github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
57 853 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

8411 Коммитов

Автор SHA1 Сообщение Дата
yoff 7f2f6f14e7
Merge pull request #13729 from yoff/python/model-aws-lambdas 
Python/JavaScript: Shared module for serverless functions
 2023-08-16 15:14:08 +02:00
Erik Krogh Kristensen 6a3b9e10eb
Merge pull request #13914 from erik-krogh/escape-unicode 
ReDoS: escape unicode chars in the output for the ReDoS queries
 2023-08-15 11:21:21 +02:00
Henry Mercer 1213eba630
Merge branch 'main' into post-release-prep/codeql-cli-2.14.2 2023-08-11 13:54:55 +01:00
erik-krogh 5ffce86768
change the defaults in the qhelp for missing-rate-limit to something more reasonable 2023-08-10 13:40:17 +02:00
github-actions[bot] 432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
erik-krogh 0bce42410a
support arbitrary codepoints in NfaUtils.qll 2023-08-08 22:14:51 +02:00
erik-krogh 92db7b047c
escape unicode chars in the output for the ReDoS queries 2023-08-08 00:15:54 +02:00
github-actions[bot] 79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
Asger F 5950865b55
Merge pull request #13755 from github/max-schaefer/js-server-crash-help 
JavaScript: Improve qhelp for js/server-crash.
 2023-08-03 10:04:08 +02:00
Asger F c38cbe859d
Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Max Schaefer 5124310f14
Update javascript/ql/src/Security/CWE-730/ServerCrash.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2023-08-01 17:03:05 +01:00
Jeongsoo Lee 1d5eb4a960
Update javascript/ql/lib/change-notes/2023-07-28-mad-log-injection.md 
Co-authored-by: Asger F <asgerf@github.com>
 2023-07-31 15:38:35 -07:00
Jeongsoo Lee 4529d8b75a Add support for log injection in MaD 2023-07-28 22:37:56 +00:00
github-actions[bot] f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
github-actions[bot] c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
Max Schaefer 9432fec612 JavaScript: Improve qhelp for js/server-crash. 
The examples now use `fs.access` instead of the deprecated `fs.exists`. I have also rewritten the async/await example, since as of Node.js v15 the default behaviour for uncaught exceptions has changed to terminating the process instead of logging a warning, making the previous advice incorrect.
 2023-07-17 14:44:23 +01:00
Asger F d57276ca35
Merge pull request #13719 from asgerf/js/barrier-inout 
JS: Replace barrier edges with barrier nodes
 2023-07-13 16:36:52 +02:00
Asger F f3fab587a9 JS: Add Fuzzy token in identifying access path 2023-07-13 14:01:06 +02:00
Asger F 7c9e1ad6ec JS: Fix accidental recursion in Vue model 
The API graph entry point depended on API::Node.

This was due to depending on the the TComponent newtype which has a branch that depends on API::Node
 2023-07-13 13:41:21 +02:00
Max Schaefer b8eb2ef8d8
Merge branch 'main' into max-schaefer/improve-command-injection-qhelp 2023-07-13 12:11:15 +01:00
Max Schaefer ae237247f2
Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-07-13 12:10:57 +01:00
Rasmus Lerchedahl Petersen 02c41f3dcf JavaScript: Use shared library for serverless 2023-07-12 16:46:34 +02:00
Asger F c7abd4c2af JS: Remove the unused edge-sanitizer hook in UnvalidatedDynamicMethodCall 2023-07-12 09:26:37 +02:00
Asger F c8af28c2ca
Merge pull request #13700 from asgerf/js/path-join-spread 
JS: Recognize 'fs/promises' alias and handle spread arguments in path.join()
 2023-07-11 15:31:13 +02:00
Asger F 1a395c5b34 JS: Use sanitizerOut in PrototypePollutingAssignment 2023-07-11 15:24:10 +02:00
Asger F 03bdebe3b3 JS: Update a test. 
The test had a bug on the line `src = src` so the new code is "more equivalent than usual"
 2023-07-11 15:24:09 +02:00
Asger F b09ed4b0e3 JS: Update UnsafeJQueryPlugin 2023-07-11 15:01:33 +02:00
Asger F a1d8a05bcb JS: Update ResourceExhaustion 2023-07-11 14:56:53 +02:00
Asger F 58a557b18e JS: Update InsecureRandomness 2023-07-11 14:56:43 +02:00
Asger F e863e2376d JS: Use sanitizerIn in ExtenralAPIUsedWithUntrustedData 2023-07-11 14:50:29 +02:00
Asger F 094302a27b JS: Replace sanitizing prefix edge with node 2023-07-11 14:48:13 +02:00
Asger F 944a2ca825 JS: Replace ClearTextLogging::isSanitizerEdge with a node 2023-07-11 14:20:17 +02:00
Asger F 68584e549e JS: Replace isOptionallySanitizedEdge with a node 2023-07-11 12:57:33 +02:00
Asger F 3691b836cb JS: Add tests 2023-07-11 11:37:30 +02:00
Asger F 0841677b14 JS: Add isSanitizerX variants in TaintTracking 2023-07-11 11:14:37 +02:00
Asger F d53beb3784 JS: Embed check for in/out barriers in edge barrier check 2023-07-11 11:04:28 +02:00
Asger F 4964d811a5 JS: Add interface for isBarrier in/out 2023-07-11 11:04:28 +02:00
Max Schaefer 63c45a0da3 Add another example of when and how to use shell-quote. 2023-07-10 14:02:17 +01:00
Asger F 8234b8f175 JS: Change note 2023-07-10 13:19:44 +02:00
Asger F 27085b1fd0 JS: Fix whitespace 2023-07-10 12:07:13 +02:00
Asger F fe90146a16 JS: Add test for path.join with spread argument 2023-07-10 12:07:07 +02:00
Asger F 06bc0f6957 JS: Add test for fs/promises 2023-07-10 12:05:03 +02:00
github-actions[bot] 13cf054a9d Post-release preparation for codeql-cli-2.14.0 2023-07-07 14:55:41 +00:00
Asger F 965ca169e5 JS: Recognise fs/promises 2023-07-07 14:14:49 +02:00
Asger F d49359a95c JS: Add step through spread arg to path.join() 2023-07-07 14:10:50 +02:00
github-actions[bot] 6484ee106e Release preparation for version 2.14.0 2023-07-07 08:22:14 +00:00
Dave Bartolomeo 9631e9f2f1 Bump minor version numbers post-GHES 2023-07-06 10:10:01 -04:00
Dave Bartolomeo 2bb9adfbf1 Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10 2023-07-06 10:00:46 -04:00
Erik Krogh Kristensen b2a60bf3d1
Merge pull request #13642 from erik-krogh/san-script 
JS/RB: Fix FP in incomplete-multi-character-sanitization
 2023-07-06 15:38:39 +02:00
Max Schaefer 1d3e3440f2 Add example of manual sanitisation. 2023-07-06 12:54:30 +01:00