c45d84f8f3 JS: Update getRouteHandlerParameter and router tracking 2020-05-15 09:59:27 +01:00
Asger Feldthaus 9cacfab7c6 JS: Recognize Express param value callback as RemoteFlowSource 2020-05-15 09:59:26 +01:00
Erik Krogh Kristensen 6d79bab7e4 rename Fs to FS 2020-05-15 10:54:08 +02:00
Erik Krogh Kristensen dd3342ba6f restrict the number of stored array elements 2020-05-15 10:01:27 +02:00
Erik Krogh Kristensen cb96ee8def
remove redundant instanceof check 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-15 09:58:18 +02:00
semmle-qlci a536069059
Merge pull request #3408 from esbena/js/unsafe-html-expansion 
Approved by asgerf, mchammer01
 2020-05-15 08:24:12 +01:00
Erik Krogh Kristensen 6775294ac1 update expected output 2020-05-14 22:26:44 +02:00
Erik Krogh Kristensen e7d1b12ac8 add test 2020-05-14 20:31:23 +02:00
Erik Krogh Kristensen 6d2bffef72 add fs.open/openSync as ZipSlip sinks 2020-05-14 20:31:13 +02:00
Erik Krogh Kristensen 2d675262b2 use the generalized fs module in more places 2020-05-14 20:31:00 +02:00
Erik Krogh Kristensen 5132e61ce7 add tests 2020-05-14 18:55:49 +02:00
Erik Krogh Kristensen e98f794dab implement precise data-flow steps for Promise.all 2020-05-14 18:55:44 +02:00
semmle-qlci c06680a496
Merge pull request #3470 from asger-semmle/js/cache-module-import 
Approved by esbena
 2020-05-14 17:20:04 +01:00
semmle-qlci 23532ae49a
Merge pull request #3467 from erik-krogh/tarSlip 
Approved by esbena
 2020-05-14 14:06:42 +01:00
semmle-qlci 57f44c5a81
Merge pull request #2886 from asger-semmle/js/call-graph-exploration 
Approved by erik-krogh, esbena
 2020-05-14 14:01:23 +01:00
semmle-qlci 384df88df1
Merge pull request #3359 from erik-krogh/MayHavePropName 
Approved by esbena
 2020-05-14 13:52:45 +01:00
Asger Feldthaus e491431f4e JS: Autoformat 2020-05-14 13:29:33 +01:00
Pavel Avgustinov 3cc13db3a0 NodeJSLib: Restore backwards-compatibility. 2020-05-14 12:51:09 +01:00
Asger Feldthaus 1cdb51741f JS: Dont use deprecated API in test case 2020-05-14 11:08:31 +01:00
Pavel Avgustinov ab2d059ed4 JavaScript: Model extra sinks in `vm` module 2020-05-14 10:01:40 +01:00
Erik Krogh Kristensen b12e21edcc add test for new zipslip sanitizer 2020-05-14 10:11:37 +02:00
Erik Krogh Kristensen 422ade16db
Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-14 10:05:59 +02:00
Erik Krogh Kristensen 4175d36269 add test case 2020-05-14 09:46:54 +02:00
Erik Krogh Kristensen b727fa81a0 add a path sanitizer to zipslip 2020-05-14 09:46:50 +02:00
Erik Krogh Kristensen 71e7083dcb add "linkname" as a file-name-property for zip-slip 2020-05-14 09:06:23 +02:00
Erik Krogh Kristensen a19718a10f add fs.link and fs.linkSync as writing file system calls 2020-05-14 09:00:50 +02:00
Asger Feldthaus 2ef7719b06 JS: PathExprInModule deprecation notice 2020-05-13 16:35:24 +01:00
Asger Feldthaus 3846f534a8 JS: Factor out overridden part of PathExpr.getSearchRoot 2020-05-13 16:34:43 +01:00
Asger Feldthaus 5f510878f3 JS: Remove PathExprBase and PathExprInModule 2020-05-13 16:34:28 +01:00
