hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

4104 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
427c32f211 report a local variable as the misspelling if there any many occourances of the global 2020-04-17 11:25:23 +02:00
Erik Krogh Kristensen
14b551f887 Xss through DOM 2020-04-17 10:54:14 +02:00
Erik Krogh Kristensen
eca98b42d2 basic support for util.promisify for NodeJSFileSystemAccess 2020-04-17 09:54:37 +02:00
Erik Krogh Kristensen
69a16af152 Merge branch 'master' into Maps 2020-04-15 20:41:22 +02:00
Erik Krogh Kristensen
e8dc77d508 add support for util.promisify with child_process calls 2020-04-15 19:16:30 +02:00
Asger F
34d40b5035 Merge pull request #3237 from asger-semmle/js/sparse-capture 
JS: Add CapturedVariableNode to avoid N^2 edges
 2020-04-15 10:42:48 +01:00
Asger Feldthaus
3515a2b412 JS: Update test output 2020-04-14 10:31:31 +01:00
Pavel Avgustinov
6737e99d65 Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
Asger Feldthaus
c070416fbe JS: Update test output 2020-04-09 12:24:11 +01:00
semmle-qlci
404f7225a1 Merge pull request #3196 from asger-semmle/js/unnecessary-source-node-range 
Approved by esbena
 2020-04-08 18:44:02 +01:00
Asger Feldthaus
5ab595da2e JS: Autoformat 2020-04-08 12:40:00 +01:00
Asger Feldthaus
171b131eb1 JS: Add test for SourceNode not depending on flowsTo 2020-04-08 10:23:47 +01:00
Henning Makholm
d1ff3211ef Add extractor fields to test qlpack.yml files. 2020-04-06 19:21:41 +02:00
Asger Feldthaus
2c6beadf68 JS: Recognize more forms of scheme checks 2020-04-06 12:30:03 +01:00
semmle-qlci
a8098a2b2d Merge pull request #3197 from erik-krogh/NormalPathSanitizer 
Approved by asgerf
 2020-04-03 16:33:18 +01:00
Erik Krogh Kristensen
9c2053168b writing out the truth table for DotDotSlashPrefixRemovingReplace 2020-04-03 15:46:47 +02:00
semmle-qlci
676da02118 Merge pull request #3192 from asger-semmle/js/missing-await-not-delete 
Approved by esbena
 2020-04-03 13:21:48 +01:00
Erik Krogh Kristensen
94751c1b31 dst can be relative for "../" replace call 2020-04-03 11:08:31 +02:00
semmle-qlci
dc774e0eac Merge pull request #3166 from erik-krogh/DeadLocal 
Approved by asgerf
 2020-04-03 09:36:20 +01:00
Erik Krogh Kristensen
e46cde17a1 add a "../" removing taint-step for js/path-injection 2020-04-03 09:42:05 +02:00
Asger Feldthaus
3a9d047cf5 JS: Ignore delete expressions in js/missing-await 2020-04-02 11:35:09 +01:00
Asger Feldthaus
ccce0205b4 JS: Add test 2020-04-02 11:34:07 +01:00
Erik Krogh Kristensen
75b183bc33 update expected output 2020-04-01 20:46:49 +02:00
Erik Krogh Kristensen
957b60f84b split fuzzy read/writes on collections into 2 pseudo-properties 2020-04-01 14:25:41 +02:00
Asger Feldthaus
b5e110e39e JS: Fix value of numeric literals containing underscores 2020-04-01 12:24:42 +01:00
Asger Feldthaus
9888f15a29 JS: Add test showing root cause of problem 2020-04-01 12:21:27 +01:00
Asger Feldthaus
2d864aaf1b JS: Add failing test 2020-04-01 12:21:25 +01:00
Erik Krogh Kristensen
9fc8ed17cd remove unused import 2020-04-01 11:18:11 +02:00
Erik Krogh Kristensen
a188c6f804 qldoc changes and renaming 2020-04-01 11:12:54 +02:00
Erik Krogh Kristensen
49a8a48a72 autoformat 2020-03-31 20:27:05 +02:00
Erik Krogh Kristensen
cec2cd3b14 update expected output 2020-03-31 14:05:05 +02:00
Erik Krogh Kristensen
3784b180d8 changes based on review 2020-03-31 12:07:55 +02:00
Erik Krogh Kristensen
546431c83d dataflow and typetracking steps for Maps and Sets 2020-03-31 11:21:34 +02:00
Erik Krogh Kristensen
25aea900b6 add more dataflow steps for Arrays 2020-03-31 11:21:25 +02:00
semmle-qlci
0feb7f87e4 Merge pull request #2761 from erik-krogh/UrlSearch 
Approved by asgerf
 2020-03-31 09:46:48 +01:00
semmle-qlci
5c920eb625 Merge pull request #3120 from asger-semmle/js/prefer-typescript-file 
Approved by esbena
 2020-03-31 09:32:14 +01:00
Erik Krogh Kristensen
7938bc4ed0 improve alert message for js/useless-assignment-to-local 2020-03-30 20:19:50 +02:00
semmle-qlci
fce04f0bd0 Merge pull request #3127 from erik-krogh/PromiseTrack 
Approved by asgerf
 2020-03-30 11:56:33 +01:00
Erik Krogh Kristensen
f55005a0ec more precise warning message for implicit string/number conversions 2020-03-30 11:17:56 +02:00
Erik Krogh Kristensen
4864e77430 Merge branch 'master' of git.semmle.com:Semmle/ql into UrlSearch 2020-03-27 15:59:29 +01:00
Erik Krogh Kristensen
0ebbd80745 autoformat 2020-03-27 14:54:34 +01:00
semmle-qlci
1975a83cdd Merge pull request #3116 from max-schaefer/js/postgres-type-tracking 
Approved by asgerf
 2020-03-27 09:23:52 +00:00
Erik Krogh Kristensen
58af63d8cc add test case for XSS on url suffix 2020-03-27 10:02:24 +01:00
Erik Krogh Kristensen
e2d2c2341e autoformat and update expected output 2020-03-26 15:38:00 +01:00
Asger Feldthaus
816968d102 JS: Rename test files to avoid clash 2020-03-26 11:59:57 +00:00
Erik Krogh Kristensen
1cefa12315 update expected output 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen
00181e059b add tests for type-tracking promises 2020-03-25 23:54:56 +01:00
semmle-qlci
e7fd97e72b Merge pull request #3119 from erik-krogh/SockJS 
Approved by esbena
 2020-03-25 21:36:29 +00:00
Asger Feldthaus
54021a1c30 JS: Update old entry point and add a test 2020-03-25 13:24:18 +00:00
semmle-qlci
cf5b1f0cd5 Merge pull request #3019 from erik-krogh/ArrayStep 
Approved by asgerf
 2020-03-25 12:08:44 +00:00