hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,886 Commits 1,671 Branches 157 Tags
codeql-cli-2.1.4-cloudbuild
Commit Graph

1638 Commits

Author SHA1 Message Date
Asger Feldthaus
78954489fb TS: Fix expected output 2020-02-24 11:40:28 +00:00
Asger Feldthaus
47673c6e21 TS: Disable export analysis for type-only exports 2020-02-24 11:40:27 +00:00
Asger Feldthaus
16c909b433 TS: Add test case for import type * as ns 2020-02-24 11:40:27 +00:00
Asger Feldthaus
260b243c28 TS: Add test case to DeclBeforeUse 2020-02-24 11:40:27 +00:00
Asger Feldthaus
8d58aad0f2 TS: Support type-only import/export 2020-02-24 11:40:27 +00:00
Asger Feldthaus
0351f0b775 TS: Add test and documentation for private fields 2020-02-24 11:40:27 +00:00
Asger Feldthaus
9b52acc62a TS: Handle export * as ns 2020-02-24 11:40:27 +00:00
semmle-qlci
94aa77748d Merge pull request #2810 from erik-krogh/CVE74 
Approved by asgerf
 2020-02-24 11:32:42 +00:00
Asger Feldthaus
f923b24bc5 JS: Fix test 2020-02-24 11:19:23 +00:00
Erik Krogh Kristensen
44db0f4e5d better printing of the options arg 2020-02-21 15:39:49 +01:00
Asger Feldthaus
d1df251b92 JS: Proto pollution: Add is-plain-object sanitizer 2020-02-21 14:38:33 +00:00
Erik Krogh Kristensen
90e5671d98 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE481 2020-02-21 15:25:07 +01:00
Asger Feldthaus
a673539c98 JS: Update expected output 2020-02-21 13:51:23 +00:00
Asger Feldthaus
b780bc4d59 JS: Also track into callbacks 2020-02-21 13:51:22 +00:00
Asger Feldthaus
e8e649102f JS: Also propagate out of returns 2020-02-21 13:51:22 +00:00
Asger Feldthaus
8c36b999cc JS: Track flow into calls to bound functions 2020-02-21 13:51:20 +00:00
semmle-qlci
ee5cf95f5b Merge pull request #2892 from asger-semmle/js/field-methods 
Approved by esbena
 2020-02-21 13:49:42 +00:00
Erik Krogh Kristensen
75410e5760 big refactor of UselessUseOfCal 2020-02-21 14:26:42 +01:00
Erik Krogh Kristensen
b1cbfce50b use SystemCommandExecution and a few small fixes 2020-02-20 14:17:37 +01:00
Erik Krogh Kristensen
03e295ef11 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74 2020-02-20 12:19:32 +01:00
semmle-qlci
f6af5da7f7 Merge pull request #2778 from erik-krogh/FalsySanitizer 
Approved by asgerf
 2020-02-20 11:17:03 +00:00
Erik Krogh Kristensen
63036aa444 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74 2020-02-20 12:09:06 +01:00
semmle-qlci
8b277f7226 Merge pull request #2868 from asger-semmle/js/missing-await-void 
Approved by max-schaefer
 2020-02-20 10:56:47 +00:00
Erik Krogh Kristensen
12c0291dde require that an options object has a known set of properties 2020-02-20 11:35:11 +01:00
Erik Krogh Kristensen
b5ef45e6c2 add isSync predicate to SystemCommandExecution 2020-02-20 11:30:23 +01:00
Erik Krogh Kristensen
a193cb110e support arrow functions in the callbacks 2020-02-20 11:13:39 +01:00
semmle-qlci
091c6c063c Merge pull request #2856 from esbena/js/fix-RegExp-getPredecessor-getSuccessor 
Approved by max-schaefer
 2020-02-20 09:50:52 +00:00
Erik Krogh Kristensen
56f3e431f9 update expected output 2020-02-20 10:28:53 +01:00
Asger Feldthaus
479770dc07 JS: Recognize class members in more cases 2020-02-19 17:04:41 +00:00
Erik Krogh Kristensen
bdab9ee12b change useless cat query to only flag instances that can be re-written to 2020-02-19 16:59:28 +01:00
Asger Feldthaus
77105f6572 JS: Do not flag void operands MissingAwait 2020-02-19 09:30:03 +00:00
Erik Krogh Kristensen
344060e139 accept IO redirections as OK 2020-02-19 10:12:24 +01:00
Max Schaefer
4346691cdc JavaScript: Distinguish {lo} and {lo,} in the regular expression parser. 2020-02-19 08:26:14 +00:00
Erik Krogh Kristensen
73a7d406a5 add query for useless use of cat 2020-02-18 19:18:45 +01:00
Erik Krogh Kristensen
e359e1a373 use a barrier directly instead of a barrier guard 2020-02-18 10:57:28 +01:00
Esben Sparre Andreasen
abe7aeef7c Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
Erik Krogh Kristensen
56e5bd50f6 update expected output 2020-02-17 14:55:08 +01:00
Erik Krogh Kristensen
2885d48ad0 changes based on review 2020-02-17 14:44:10 +01:00
Esben Sparre Andreasen
8a9587fc91 JS: fix RegExp::getSuccessor/getPredecessor for sequence end/starts 2020-02-17 13:40:53 +01:00
Erik Krogh Kristensen
d1a58f1d17 Merge remote-tracking branch 'upstream/master' into CVE74 2020-02-17 13:18:52 +01:00
Erik Krogh Kristensen
5375604109 calling pop or shift on a SplitPath returns a PosixPath 2020-02-17 13:15:46 +01:00
Esben Sparre Andreasen
c5ee436b16 JS: add RegExp::getSuccessor/getPredecessor tests 2020-02-17 13:06:55 +01:00
Erik Krogh Kristensen
46cbeb0bc6 add more steps to the SplitPath label 2020-02-17 12:58:27 +01:00
semmle-qlci
23ed2bcc64 Merge pull request #2782 from asger-semmle/js/export-as-ns 
Approved by erik-krogh, max-schaefer
 2020-02-17 11:22:58 +00:00
Erik Krogh Kristensen
a6d644bac0 add support for path.normalize(path.realtive(...)) 2020-02-14 13:10:35 +01:00
Erik Krogh Kristensen
94814fa721 fix typos in the test 2020-02-14 13:03:35 +01:00
Erik Krogh Kristensen
d765a33b8d add support for "../" prefixes in sanitizer 2020-02-14 12:36:54 +01:00
Max Schaefer
f181111886 JavaScript: Add model of http2 compatibility API. 
Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.
 2020-02-14 11:14:31 +00:00
Erik Krogh Kristensen
3a146514ce add sanitizer for relative ".." in js/path-injection 2020-02-14 10:51:48 +01:00
semmle-qlci
da566a4484 Merge pull request #2828 from erik-krogh/CVE24 
Approved by esbena
 2020-02-14 09:12:48 +00:00