hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,886 Commits 1,672 Branches 157 Tags
codeql-cli-2.1.4-cloudbuild
Commit Graph

3270 Commits

Author SHA1 Message Date
Asger F
eb82b17f16 JS: QHelp and a bit of qldoc 2019-12-12 15:40:41 +00:00
Erik Krogh Kristensen
f35dc5d274 Merge remote-tracking branch 'upstream/master' into moarExceptions 2019-12-12 16:13:52 +01:00
Erik Krogh Kristensen
17358606cb change callback to rely on an behavior heuristic rather than a naming heuristic 2019-12-12 16:12:37 +01:00
Asger F
f398247d2f JS: Step through rephinements in getImmediatePredecessor 2019-12-12 15:11:25 +00:00
Asger F
a30f991b5e JS: Add query for missing await 2019-12-12 15:11:25 +00:00
Erik Krogh Kristensen
08d0cb795b revert the introduction of getEnclosingCall 2019-12-12 15:14:02 +01:00
Max Schaefer
dfeca63677 JavaScript: Fix characteristic predicate of XMLParent. 
The database type `@xmlparent` is defined a bit too loosely in that it includes all of `@file`, not just XML files. Fixing that would involve fiddling with the extractor/dbscheme, so I have opted to fix it at the QL level instead.
 2019-12-12 12:38:29 +00:00
Erik Krogh Kristensen
e818f4c08b refactored some duplicated methods into the abstract class, and specialized the type of emitter in NodeJS EventEmitter dispatch/registration 2019-12-11 18:25:03 +01:00
semmle-qlci
3d8c35e523 Merge pull request #2509 from asger-semmle/typescript-full-json 
Approved by max-schaefer
 2019-12-11 16:31:26 +00:00
Erik Krogh Kristensen
f537e28389 add pragma to internalBlocks predicate to fix performance 2019-12-11 15:19:30 +01:00
Asger F
063abb5cbc TS: Avoid name clash between tsconfig.json and type table 2019-12-11 12:15:44 +00:00
semmle-qlci
cb8e5fa3fc Merge pull request #2411 from asger-semmle/regexp-sanitizer-guards 
Approved by esbena, max-schaefer
 2019-12-11 12:00:21 +00:00
Erik Krogh Kristensen
62512dd3e9 expand the js/exception-xss to handle more types of exceptional flow 2019-12-11 10:43:50 +01:00
Erik Krogh Kristensen
267c4c07ed refactor EventEmitter model to use the ::Range pattern 2019-12-10 15:54:14 +01:00
Erik Krogh Kristensen
c4fd80d12b some review feedback 2019-12-10 14:53:01 +01:00
Erik Krogh Kristensen
e5d465da9a documentation fixes from @max-schaefer 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-10 12:01:51 +01:00
Erik Krogh Kristensen
59bafab6c3 update test to not use private class 2019-12-10 10:39:01 +01:00
Erik Krogh Kristensen
72cf14989a update expected output of test 2019-12-10 10:33:37 +01:00
Erik Krogh Kristensen
60a825cf66 fix tabs and spaces 2019-12-09 16:06:17 +01:00
Erik Krogh Kristensen
110302678c add model for EventEmitter in NodeJS, and base the Electron::IPC model on top of the new EventEmitter model 2019-12-09 14:27:35 +01:00
Henning Makholm
66b3c7cf07 JS tests: add queries.xml 
The `queries.xml` file defines which extractor the `codeql test` runner will use
to extract databases for the tests. In the future one will be able to write this
information in `qlpack.yml`, but we can't do that immediately because the
_existing_ CodeQL tooling would refuse to parse a `qlpack.yml` that has the new
field in it.