Asger Feldthaus 2d88385ffb JS: Cache moduleImport 2020-05-13 15:07:13 +01:00
Esben Sparre Andreasen 9552352d6a JS: address qhelp feedback 2020-05-13 12:53:59 +02:00
Esben Sparre Andreasen 7305a873b1 JS: formatting 2020-05-13 11:28:48 +02:00
Esben Sparre Andreasen fedd32fc2b JS: address review comment 2020-05-13 09:57:02 +02:00
Esben Sparre Andreasen 91f43a7dae JS: address review comments 2020-05-13 09:52:01 +02:00
Esben Sparre Andreasen 7722d77c86 JS: add the NoSQL $where as a sink for js/code-injection 2020-05-13 08:30:22 +02:00
Esben Sparre Andreasen 20cf04442c JS: model marsdb and minimongo 2020-05-13 08:28:59 +02:00
jcreedcmu 3c233c762c
Merge pull request #3431 from jcreedcmu/jcreed/jump-to-def-langs 
Java, Javascript, Csharp: Add jump-to-definition queries
 2020-05-12 10:54:11 -04:00
semmle-qlci 6fb047aef6
Merge pull request #3451 from erik-krogh/fstreamWrite 
Approved by esbena
 2020-05-12 14:58:02 +01:00
semmle-qlci ee848328ab
Merge pull request #3442 from erik-krogh/SmallPerfs 
Approved by esbena
 2020-05-12 14:36:34 +01:00
Erik Krogh Kristensen d46148c045 add test case 2020-05-12 14:23:28 +02:00
Erik Krogh Kristensen 3707792cfd recognize reading/wrinting calls to fstream methods 2020-05-12 14:18:07 +02:00
Jonas Jensen 451ae7b762
Merge pull request #3444 from dbartol/codeql-c-analysis-team/68 
Rename `sanity` -> `consistency`
 2020-05-12 12:33:08 +02:00
Erik Krogh Kristensen bd768cbd7e autoformat 2020-05-12 12:28:02 +02:00
Erik Krogh Kristensen 2fbdeceae7 add getContainedNode constraint to charpred of IndirectInclusionTest, and refactor two getEnclosingExpr() 2020-05-12 10:19:06 +02:00
semmle-qlci 8ce9c9d57e
Merge pull request #3441 from erik-krogh/BabelDirectives 
Approved by esbena
 2020-05-12 08:57:20 +01:00
Jason Reed 66da91fe59 Java, Javascript, Csharp: Restrict definitions predicates 
Only expose definition-use relation itself, and getEncodedFile.
 2020-05-11 15:14:16 -04:00
Dave Bartolomeo 3987267f26 Rename `sanity` -> `consistency` 2020-05-11 13:46:26 -04:00
Dave Bartolomeo 06783938d3 JavaScript: Rename `sanity` -> `consistency` 2020-05-11 13:46:12 -04:00
Asger F 86a774d912
Merge pull request #3394 from monkey-junkie/master 
JS SSTI CWE-094
 2020-05-11 15:06:17 +01:00
Erik Krogh Kristensen 970ddcac7b autoformat 2020-05-11 15:38:45 +02:00
Erik Krogh Kristensen 3ce60733cc add test case 2020-05-11 13:11:24 +02:00
Erik Krogh Kristensen acb0f2e54f exclude "@babel/helpers - .." from js/unknown-directive 2020-05-11 12:42:18 +02:00
Erik Krogh Kristensen f8de69156e inline basicFlowStep into flowStep 2020-05-10 22:15:37 +02:00
Erik Krogh Kristensen 87167900d1 deduplicate - and slightly optimize IndirectInclusionTest 2020-05-10 22:15:37 +02:00
Erik Krogh Kristensen 6d05b40d23 eliminate recursion from GuardControlFlowNode::dominates 2020-05-10 22:15:34 +02:00
Jason Reed 48e4079c64 JS: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for javascript source archives.
