github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
12 286 коммитов 1 538 Ветки 130 Теги 478 MiB
Граф коммитов

3403 Коммитов

Автор SHA1 Сообщение Дата
Esben Sparre Andreasen 9552352d6a JS: address qhelp feedback 2020-05-13 12:53:59 +02:00
Esben Sparre Andreasen 7cc3a5a242 JS: qhelp fixups 2020-05-06 14:46:34 +02:00
Esben Sparre Andreasen 69191577d6 JS: qhelp for js/unsafe-html-expansion 2020-05-06 14:03:27 +02:00
Esben Sparre Andreasen 344f0c36b0 JS: update expected output 2020-05-06 11:18:14 +02:00
Esben Sparre Andreasen 99e5db407f JS: address review comments 2020-05-05 14:04:05 +02:00
Esben Sparre Andreasen 304b013f88 JS: query and tests for unsafe HTML expansion 2020-05-05 10:32:16 +02:00
semmle-qlci c66ec3c981
Merge pull request #3380 from asger-semmle/js/cache-amd 
Approved by erik-krogh
 2020-05-02 20:18:22 +01:00
semmle-qlci 2b055de4d6
Merge pull request #3154 from erik-krogh/ImplicitConv 
Approved by asgerf
 2020-04-29 16:05:19 +01:00
Erik Krogh Kristensen 2ef13ef6e8 cousing -> sibling 2020-04-29 14:30:03 +02:00
Asger Feldthaus 9b014c36df JS: Avoid lots of unhelpful magic 2020-04-28 08:56:27 +01:00
Asger Feldthaus a8283593a9 JS: Make PropWrite not depend on SourceNode 2020-04-28 08:56:27 +01:00
Asger Feldthaus e3440c1410 JS: Cache AMD modules 2020-04-28 08:56:27 +01:00
Asger Feldthaus aa2a49d189 JS: Rewrite mayHaveStringValue to avoid misoptimization 2020-04-28 08:56:27 +01:00
Esben Sparre Andreasen 04b5a794f1
Merge pull request #3313 from esbena/js/typical-bad-sanitizer 
New query: Incomplete HTML attribute sanitization
 2020-04-27 14:31:13 +02:00
Esben Sparre Andreasen c0250894de
Apply suggestions from code review 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-27 12:37:39 +02:00
Esben Sparre Andreasen 0a8e371b0e
Update javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.qhelp 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-27 09:09:26 +02:00
semmle-qlci cbe417f5eb
Merge pull request #3336 from erik-krogh/MoarJQuery 
Approved by esbena
 2020-04-25 15:17:55 +01:00
Esben Sparre Andreasen 58b5bd5cfd JS: fixup documentation 2020-04-24 10:56:53 +02:00
semmle-qlci 28cfe548d5
Merge pull request #3325 from erik-krogh/MoreEventClasses 
Approved by asgerf
 2020-04-24 09:02:27 +01:00
semmle-qlci 671e7c6637
Merge pull request #3335 from asger-semmle/js/cached-chained-methods 
Approved by esbena
 2020-04-24 08:28:05 +01:00
Esben Sparre Andreasen 6d6ec89ba8 JS: add qhelp 2020-04-24 09:18:09 +02:00
Esben Sparre Andreasen 708fd3d73f JS: add query to query suite 2020-04-24 09:17:46 +02:00
Esben Sparre Andreasen 89613dbd23 JS: add query for incomplete HTML attribute sanitization 2020-04-24 09:17:46 +02:00
Jonas Jensen d98e956c2b
Merge pull request #3322 from felicitymay/merge-124-master 
Merge rc/1.24 into master
 2020-04-24 08:48:54 +02:00
Erik Krogh Kristensen 19c6092998 autoformat 2020-04-23 20:59:34 +02:00
Erik Krogh Kristensen ea1628ef54
fix typo in jQuery.qll 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 20:58:49 +02:00
Erik Krogh Kristensen a71567da54 autoformat 2020-04-23 18:58:33 +02:00
Erik Krogh Kristensen ee43db1b58 slightly expand the $().each model 2020-04-23 16:49:47 +02:00
Erik Krogh Kristensen 448ed150df allow the empty string to flow to a JQuery XSS sink 2020-04-23 16:45:37 +02:00
Erik Krogh Kristensen 96896fd7f5 second round of UnsafeJQueryPlugin reuse 2020-04-23 15:12:32 +02:00
Erik Krogh Kristensen ea569dba78
update doc for JQuery plugin predicate 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 15:03:39 +02:00
Asger Feldthaus cafdcfa4de JS: Preserve reflective calls in getAMethodCall 2020-04-23 13:57:14 +01:00
Erik Krogh Kristensen 1954a60b6e reuse existing predicate from UnsafeJqueryPlugin 2020-04-23 14:25:34 +02:00
Erik Krogh Kristensen 09b6727e6d refactor $.each model 2020-04-23 14:24:56 +02:00
Erik Krogh Kristensen ce106981b3 add tests 2020-04-23 14:24:33 +02:00
Erik Krogh Kristensen e7d8cd8e8c Merge remote-tracking branch 'upstream/master' into MoarJQuery 2020-04-23 14:10:53 +02:00
semmle-qlci 36b28386f8
Merge pull request #3332 from erik-krogh/JGrowl 
Approved by esbena
 2020-04-23 13:06:00 +01:00
Erik Krogh Kristensen 6897dda614 model that `this` in $().each(callback) is a DOM-node 2020-04-23 13:51:17 +02:00
Erik Krogh Kristensen 8de86967aa model that `this` in a jQuery plugin is a jQuery object 2020-04-23 13:48:54 +02:00
semmle-qlci 801ce89c67
Merge pull request #3099 from esbena/js/introduce-poi-utility 
Approved by erik-krogh
 2020-04-23 12:14:00 +01:00
Erik Krogh Kristensen d8c498bd15
add NOT OK comment 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 12:17:25 +02:00
Erik Krogh Kristensen e1423b0fa5 add test for jGrowl 2020-04-23 11:58:06 +02:00
Erik Krogh Kristensen 90652eeb25 add $.jGrowl as an XSS sink 2020-04-23 10:44:41 +02:00
semmle-qlci da3292606c
Merge pull request #3191 from erik-krogh/XssDom 
Approved by esbena, mchammer01
 2020-04-23 09:17:07 +01:00
Esben Sparre Andreasen a66b4b55fe
Update javascript/ql/src/experimental/poi/PoI.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-23 09:47:21 +02:00
Esben Sparre Andreasen 161c05dced
Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-23 08:41:54 +02:00
Erik Krogh Kristensen 6ada588dd1 add support for util.inherits 2020-04-22 22:55:12 +02:00
Erik Krogh Kristensen 957e4073b0 use getABoundCallbackParameter in SocketIO 2020-04-22 21:56:34 +02:00
Erik Krogh Kristensen 40822e10b4 add SocketIO test case 2020-04-22 21:55:20 +02:00
Felicity Chapman 89bf35cd43 Merge branch 'rc/1.24' into merge-124-master 
Conflicts:
	change-notes/1.24/analysis-javascript.md
    Resolved in favor of the rc/1.24 branch
 2020-04-22 19:01:47 +01:00