Adding a queries.xml file means that the normalization of file names in the test
output changes even with the old QLTest, so there are a number of consequential
updates of expected output files.
 2019-12-07 02:38:02 +01:00
Asger F
abec4badb5 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
344f0b4995 Fix typo in qldoc 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
c1da83bf6c Fix typo in qldoc 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
2acd616e6f JS: Review comments 2019-12-06 11:53:06 +00:00
Asger F
bbb6dad726 JS: Update koa testcase 2019-12-06 11:49:59 +00:00
Asger F
b407de01f8 JS: Update TaintBarriers test 2019-12-06 11:49:59 +00:00
Asger F
a6e75259d6 JS: More fine-grained regexp-based sanitizer guards 2019-12-06 11:49:59 +00:00
Asger F
ad6e949bad JS: Introduce RegExpCreationNode 2019-12-06 11:49:59 +00:00
Asger F
4354945c26 JS: Factor out recognition of RegExp flags 2019-12-06 11:49:59 +00:00
semmle-qlci
cfcd18b411 Merge pull request #2429 from erik-krogh/typeAheadSink 
Approved by esbena
 2019-12-03 08:07:25 +00:00
Henning Makholm
e441e432ff Merge pull request #2484 from asger-semmle/typescript-codeql-env-var 
JS: Make extractor aware of CodeQL env vars
 2019-12-02 18:36:45 +01:00
Asger F
f162749044 Merge pull request #2418 from max-schaefer/js/file-locatable 
JavaScript: Make `File` not extend `Locatable` anymore.
 2019-12-02 16:15:14 +00:00
Asger F
f988e9004f JS: Autoformat FileExtractor.java 2019-12-02 16:06:37 +00:00
Asger F
c931beb853 TS: Make AutoBuild aware of CodeQL env vars 2019-12-02 16:06:27 +00:00
Max Schaefer
ec2ba735de JavaScript: Update Dependencies library to not rely on Files being Locatable. 
Previously, we would consider an HTML file to be a dependent of all scripts embedded in it. Now we instead consider each JavaScript toplevel inside the HTML file to be a dependent, which is more sensible anyway.
 2019-12-02 12:40:49 +00:00
Nick Rolfe
d293418672 Merge pull request #2478 from jbj/mergeback-20191202 
Mergeback from rc/1.23 to master
 2019-12-02 12:28:20 +00:00
Erik Krogh Kristensen
ea9d6189de update expected test outpu 2019-12-02 12:52:39 +01:00
semmle-qlci
ceb9fff70c Merge pull request #2479 from max-schaefer/localTaintStep 
Approved by asgerf
 2019-12-02 11:35:43 +00:00
Max Schaefer
aeda2d68f8 JavaScript: Introduce localTaintStep predicate. 
It's sometimes useful for exploratory queries, and the other languages have it as well.
 2019-12-02 09:43:08 +00:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Erik Krogh Kristensen
c6c1ebe81a Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-12-02 08:41:49 +01:00
Max Schaefer
f958916c76 Merge pull request #2330 from erik-krogh/exceptionXss 
JS: Added query for detecting XSS that happens through an exception
 2019-11-29 09:04:45 +00:00
semmle-qlci
73e08eba43 Merge pull request #2468 from max-schaefer/js/regexp-predecessor 
Approved by asgerf
 2019-11-28 16:57:31 +00:00
semmle-qlci
198b3b34a3 Merge pull request #2432 from asger-semmle/install-typescript-deps 
Approved by max-schaefer
 2019-11-28 16:08:46 +00:00
Max Schaefer
7487c79271 JavaScript: Add missing qldoc. 2019-11-28 15:54:52 +00:00
Max Schaefer
47cbf0bf88 JavaScript: Override Locatable.getLocation() for @files. 2019-11-28 15:54:03 +00:00
Max Schaefer
a788bf87a0 JavaScript: Fix RegExpTerm.getPredecessor and getSuccessor. 
These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching).

However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order.

Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.
 2019-11-28 15:14:50 +00:00
Esben Sparre Andreasen
4e0dfce427 JS: cache charpred for NodeJS::Require 2019-11-28 08:10:25 +01:00
Esben Sparre Andreasen
d909653a6b JS: simplify charpred for NodeJS::Require 2019-11-28 08:10:25 +01:00