 2020-05-07 12:44:36 -04:00
Erik Krogh Kristensen 945fe45b6f all split()[0] are safe for url-redirect 2020-05-07 10:55:17 +02:00
Erik Krogh Kristensen a3fb13882b Merge branch 'master' into SplitFPs 2020-05-07 10:51:11 +02:00
monkey-junkie 4594aa470d
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 18:18:06 +03:00
semmle-qlci b2f1008a00
Merge pull request #3420 from max-schaefer/js/fix-missing-triple-backtick 
Approved by asgerf
 2020-05-06 13:52:18 +01:00
Esben Sparre Andreasen 7cc3a5a242 JS: qhelp fixups 2020-05-06 14:46:34 +02:00
Esben Sparre Andreasen 69191577d6 JS: qhelp for js/unsafe-html-expansion 2020-05-06 14:03:27 +02:00
monkey-junkie 5ce9e0d0a2
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 14:32:55 +03:00
Asger F 5725814774
Merge pull request #3403 from asger-semmle/js/getcontainer 
JS: Move getContainer to single rootdef (+fixes)
 2020-05-06 12:06:44 +01:00
Max Schaefer 9335a6cb79 JavaScript: Fix missing triple backtick in qldoc comment. 2020-05-06 11:40:00 +01:00
monkey-junkie 122354a81a
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 12:54:50 +03:00
Esben Sparre Andreasen 344f0c36b0 JS: update expected output 2020-05-06 11:18:14 +02:00
monkey-junkie 3314dd0614
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-06 11:17:41 +03:00
semmle-qlci 9210660ea0
Merge pull request #3401 from erik-krogh/jsonLike 
Approved by esbena
 2020-05-06 08:00:44 +01:00
Asger F b2da4fe491 Update javascript/ql/src/semmle/javascript/internal/StmtContainers.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 07:59:04 +01:00
Asger Feldthaus 926e79d272 JS: Autoformat 2020-05-06 07:59:04 +01:00
Asger Feldthaus f51e846439 JS: Fix ClosureModule implementation 2020-05-06 07:59:04 +01:00
Asger Feldthaus 0f870a4992 JS: Use TCapturedVariableNode as starting point of callInputStep 2020-05-06 07:59:04 +01:00
Asger Feldthaus 4d6da19173 JS: Improve performance of getExceptionTarget 2020-05-06 07:59:04 +01:00
Asger Feldthaus 639f04386c JS: Avoid bad join ordering in ClosureModule 2020-05-06 07:59:04 +01:00
Asger Feldthaus e52e1b26c6 JS: Upgrade script 2020-05-06 07:59:04 +01:00
Asger Feldthaus 5f710bc881 JS: Move definition of getContainer() to a single rootdef 2020-05-06 07:59:04 +01:00
Erik Krogh Kristensen 52392f2a6d autoformat 2020-05-05 22:33:53 +02:00
monkey-junkie 560674b670
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:36:11 +03:00
monkey-junkie 758e85dd3e
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:34:57 +03:00
monkey-junkie a8019705b5
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:24 +03:00
monkey-junkie 0aaa8af3bd
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:10 +03:00
Esben Sparre Andreasen 99e5db407f JS: address review comments 2020-05-05 14:04:05 +02:00
Erik Krogh Kristensen bffb12725b add test and change-note to prototype-polution 2020-05-05 13:49:11 +02:00
Erik Krogh Kristensen 38db731e0b add change note and new test for js/incomplete-url-scheme-check 2020-05-05 13:38:27 +02:00
Erik Krogh Kristensen 3568439769 change getAnElementRead to getASubstringRead 2020-05-05 13:33:21 +02:00
Erik Krogh Kristensen 8711a8744c update expected output 2020-05-05 13:27:32 +02:00
Erik Krogh Kristensen fe02137d0b change naming of StringSplitCall methods 2020-05-05 13:27:14 +02:00
Erik Krogh Kristensen 4a26c293c1 fix number of arguments for String.prototype.split 2020-05-05 13:22:35 +02:00
Erik Krogh Kristensen f586639703
change getSplitAt to getSeparator 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-05 13:22:21 +02:00
monkey-junkie 056566ecc1
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:05:01 +03:00
monkey-junkie 3a4ea82ae2
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:02:46 +03:00
monkey-junkie 8310c96b97
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:59:06 +03:00
monkey-junkie 25df6e1664
