hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,886 Commits 1,672 Branches 157 Tags
codeql-cli-2.1.4-cloudbuild
Commit Graph

3270 Commits

Author SHA1 Message Date
Asger Feldthaus
804aef507f TS: Remove unneeded alias PackageLocationMap 2020-01-24 09:51:03 +00:00
Asger Feldthaus
542ce816dc TS: Simplify string equality check 2020-01-24 09:49:11 +00:00
Asger Feldthaus
fc04e06456 TS: Allow .js extensions in cross package imports 2020-01-24 09:48:43 +00:00
Asger Feldthaus
b98db62e82 JS: Recognize req.user a cookie access 2020-01-24 09:44:20 +00:00
Erik Krogh Kristensen
c0af3780c4 adjust the ReceiveNode docstrings 2020-01-24 10:06:28 +01:00
Erik Krogh Kristensen
2044b4bc82 changes based on review 2020-01-23 20:29:06 +01:00
Asger Feldthaus
852b90a6c9 TS: Be compatible with odasa/qltest 2020-01-23 16:13:53 +00:00
Asger Feldthaus
a68bb9ffd1 JS: Ignore calls and csrf/captcha access 2020-01-23 15:32:05 +00:00
Asger Feldthaus
b1ec3e1bf2 JS: Add test and dont check predecessors 2020-01-23 14:59:03 +00:00
Asger Feldthaus
406c6eb981 JS: Sharpen missing CSRF middleware query 2020-01-23 14:22:49 +00:00
Asger Feldthaus
dc30dcf1f8 TS: Only require SCRATCH_DIR when installing dependencies 2020-01-23 12:39:19 +00:00
Asger Feldthaus
7e8fb1428e TS: Support tsconfig.json extending from ./node_modules 2020-01-22 15:03:03 +00:00
Erik Krogh Kristensen
b526a2ea0f implement a model of WebSocket and ws based on the EventEmitter model 2020-01-22 14:46:53 +01:00
semmle-qlci
007b0795ec Merge pull request #2636 from erik-krogh/NewSocketIO 
Approved by esbena
 2020-01-22 13:46:11 +00:00
Asger Feldthaus
5719b44fa5 TS: Add some documentation 2020-01-22 11:47:02 +00:00
Asger Feldthaus
a220268ad8 TS: Install deps under scratch dir 2020-01-22 11:47:02 +00:00
Asger Feldthaus
303bac9710 TS: Guess main file location 2020-01-22 11:25:24 +00:00
Asger Feldthaus
21eecc4c9c JS: Make return type class for installDependencies() 2020-01-22 10:52:38 +00:00
Asger Feldthaus
71b540755d TS: Print TypeScript semantic errors in log 2020-01-22 10:52:37 +00:00
Asger Feldthaus
dde0f868b3 TS: Handle monorepos by rewriting package.json 2020-01-22 10:52:37 +00:00
Erik Krogh Kristensen
5063e3820d update expected output 2020-01-22 11:18:47 +01:00
Erik Krogh Kristensen
8370699344 add support for creating a promise with another resolved promise, e.g: Promise.resolve(otherPromise) 2020-01-21 20:11:27 +01:00
Erik Krogh Kristensen
8679132624 copy data from both callbacks in Promise data-flow 2020-01-21 18:00:06 +01:00
Erik Krogh Kristensen
86477a2249 changes based on review 2020-01-21 16:45:53 +01:00
Erik Krogh Kristensen
fe0b6a86d7 add data-flow steps for when Promise handlers return other promises 2020-01-21 16:15:18 +01:00
Erik Krogh Kristensen
d8b25ef5a2 add data-flow steps for resolved promises using pseudo-properties 2020-01-21 15:52:50 +01:00
Erik Krogh Kristensen
6648e2751f remove use of .getAlocalSource() i custom load/store test 2020-01-21 15:49:42 +01:00
Erik Krogh Kristensen
569ee8fc8d add support for subclasses of EventEmitter 2020-01-21 12:08:50 +01:00
Erik Krogh Kristensen
026092559c changes based on review 2020-01-20 15:53:58 +01:00
Erik Krogh Kristensen
6494649125 fix a number of FPs in js/exception-xss 2020-01-20 15:11:57 +01:00
Erik Krogh Kristensen
5c6134db99 a bit of self-review and an auto-format 2020-01-20 14:55:49 +01:00
Erik Krogh Kristensen
ad813ef86c add flowsTo to the use of isAdditionalLoadStep 2020-01-20 14:16:29 +01:00
Erik Krogh Kristensen
ffbd0f6632 update expected test output 2020-01-20 09:56:40 +01:00
Erik Krogh Kristensen
b3b132c66d Merge remote-tracking branch 'upstream/master' into ExceptionalPromise 2020-01-20 09:20:09 +01:00
Erik Krogh Kristensen
a25c5d7090 outlining a predicate to give hints about join ordering 2020-01-17 13:42:08 +01:00
Erik Krogh Kristensen
6ad62e32e0 copyPropertyStep works interprocedurally 2020-01-17 12:24:29 +01:00
Erik Krogh Kristensen
06e898f53b only use .getALocalSource in copyPropertyStep 2020-01-16 16:04:45 +01:00
Erik Krogh Kristensen
9998059d59 add pragma to fix performance (same issue as in #2512) 2020-01-16 14:16:04 +01:00
semmle-qlci
4efc418e2c Merge pull request #2617 from asger-semmle/prototype-pollution-utility 
Approved by esbena, mchammer01
 2020-01-16 13:02:07 +00:00
Erik Krogh Kristensen
4e880e2f96 implement SocketIO on top of the EventEmitter model 2020-01-16 11:02:36 +01:00
Asger F
7a1d068f1c Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.qhelp 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-01-16 09:47:18 +00:00
semmle-qlci
8128d23b6e Merge pull request #2505 from erik-krogh/EventEmitter 
Approved by esbena, max-schaefer
 2020-01-16 08:47:38 +00:00
Erik Krogh Kristensen
a76ab39a39 no longer need for .getALocalSource() in custom load/store 2020-01-15 16:00:57 +01:00
Erik Krogh Kristensen
e08fc08337 don't use pseudo-properties for resolved promise data-flow 2020-01-15 14:56:58 +01:00
Erik Krogh Kristensen
830100d2ed support interprocedural flow with custom load/store steps 2020-01-15 14:23:17 +01:00
Asger Feldthaus
6d9306366c JS: ignore useless-expr in first stmt in try block 2020-01-15 11:49:23 +00:00
Erik Krogh Kristensen
d09bce5cd7 custom load/store steps to implement promise flow 2020-01-14 21:37:55 +01:00
semmle-qlci
3c4749be88 Merge pull request #2624 from asger-semmle/js-duplicate-alert-strict-mode 
Approved by max-schaefer
 2020-01-14 11:59:45 +00:00
Asger Feldthaus
2245882441 JS: Add change note and fix cwe tags 2020-01-14 10:53:40 +00:00
Asger Feldthaus
d76859b7df JS: Address review comments 2020-01-14 10:53:00 +00:00