hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,886 Commits 1,671 Branches 157 Tags
codeql-cli-2.1.4-cloudbuild
Commit Graph

3270 Commits

Author SHA1 Message Date
Asger Feldthaus
7090124a1d JS: Implement type inference through export * as ns 2020-02-06 14:29:35 +00:00
Asger Feldthaus
a252a41459 JS: Rename/deprecate a predicate to loosen its return type 2020-02-06 14:27:23 +00:00
Asger Feldthaus
2b77c7969d JS: Add tests for 'export * as ns' 2020-02-06 14:04:12 +00:00
Asger Feldthaus
f5c805bad1 JS: Move tests into one file 2020-02-06 13:55:29 +00:00
Asger Feldthaus
54c521d41c JS: Fix typo in test query 2020-02-06 13:50:06 +00:00
Erik Krogh Kristensen
1f7dda7fbc add dataflow barrier for if(xrandr) 2020-02-06 12:55:44 +01:00
Asger Feldthaus
0345c48503 JS: Bump extractor version string 2020-02-06 11:04:59 +00:00
Asger Feldthaus
38ef07ce73 JS: Fix join ordering 2020-02-06 10:29:05 +00:00
Erik Krogh Kristensen
d8a30c48a3 update expected output of TaintedPath tests 2020-02-06 09:47:15 +01:00
semmle-qlci
5125dc7939 Merge pull request #2730 from esbena/js/model-path-parse 
Approved by asgerf
 2020-02-05 21:35:55 +00:00
semmle-qlci
163285bee7 Merge pull request #2735 from asger-semmle/prototype-pollution-manual-dataflow 
Approved by esbena
 2020-02-05 12:52:59 +00:00
Erik Krogh Kristensen
da28d3b971 add "hash" and "search" to URL taint step 2020-02-05 12:44:10 +01:00
semmle-qlci
a5e183bde3 Merge pull request #2619 from asger-semmle/ts-monorepo-deps 
Approved by erik-krogh, max-schaefer
 2020-02-05 10:57:55 +00:00
semmle-qlci
53763c789f Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path 
Approved by erik-krogh
 2020-02-05 10:53:39 +00:00
semmle-qlci
52f34d7178 Merge pull request #2715 from erik-krogh/PrivateFields 
Approved by asgerf
 2020-02-05 10:20:28 +00:00
Erik Krogh Kristensen
88bb1dc23d bind this in each of the step methods of UrlSearchParamsTaintStep 2020-02-05 10:58:13 +01:00
Erik Krogh Kristensen
30d5eb5a13 update docstrings 2020-02-05 10:53:34 +01:00
Erik Krogh Kristensen
ffc6fddddd update expected test output 2020-02-05 10:52:40 +01:00
Asger F
cf18bd7bb8 Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-05 09:48:16 +00:00
Asger Feldthaus
fd9975db85 JS: Address comments 2020-02-05 09:47:51 +00:00
Esben Sparre Andreasen
f6ad22dd1f Merge pull request #2758 from asger-semmle/js/string-concat-concat 
JS: Model concat() calls as string concatenation
 2020-02-05 10:41:02 +01:00
Erik Krogh Kristensen
ec9c37075c address review feedback 2020-02-05 10:31:53 +01:00
Erik Krogh Kristensen
35a7e15a2f remove private modifer on isUrlSearchParams 2020-02-05 10:30:31 +01:00
Erik Krogh Kristensen
76aca02752 change the pseudo-property on URL to a two-stage process 2020-02-05 10:27:03 +01:00
Erik Krogh Kristensen
e525cf0959 generalize isAdditionalLoadStoreStep such that it loads and stores different properties 2020-02-05 09:40:16 +01:00
Asger Feldthaus
b4df03767d JS: Ignore obvious Array.prototype.concat calls 2020-02-04 16:36:41 +00:00
Asger Feldthaus
db2212e33e TS: Only print number of errors if there were any 2020-02-04 15:31:30 +00:00
Erik Krogh Kristensen
8d37c03209 using pseudo-properties to model URL parsing 2020-02-04 16:30:07 +01:00
Asger Feldthaus
3ccdaa94ad JS: Expose argumentPassing as DataFlow::argumentPassingStep 2020-02-04 15:06:45 +00:00
Asger Feldthaus
c185cededf JS: More pruning and more data flow 2020-02-04 15:06:42 +00:00
semmle-qlci
4b89eee683 Merge pull request #2757 from max-schaefer/js/resolveMainModule-extensions 
Approved by asgerf
 2020-02-04 13:07:08 +00:00
Erik Krogh Kristensen
15e26666cd add declaration for private field in syntax error test 2020-02-04 14:05:09 +01:00
Asger Feldthaus
bf2c944b4f JS: Model concat() calls as string concatenation 2020-02-04 10:20:37 +00:00
Esben Sparre Andreasen
1ec8fa24b3 JS: reformulate optimization 2020-02-04 10:52:38 +01:00
Esben Sparre Andreasen
8a2c81b41c JS: address review comments about duplicated logic 2020-02-04 10:49:23 +01:00
Max Schaefer
43e4ed1e18 JavaScript: Teach resolveMainModule to try adding extensions. 2020-02-04 09:39:04 +00:00
Max Schaefer
e21c24c60e JavaScript: Add failing test case. 2020-02-04 09:39:04 +00:00
Esben Sparre Andreasen
e1180495f5 JS: optimize a prefix-check 2020-02-04 09:48:56 +01:00
semmle-qlci
bd51ef35b7 Merge pull request #2731 from erik-krogh/CVE527 
Approved by esbena
 2020-02-04 08:38:26 +00:00
Esben Sparre Andreasen
bbd60f52ba JS: add additional flow steps to js/path-injection 2020-02-03 16:36:25 +01:00
Erik Krogh Kristensen
e3189aaa47 raise syntax error on declaration of private method, and add syntax tests for private fields 2020-02-03 16:00:25 +01:00
semmle-qlci
3a7845e7fc Merge pull request #2653 from erik-krogh/exceptionFPs 
Approved by esbena
 2020-02-03 14:15:24 +00:00
Erik Krogh Kristensen
183dd68d6a add qldoc to isPrivateField 2020-02-03 14:23:27 +01:00
Asger Feldthaus
3c1cbcefa5 TS: Pass virtual source root explicitly to Node.js process 2020-02-03 10:36:36 +00:00
Asger Feldthaus
513854a608 TS: Add upgrade script 2020-02-03 09:32:56 +00:00
Asger Feldthaus
9abf5f06e6 TS: Resolve imports using TypeScript symbols 2020-02-03 09:32:56 +00:00
Asger Feldthaus
abb95135c1 JS: Add UnresolvableImport metric 2020-02-03 09:32:56 +00:00
Erik Krogh Kristensen
5ff958a9cf fix compilation of PrototypePollutionUtility after refactor 2020-02-03 09:39:41 +01:00
Esben Sparre Andreasen
7f25c1bf47 JS: address doc-review comments 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
c70997febf JS: address review comments for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00