hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

6335 Commits

Author SHA1 Message Date
Max Schaefer
cc8d68082e JavaScript: Show ZipSlip results by default. 2019-03-14 08:50:47 +00:00
Rebecca Valentine
64f731c8aa adds clarification in docs 2019-03-13 10:46:39 -07:00
Rebecca Valentine
688e7a9730 improves docs 2019-03-13 10:10:57 -07:00
Rebecca Valentine
7ef33de9d2 add tests to ignore generators and async functions per PR change request in description 
https://github.com/Semmle/ql/pull/1078#discussion_r265010018
 2019-03-13 10:04:23 -07:00
Max Schaefer
e2cb8c5ceb JavaScript: Fix example in TypeBackTracker qldoc. 2019-03-13 15:20:41 +00:00
Max Schaefer
8f6cb1cdb9 JavaScript: Add models for many more base64 packages. 
No tests; there are too many of these.
 2019-03-13 12:27:23 +00:00
Max Schaefer
f76efcb558 JavaScript: Fix modelling of Buffer base64 encoders and decoders. 2019-03-13 12:27:23 +00:00
Robert Brignull
5380e1df68 Merge remote-tracking branch 'upstream/rc/1.20' into merge/rc/1.20 2019-03-13 10:55:30 +00:00
Esben Sparre Andreasen
3e8e2ca890 JavaScript: Accept review suggestion. 
Co-Authored-By: xiemaisi <max@semmle.com>
 2019-03-13 08:47:17 +00:00
Max Schaefer
2dccd39bb7 JavaScript: Fix two comments. 2019-03-13 08:20:58 +00:00
Max Schaefer
28d8011bcf JavaScript: Add models for popular base64 transcoders. 2019-03-13 08:20:58 +00:00
semmle-qlci
6baf52614e Merge pull request #1074 from xiemaisi/js/socket.io-comm 
Approved by esben-semmle
 2019-03-13 07:38:12 +00:00
Rebecca Valentine
64e64c16a8 resolves PR change req mentioned in description 
https://github.com/Semmle/ql/pull/1078#discussion_r264557257
 2019-03-12 11:29:43 -07:00
Rebecca Valentine
9a7f9aa808 resolves PR change req mentioned in description 
2affd2bef6 (r264557539)
 2019-03-12 11:23:46 -07:00
Max Schaefer
f540dcb486 JavaScript: Address review comments. 2019-03-12 16:56:10 +00:00
semmle-qlci
4de297c964 Merge pull request #1072 from asger-semmle/prop-write-static-accessor 
Approved by esben-semmle
 2019-03-12 16:51:54 +00:00
Rebecca Valentine
ea55c1a589 adds getAnUndefinedReturn 2019-03-11 12:41:59 -07:00
Asger F
f632379c44 JS: whitelist accessors in DeadStoreOfProperty 2019-03-11 16:38:08 +00:00
Max Schaefer
77e59f1a47 JavaScript: Be more lenient about namespace matching. 2019-03-11 12:42:51 +00:00
Max Schaefer
41d83d5b7d JavaScript: Introduce additional flow steps between sockets. 2019-03-11 12:42:51 +00:00
Max Schaefer
36c9af977b JavaScript: Connect up client and server sockets. 2019-03-11 12:42:51 +00:00
Max Schaefer
dc614ebefe JavaScript: Introduce indices for sent/received items. 2019-03-11 12:42:51 +00:00
Max Schaefer
b47b26ca61 JavaScript: Add basic model of client-side socket.io API. 2019-03-11 12:42:34 +00:00
Max Schaefer
363c11e89d JavaScript: Improve handling of acknowledgment callbacks. 2019-03-11 12:41:19 +00:00
Max Schaefer
37bc36d92e JavaScript: Factor out handling of EventEmitter API. 2019-03-11 12:41:19 +00:00
Max Schaefer
f92f9594ea JavaScript: Add a convenience predicate to get the last parameter of a function. 2019-03-11 12:41:19 +00:00
