hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

1793 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
3656864695 JS: Add database threat-model source modeling 2024-10-29 15:11:09 +01:00
Asger F
3cc6b11e6b JS: Expand attribute regex to include some Vue attributes 2024-10-29 11:19:01 +01:00
Asger F
560b3da851 JS: Add test with some special Vue attributes 2024-10-29 11:18:17 +01:00
Rasmus Wriedt Larsen
d3ae4c930e JS: Model newer yargs command-line parsing pattern 2024-10-25 15:03:43 +02:00
Rasmus Wriedt Larsen
3448751b4c JS: Consolidate command-line argument modeling 
Such that we can reuse the existing modeling, but have it globally
applied as a threat-model as well.

I Basically just moved the modeling. One important aspect is that this
changes is that the previously query-specific `argsParseStep` is now a
globally applied taint-step. This seems reasonable, if someone applied
the argument parsing to any user-controlled string, it seems correct to
propagate that taint for _any_ query.
 2024-10-25 15:03:43 +02:00
Rasmus Wriedt Larsen
412e841d69 JS: Add environment threat-model source 2024-10-25 15:03:43 +02:00
Rasmus Wriedt Larsen
dbfbd2c00a JS: Remove 'response' from default threat-models 
I didn't want to put the configuration file in
`semmle/javascript/frameworks/**/*.model.yml`, so created `ext/` as in other
languages
 2024-10-25 14:52:49 +02:00
Rasmus Wriedt Larsen
05dce8a0be JS: Add test showing default active threat-models 2024-10-25 14:50:59 +02:00
Tom Hvitved
d0ca39fb03 JS: Update expected test output 2024-10-04 08:35:33 +02:00
Sid Shankar
3516117215 Adds test for arbitrary specifiers in TS files 
Adds test for arbitrary identifiers used in imports and exports
 2024-09-11 00:37:49 +00:00
Sid Shankar
785af12f1c Renames test file 2024-09-11 00:28:44 +00:00
erik-krogh
b8187ed294 support arbitary export specifiers 2024-08-06 20:45:57 +02:00
erik-krogh
5f7f37f6c8 support arbitary import specifiers 2024-08-06 20:45:53 +02:00
erik-krogh
0de4fd8430 add test for the better type-narrowing in TS 5.5 2024-06-20 20:55:44 +02:00
erik-krogh
a691ec01b3 add test for the inferred type predicates in TS5.5 2024-06-20 20:42:59 +02:00
Rasmus Wriedt Larsen
3f2befc3e5 JS: Support spread arguments in array.splice 2024-06-14 15:33:17 +02:00
Rasmus Wriedt Larsen
269f8ca2cd JS: Add splice(...arr) test 2024-06-14 15:19:56 +02:00
Rasmus Wriedt Larsen
68ccec3d43 JS: Prepare for new test 2024-06-14 15:18:47 +02:00
Rasmus Wriedt Larsen
194ef607f7 JS: Updated .expected 2024-06-14 14:49:34 +02:00
Rasmus Wriedt Larsen
ec18786488 JS: Provide better model for Array.splice 2024-06-12 16:29:21 +02:00
Rasmus Wriedt Larsen
54a0e6dc45 JS: Add new test for Array.splice 2024-06-12 16:24:33 +02:00
Rasmus Wriedt Larsen
9ed6da1072 JS: prepare to extend Array tests 
Oh how I have enjoyed working with InlineExpectationTests for these sort
of things, not worrying about all the .expected files changing because
you add a few lines in the middle of your tests :D
 2024-06-12 16:22:55 +02:00
Asger F
6f19fc2fcd JS: Add isTypeUsed to avoid overpruning 2024-05-21 14:38:52 +02:00
Asger F
632cce2c16 JS: Add failing test due to overpruning 2024-05-21 14:20:13 +02:00
Erik Krogh Kristensen
03cf9b702c Merge pull request #14291 from am0o0/amammad-js-CodeInjection_Shelljs 
JS: Shelljs improvement
 2024-05-17 11:14:11 +02:00
Asger F
db07c162e4 JS: Allow generated models to use (package) 2024-04-23 20:25:55 +02:00
Asger F
9d00f660f1 Update ModelGeneration.expected 2024-04-23 20:08:21 +02:00
Asger F
ac34b922ec Merge pull request #16241 from asgerf/js/re-export 
JS: Improve support for `export * as ...` declarations
 2024-04-19 10:03:17 +02:00
Asger F
3c885f3969 JS: Fix bug in MkClassInstance use-nodes 
This only worked when the RHS was a SourceNode, which is not generally the case
 2024-04-18 10:06:11 +02:00
Asger F
da33c220a6 JS: Update test output 2024-04-17 20:11:11 +02:00
Asger F
be64daf265 Merge branch 'main' into js/graph-export 2024-04-16 20:23:33 +02:00
Tom Hvitved
9d8b93ed45 JS: No longer use models-as-data CSV interface 2024-04-12 13:40:15 +02:00
Asger F
81b96a8041 JS: Ensure MkClassInstance exists for base classes 2024-04-09 14:32:58 +02:00
Asger F
29a61458e0 JS: Add test case showing problem with chains going through internal classes 2024-04-09 14:32:58 +02:00
Asger F
56ebe6c727 JS: More re-export logic to handle subclass export 2024-04-09 14:32:58 +02:00
Asger F
f2ea88aa4c JS: Add test showing missing re-export of base class relationship 2024-04-09 14:32:58 +02:00
Asger F
9313564e64 JS: Add subclassing test and fix lack of subclassing handling 2024-04-09 14:32:58 +02:00
Asger F
ef7767b6cd JS: Add partial test for subclassing 2024-04-09 14:32:58 +02:00
Asger F
3022c59654 JS: Add access path alias test 2024-04-09 14:32:58 +02:00
Asger F
ab3c03d2d6 JS: Add test where root export object is a function 2024-04-09 14:32:58 +02:00
Asger F
f4e05cc621 JS: Add tests with semi-internal class problem 2024-04-09 14:32:58 +02:00
Asger F
946f0b4dc4 JS: Add test for class with aliases 2024-04-09 14:32:58 +02:00
Asger F
348c95ebe1 JS: Add a test case with fluent flow 2024-04-09 14:32:58 +02:00
Asger F
c55e03c588 Dynamic/JS: Add support for re-exporting type models 2024-04-09 14:32:58 +02:00
Asger F
acef9b7111 Dynamic/JS: Add library for exporting models 2024-04-09 14:32:58 +02:00
Asger F
f08e8b1d5e Merge pull request #16136 from asgerf/js/instance-to-subclasses 
JS: Make getInstance() propagate to subclasses
 2024-04-08 14:37:42 +02:00
Asger F
cd84fa4bee JS: Make getInstance() propagate to subclasses 2024-04-05 15:12:02 +02:00
Asger F
b8b8e2b991 Merge pull request #16054 from asgerf/js/call-graph-improvement2 
JS: more implied receiver steps
 2024-04-04 15:54:06 +02:00
Asger F
22b56a4a40 JS: More implied receiver steps 2024-03-26 10:23:08 +01:00
Asger F
f2939bd05b JS: Add test case 2024-03-26 10:23:08 +01:00