github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
25 607 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

126 Коммитов

Автор SHA1 Сообщение Дата
Erik Krogh Kristensen 211ef61039 add change note 2020-08-12 09:29:34 +02:00
Max Schaefer 91762ec274 JavaScript: Add partial model for `opener`. 
3.5M weekly downloads.

Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
 2020-07-27 11:42:32 +01:00
Max Schaefer 9aa26fa4bc JavaScript: Add model for `foreground-child`. 
>1M weekly downloads, so seems worth doing.
 2020-07-27 11:37:06 +01:00
Max Schaefer 2f842042ea JavaScript: Model another `execa` function relevant for command injection. 2020-07-27 11:34:04 +01:00
semmle-qlci bfb734e1d7
Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3 
Approved by erik-krogh
 2020-07-02 08:30:45 +01:00
semmle-qlci 45ef3ec4a8
Merge pull request #3619 from erik-krogh/CWE022-Correctness 
Approved by asgerf
 2020-07-01 20:07:58 +01:00
semmle-qlci c850938af0
Merge pull request #3833 from asger-semmle/js/vue-class-component 
Approved by erik-krogh
 2020-06-30 13:16:42 +01:00
Asger Feldthaus fcb365188b JS: Add change note 2020-06-29 09:59:17 +01:00
ubuntu bb06014f3d Add fancy-log 2020-06-28 22:02:02 +02:00
Asger Feldthaus 84d21074e5 JS: Support Vue class components 2020-06-27 21:24:46 +01:00
semmle-qlci 92cc59b47b
Merge pull request #3800 from esbena/js/npmlog 
Approved by erik-krogh
 2020-06-26 07:54:08 +01:00
semmle-qlci cf0cd00458
Merge pull request #3627 from asger-semmle/js/unneeded-defensive-return 
Approved by erik-krogh
 2020-06-25 15:28:57 +01:00
semmle-qlci c39dce4d66
Merge pull request #3781 from asger-semmle/js/deprecate-type-member-lookup 
Approved by erik-krogh
 2020-06-25 14:56:17 +01:00
Esben Sparre Andreasen 4bfce4b8a3 JS: model npmlog (and recognize the "verbose" log level) 2020-06-25 12:06:51 +02:00
Asger Feldthaus a109c1fc96 JS: Change note 2020-06-25 11:04:08 +01:00
Asger Feldthaus e2a300e811 JS: Add change note 2020-06-24 10:33:45 +01:00
Erik Krogh Kristensen 76ed03f75b
update change-note 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-24 09:30:43 +02:00
Erik Krogh Kristensen 79599b6cc0 add change-note 2020-06-23 15:57:55 +02:00
semmle-qlci 0d61443915
Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing 
Approved by erik-krogh
 2020-06-23 13:01:41 +01:00
Asger Feldthaus b4f75ef414 Merge branch 'master' into js-team-sprint-merge2 2020-06-23 00:18:09 +01:00
Asger F ca06f6dfb4
Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-23 00:16:02 +01:00
Asger F 7d54b02fb9
Merge branch 'js-team-sprint' into js/delay-slow-query-merge 2020-06-22 16:34:49 +01:00
Esben Sparre Andreasen d4ad9a8bb2
Update change-notes/1.25/analysis-javascript.md 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-22 14:55:27 +02:00
Esben Sparre Andreasen 9a0bbb31f4 Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" 
This reverts commit eca5e2df8a, reversing
changes made to 1548eca994.
 2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen 3be094ea5b JS: polish js/incomplete-html-attribute-sanitization 2020-06-22 14:35:00 +02:00
Asger Feldthaus 1edb2a1892 JS: Rephrase XSS queries that use exception/dom text as source 2020-06-22 10:44:46 +01:00
Esben Sparre Andreasen 0654823b97
Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen 3e898487e8
Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-22 11:23:40 +02:00
Asger F eca5e2df8a
Merge pull request #3702 from esbena/js/memory-exhaustion 
JS: add query js/memory-exhaustion
 2020-06-19 20:35:57 +01:00
Erik Krogh Kristensen 0f5ef2c02a
Merge branch 'js-team-sprint' into https-fix 2020-06-19 14:57:44 +02:00
Erik Krogh Kristensen e46bd709c4 add change note 2020-06-19 14:15:50 +02:00
Erik Krogh Kristensen a17d152ca4
Merge branch 'js-team-sprint' into priv-file-polish 2020-06-19 13:19:10 +02:00
Erik Krogh Kristensen 7d6dac479c
Merge branch 'js-team-sprint' into https-fix 2020-06-18 16:53:01 +02:00
Erik Krogh Kristensen dcf617b235
Merge branch 'js-team-sprint' into bad-random-polish 2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen 1556b62007 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-18 16:40:53 +02:00
Esben Sparre Andreasen 3f67e90374 JS: rename query, support timeouts, add documentation, add to suite 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen 44aa182d0d
Update change-notes/1.25/analysis-javascript.md 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-18 10:14:16 +02:00
Esben Sparre Andreasen 5e31f3a34e JS: polish js/disabling-certificate-validation 2020-06-18 09:07:08 +02:00
Erik Krogh Kristensen 7a1c161e9e Merge branch 'js-team-sprint' into https-fix 2020-06-17 21:04:44 +02:00
Erik Krogh Kristensen 218338b4f1 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-17 21:04:00 +02:00
Erik Krogh Kristensen 73f26956a6 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-17 21:03:09 +02:00
Erik Krogh Kristensen bdda587247 Merge branch 'js-team-sprint' into build-leaks 2020-06-17 19:51:30 +02:00
Erik Krogh Kristensen 6d6f29eb85
Merge pull request #3726 from erik-krogh/bad-code-polish 
JS: Bad code polish
 2020-06-17 19:45:37 +02:00
Erik Krogh Kristensen 7aa911b9f4 add reference to cwe-116 in change-note 2020-06-17 17:20:46 +02:00
Erik Krogh Kristensen 345283fe34 add change note 2020-06-17 10:48:27 +02:00
Erik Krogh Kristensen 02c825351c add change note for js/bad-code-sanitization 2020-06-16 16:25:30 +02:00
Erik Krogh Kristensen cb5b946546 add changenote for yargs 2020-06-16 14:37:53 +02:00
Erik Krogh Kristensen 696879653a add qhelp to js/biased-cryptographic-random 2020-06-16 11:10:09 +02:00
Asger Feldthaus 824054ba62 JS: Change note and updated help 2020-06-15 17:34:36 +01:00
Erik Krogh Kristensen 23223fc5fb change-note 2020-06-15 17:22:11 +02:00