Max Schaefer
eb07754eee JavaScript: Introduce representation of socket.io servers and namespaces. 2019-03-11 12:41:19 +00:00
Jonas Jensen
a90e4a7bdf Merge pull request #1066 from xiemaisi/fix-qhelp-backticks 
Fix qhelp backticks
 2019-03-08 19:06:48 +01:00
Max Schaefer
c74db8bbbc JavaScript: Fix erroneous backticks in query help. 2019-03-08 15:28:03 +00:00
semmle-qlci
9dccd9f62c Merge pull request #1050 from asger-semmle/prototype-instance-methods 
Approved by xiemaisi
 2019-03-07 16:10:29 +00:00
Max Schaefer
b85f44643a Merge pull request #1049 from asger-semmle/js-type-tracking 
JS: Add TypeTracking library
 2019-03-07 16:09:19 +00:00
Asger F
56977b80a0 JS: update comment 2019-03-07 11:35:41 +00:00
Asger F
f21871d275 JS: relax instantiation requirement for .prototype field 2019-03-06 14:31:37 +00:00
Max Schaefer
48c0949705 Merge pull request #1036 from asger-semmle/hide-implicit-ssa-defs 
JS: Omit uninteresting nodes from path explanations
 2019-03-06 13:30:11 +00:00
Asger F
732ddbcbbd JS: Mark API as experimental 2019-03-06 13:04:34 +00:00
Asger F
3422fa328d JS: Add test 2019-03-06 12:50:59 +00:00
Asger F
e6a1374218 JS: Make separate type for back-tracking types 2019-03-06 12:50:50 +00:00
Asger F
0b2c94684d JS: Add TypeTracker library 2019-03-06 11:52:28 +00:00
Jason Reed
0a91d919b0 JS: Allow path.basename sanitization in zipslip. 2019-03-06 09:46:41 +00:00
Asger F
ee7461380e JS: Omit uninteresting nodes from path explanations 2019-03-06 08:41:03 +00:00
semmle-qlci
9a2a328243 Merge pull request #1025 from xiemaisi/js/fix-exports-assign 
Approved by asger-semmle
 2019-03-04 21:25:56 +00:00
Max Schaefer
3cabc12be3 JavaScript: Teach InvalidExport to never flag module.exports = exports = ... and similar. 
This was previously flagged if `exports` wasn't used any further. While it's true that the assignment to `exports` is redundant in this case, the assignment is also flagged by DeadStorOfLocal, so there is no point in InvalidExport flagging it as well.
 2019-03-04 09:53:37 +00:00
semmle-qlci
4c3ecf0f76 Merge pull request #989 from asger-semmle/class-node-get-this-access 
Approved by xiemaisi
 2019-03-01 19:40:31 +00:00
Max Schaefer
83e0f3bc8d Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 
JS: Captured Nodes, type inference + a query
 2019-03-01 10:48:52 +00:00
semmle-qlci
6cafe222c4 Merge pull request #1013 from asger-semmle/closure-string-ops 
Approved by esben-semmle
 2019-03-01 10:31:27 +00:00
Max Schaefer
a6f3305edc Merge pull request #1006 from asger-semmle/express-end 
JS: Treat res.end() as alias for res.send() in Express
 2019-03-01 10:30:06 +00:00
Max Schaefer
8dcd8715b9 Merge pull request #889 from jcreedcmu/jcreed/tarslip 
JavaScript: Add new query for ZipSlip (CWE-022).
 2019-03-01 08:16:35 +00:00
Jason Reed
c1b218a5ff JS: Documentation fixes 2019-02-28 15:46:19 -05:00
Jason Reed
c5e57dacf8 JS: Actually use fileName in examples 2019-02-28 15:46:14 -05:00
Jason Reed
674d2790b4 JS: Address review comments 2019-02-28 15:46:07 -05:00