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:49 +03:00
monkey-junkie 700a070a15
Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjection.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:40 +03:00
monkey-junkie d8fb552097
Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjectionSafe.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:28 +03:00
Esben Sparre Andreasen 304b013f88 JS: query and tests for unsafe HTML expansion 2020-05-05 10:32:16 +02:00
Geoffrey White a70f534458 Sync identical files. 2020-05-05 09:18:05 +01:00
Erik Krogh Kristensen 4b8b0cb379 update expected output 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen 7af19559d4 add test case for location.split("?")[0] for DomBasedXss 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen 4dcf944ccd use StringSplitCall in TaintedPath 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen 22ec12b130 use split("?")[0] sanitizer is both DomBasedXSS and ClientSideUrlRedirect 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen 89f45372d1 introduce StringSplitCall and use it 2020-05-05 09:13:15 +02:00
John Doe 337be9c2e0 ssti query and help updated 2020-05-05 03:58:29 +03:00
John Doe 09922e5bb4 Merge branch 'master' of github.com:monkey-junkie/codeql 2020-05-05 03:44:23 +03:00
John Doe 895aa622bf ssti updated 2020-05-05 03:37:43 +03:00
monkey-junkie cd18842aa5
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 02:15:58 +03:00
monkey-junkie a60660617f
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 02:15:00 +03:00
Erik Krogh Kristensen eb7e0d6a62 still flag single-expression files that contain a function 2020-05-04 18:37:26 +02:00
semmle-qlci a805a63443
Merge pull request #3357 from erik-krogh/YetAnotherPerformancePatch 
Approved by asgerf, esbena
 2020-05-04 10:05:34 +01:00
semmle-qlci a0800cecc4
Merge pull request #3386 from erik-krogh/lessJQueryChaining 
Approved by asgerf
 2020-05-04 09:16:17 +01:00
Erik Krogh Kristensen 659d40e08d add test to make sure sanitizer is not too broad 2020-05-04 09:49:14 +02:00
Erik Krogh Kristensen c56063f857 recognize more split("?") sanitizers 2020-05-04 09:48:50 +02:00
Erik Krogh Kristensen 291134be66 add failing test 2020-05-04 09:48:29 +02:00
Erik Krogh Kristensen cee986fa76 skip expressions that are alone in a file for js/useless-expression 2020-05-04 09:08:41 +02:00
John Doe 68b57502f9 JS SSTI CWE-094 2020-05-03 02:42:45 +03:00
semmle-qlci c66ec3c981
Merge pull request #3380 from asger-semmle/js/cache-amd 
Approved by erik-krogh
 2020-05-02 20:18:22 +01:00
Erik Krogh Kristensen efbd74a4a4 remove more spurious jQuery objects by using externs 2020-05-01 18:54:32 +02:00
Erik Krogh Kristensen 2a1095abcc autoformat, and apply naming suggestion 2020-05-01 18:35:34 +02:00
Erik Krogh Kristensen 87365357ba remove spurious jQuery objects 2020-05-01 15:19:54 +02:00
Erik Krogh Kristensen 16823143dd refactor getAPropertyUsedInLoadStore 2020-05-01 09:58:11 +02:00
Erik Krogh Kristensen 1a42c9fd80
make predicates private 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-01 09:42:09 +02:00
semmle-qlci 2b055de4d6
Merge pull request #3154 from erik-krogh/ImplicitConv 
Approved by asgerf
 2020-04-29 16:05:19 +01:00
Erik Krogh Kristensen 2ef13ef6e8 cousing -> sibling 2020-04-29 14:30:03 +02:00
Erik Krogh Kristensen 8af08756b9 split store-steps into backwards and forwards, and prune even more. 2020-04-29 09:16:22 +02:00
Erik Krogh Kristensen 7aa421fd8a prune clearly infeasible store steps 2020-04-29 09:15:32 +02:00
Erik Krogh Kristensen 8cf71e59ce prune infeasible load steps 2020-04-29 09:13:49 +02:00
Erik Krogh Kristensen 435b5cf42d refactor how exploratoryFlowStep is used 2020-04-29 09:11:26 +02:00
Asger Feldthaus 9b014c36df JS: Avoid lots of unhelpful magic 2020-04-28 08:56:27 +01:00
Asger Feldthaus a8283593a9 JS: Make PropWrite not depend on SourceNode 2020-04-28 08:56:27 +01:00