codeql

Граф коммитов

Автор	SHA1	Сообщение	Дата
Tony Torralba	8f6d2ed2f9	Adjust ZipSlip query description according to review suggestions.	2023-06-19 10:27:41 +02:00
Tony Torralba	3c4d938cf1	Apply code review suggestions. Co-authored-by: Asger F <asgerf@github.com>	2023-06-19 10:20:19 +02:00
Tony Torralba	433fc680ec	Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2023-06-19 10:17:40 +02:00
Tony Torralba	c97868f774	Add change notes	2023-06-16 09:01:02 +02:00
Tony Torralba	3e96fe60c5	Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous	2023-06-16 08:52:44 +02:00
Asger F	318a60b208	Merge pull request #13456 from asgerf/js/vuex-perf JS: Restrict length of state path in vuex model	2023-06-14 19:50:06 +02:00
Asger F	22b98c8959	JS: Restrict length of state path in vuex model	2023-06-14 15:48:58 +02:00
Asger F	f737054216	Merge pull request #13380 from asgerf/js/fix-sink-kind JS: Fix invalid source kind in test	2023-06-14 12:56:58 +02:00
Asger F	5aea6fc16c	JS: Remove dataExtensions clause from test qlpack	2023-06-14 10:42:31 +02:00
Asger F	21831516f4	JS: use test-local data extensions	2023-06-14 10:38:33 +02:00
erik-krogh	3fd9f26b52	use consistent indentation in mongoose.js	2023-06-12 16:40:42 +02:00
erik-krogh	cd6f738f72	add mongoose.Types.ObjectId.isValid as a sanitizer-guard for NoSQL injection	2023-06-12 16:38:11 +02:00
Asger F	76a8e9827e	Merge pull request #13283 from asgerf/js/restrict-regex-search-function JS: Be more conservative about flagging "search" call arguments as regex	2023-06-08 10:50:51 +02:00
Erik Krogh Kristensen	6ba7f9a238	Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp delete old deprecations	2023-06-07 13:00:57 +02:00
Asger F	17f9239c33	JS: Fix invalid source kind in test	2023-06-06 13:40:06 +02:00
Erik Krogh Kristensen	0e6693bdea	Merge pull request #12874 from erik-krogh/ts51 JS: Add support for TS 5.1	2023-06-06 11:51:51 +02:00
Erik Krogh Kristensen	b78cd48954	Merge pull request #13329 from erik-krogh/sqlhelp JS: improve the sql-injection help page	2023-06-06 08:44:44 +02:00
erik-krogh	3cb2ec4e87	fix nits from doc review	2023-06-05 19:06:07 +02:00
Erik Krogh Kristensen	219ec9d05d	Merge pull request #13127 from erik-krogh/polReDoS ReDoS: revert new superlinear algorithm.	2023-06-02 16:10:24 +02:00
erik-krogh	ac9ede4ec0	add change-notes	2023-06-02 11:58:11 +02:00
erik-krogh	f61b781386	JS: delete effectively empty file	2023-06-02 11:58:09 +02:00
erik-krogh	3584e85fe8	JS: fix tutorial	2023-06-02 11:58:08 +02:00
erik-krogh	9000243828	JS: fix compilation	2023-06-02 11:58:08 +02:00
erik-krogh	44b6366586	delete old deprecations	2023-06-02 11:58:08 +02:00
Asger F	77d2799278	Update javascript/ql/lib/semmle/javascript/Regexp.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-06-02 10:33:44 +02:00
erik-krogh	1b44b59842	add stress test	2023-06-01 23:20:23 +02:00
erik-krogh	8eed1a95f6	stop recursive fromRhs related to getLaterBaseAccess	2023-06-01 23:16:52 +02:00
erik-krogh	97afa5733b	add support for namespaced JSX attributes	2023-06-01 21:52:14 +02:00
erik-krogh	f4b68fb8c3	bump TypeScript to stable version	2023-06-01 21:51:43 +02:00
Jami	3886ebffa9	Merge branch 'main' into jcogs33/update-javascript-sink-kinds	2023-06-01 14:09:10 -04:00
erik-krogh	9aeba4f31e	changes based on review	2023-06-01 17:24:44 +02:00
Erik Krogh Kristensen	96a720cfa0	Merge pull request #13285 from erik-krogh/redoshelp ReDoS: fix whitespace in the samples in ReDoS.qhelp	2023-06-01 15:53:58 +02:00
Asger F	baef99995d	JS: Change note	2023-06-01 14:10:11 +02:00
erik-krogh	1e08105863	less duplicated headers in the sql-injection samples	2023-05-31 18:04:34 +02:00
erik-krogh	98820780af	show how to use mysql.escape in the sql-injection qhelp	2023-05-31 18:04:34 +02:00
erik-krogh	7d801e05ee	add an example of using dollar eq	2023-05-31 18:04:23 +02:00
erik-krogh	e24b45b423	elaborate on both SQL and NoSQL injection in the js/sql-injection qhelp	2023-05-31 09:57:38 +02:00
erik-krogh	b343dcaadd	put string/object in the alert-message for sql-injection	2023-05-31 08:06:04 +02:00
Arthur Baars	490d22d123	Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3	2023-05-30 21:31:28 +02:00
Asger F	c637b6f59a	JS: Update test for RegExpAlwaysMatches	2023-05-26 14:10:26 +02:00
Asger F	9df9ca2916	JS: Update test and expectations for MissingRegExpAnchor	2023-05-26 14:07:34 +02:00
Asger F	40daa9c906	JS: Update RegExpInjection test and expectations	2023-05-26 14:05:36 +02:00
Asger F	2629ec1b1d	JS: Be more conservative about flagging "search" call arguments as regex	2023-05-26 11:55:53 +02:00
erik-krogh	9f5bf8fb22	also fix the first code-block	2023-05-25 13:56:29 +02:00
erik-krogh	765076bcba	fix whitespace in the samples in ReDoS.qhelp	2023-05-25 13:28:39 +02:00
github-actions[bot]	d2e192020b	Post-release preparation for codeql-cli-2.13.3	2023-05-24 11:26:12 +00:00
Erik Krogh Kristensen	796e71f8be	Merge pull request #13176 from MaxSchlueter/fixquery12 Fix "Introducing the JavaScript libraries" query12.qll and add test case	2023-05-24 10:56:53 +02:00
Arthur Baars	e33f3a6668	Merge pull request #13154 from aibaars/sync-dbscheme-py JS/Ruby/QL/Python: sync dbscheme fragments	2023-05-23 19:14:29 +02:00
Max Schlueter	40aa9417d0	Fix query12 and add test case	2023-05-23 11:52:51 +02:00
erik-krogh	f7419c9250	add expected output	2023-05-23 09:56:06 +02:00

1 2 3 4 5 ...

9044 Коммитов