hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

10661 Commits

Author SHA1 Message Date
Chris Gavin
bce153648e JavaScript: Update link to the OWASP XSS prevetion cheat sheet. 2019-06-24 23:21:14 +01:00
Esben Sparre Andreasen
4f9a7d0b71 JS: updated expected output for different SnakeYaml version 2019-06-24 09:24:12 +02:00
Asger F
207ed1e14a JS: Add query for measuring call graph quality 2019-06-24 01:01:13 +01:00
Max Schaefer
a417884173 JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-23 21:56:02 +02:00
Esben Sparre Andreasen
6885b5cf1f JS: fix yaml StringIndexOutOfBoundsException 2019-06-21 15:18:56 +02:00
semmle-qlci
59dd3b2fb7 Merge pull request #1477 from asger-semmle/ts-debug-failure-in-tsconfig 
Approved by xiemaisi
 2019-06-21 12:45:13 +01:00
semmle-qlci
4d779026d2 Merge pull request #1479 from xiemaisi/js/remove-circularity 
Approved by asger-semmle
 2019-06-21 09:03:13 +01:00
Max Schaefer
4370f25b32 JavaScript: Remove dependency of module import on globalVarRef. 2019-06-20 21:08:34 +01:00
Max Schaefer
544a55dd0e JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-20 17:04:47 +01:00
Ellen Arteca
99c32f08fb JavaScript: Recognize imports from TypeScript type annotations 2019-06-20 10:45:30 +01:00
Asger F
52f31dcb07 TS: Rely on ts.sys.readFile for decoding 2019-06-19 11:57:22 +01:00
Mark Shannon
77030c4dde Merge branch 'rc/1.21' into 'master' 2019-06-13 12:32:45 +01:00
semmle-qlci
8a43fdc806 Merge pull request #1448 from xiemaisi/js/fix-access-paths-perf-regression 
Approved by esben-semmle
 2019-06-13 10:13:27 +01:00
semmle-qlci
bffc3307b5 Merge pull request #1450 from esben-semmle/js/classify-json-js-as-generated 
Approved by xiemaisi
 2019-06-13 09:45:37 +01:00
semmle-qlci
7332446ee1 Merge pull request #1444 from esben-semmle/js/express-node-inheritance 
Approved by xiemaisi
 2019-06-12 21:43:44 +01:00
semmle-qlci
913544600a Merge pull request #1449 from xiemaisi/js/fix-http-response-sink-perf-regression 
Approved by esben-semmle
 2019-06-12 21:36:23 +01:00
Max Schaefer
60964efce5 JavaScript: Avoid bad context pushing in ReflectedXss::HttpResponseSink. 2019-06-12 16:20:35 +01:00
Esben Sparre Andreasen
3f11ae7eaa Merge remote-tracking branch 'rc/1.21' into master 2019-06-12 12:57:55 +02:00
Esben Sparre Andreasen
6e022f66c4 JS: formatting of Express and NodeJSLib.qll 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen
59b7b0757a JS: make Express' res/req extend Node's res/req 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen
29f9103b39 JS: classify single-line JSON files as generated 2019-06-12 09:05:12 +02:00
semmle-qlci
7790ac45bd Merge pull request #1409 from esben-semmle/js/more-command-injection 
Approved by xiemaisi
 2019-06-11 11:59:18 +01:00
Max Schaefer
70cf32c889 JavaScript: Add a few more tests. 2019-06-11 08:44:14 +01:00
Esben Sparre Andreasen
299d4c6e93 JS: add additional SystemCommandExecutors 2019-06-11 09:38:10 +02:00
Max Schaefer
b32a037ff2 JavaScript: Refactor a few access path computation predicates. 2019-06-10 11:15:52 +01:00
Max Schaefer
398ee0c133 JavaScript: Add tests for data-flow tutorial. 2019-06-07 14:33:26 +01:00
Max Schaefer
16c33b54b6 JavaScript: Recognise references to the process global. 2019-06-06 11:48:18 +01:00
Max Schaefer
d233cea79d JavaScript: Lower precision of PasswordInConfigurationFile. 
In spite of recent improvements, this query is still too noisy to show
by default.
 2019-06-05 08:09:19 +01:00
Max Schaefer
d723ab76d8 JavaScript: Fix getDelimiterMatchingRegexp to work on multi-line strings. 2019-06-05 08:09:19 +01:00
Max Schaefer
a4876270ec JavaScript: Tweak PasswordInConfigurationFile alerts. 
Only highlight first line, and include the password in the alert
message.
 2019-06-05 08:09:19 +01:00
Max Schaefer
c09b859aa7 JavaScript: Add three missing @metricType annotations. 2019-06-04 17:17:14 +01:00
semmle-qlci
1fa975b4c9 Merge pull request #1393 from xiemaisi/js/concretify 
Approved by esben-semmle
 2019-06-04 11:34:47 +01:00
semmle-qlci
80ff63a3bb Merge pull request #1387 from esben-semmle/js/unanchored-url-regex 
Approved by mc-semmle, xiemaisi
 2019-06-03 17:27:08 +01:00
Esben Sparre Andreasen
04868e5b97 JS: format qhelp examples 2019-06-03 17:05:19 +02:00
Esben Sparre Andreasen
9e0a97e82f JS: address qhelp review comments 2019-06-03 16:39:39 +02:00
Esben Sparre Andreasen
bf51c54338 JS: add RegExpPatternSource::getAParse to hide the subclasses 2019-06-03 14:23:22 +02:00
Esben Sparre Andreasen
7b652214c5 JS: address docstring comments 2019-06-03 13:59:39 +02:00
Max Schaefer
d8a101df6d JavaScript: Shrink Configurations.qll some more. 2019-06-03 10:32:25 +01:00
Esben Sparre Andreasen
14644270ac JS: fix comment typo 2019-06-03 08:32:35 +02:00
Esben Sparre Andreasen
7018a38691 JS: improve tests and regexp for js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
3289c629f7 JS: address minor review comments 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
0fa73b8331 JS: add query js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
69db54a03a JS: add anchors to js/incomplete-hostname-regexp examples 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
3358e49698 JS: refactor the predicate RegExp::regexp to three classes. 
This preserves the ad hoc message formatting in IncompleteHostnameRegExp.ql
 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
98ae2597bb JS: refactor IncompleteHostnameRegExp::regexp to RegExp.qll 2019-06-03 08:27:49 +02:00
Max Schaefer
c560096b17 JavaScript: Make Script and CodeInAttribute concrete. 2019-05-31 12:04:14 +01:00
Max Schaefer
74688bb600 Merge pull request #1341 from esben-semmle/js/sync-suites 
JS: Add queries to the manual suite for LGTM constistency
 2019-05-31 08:18:08 +01:00
Max Schaefer
3097037a6f Merge pull request #1290 from esben-semmle/js/semver-lib 
JS: add SemVer library
 2019-05-31 08:09:24 +01:00
semmle-qlci
0fa06e5c8d Merge pull request #1180 from asger-semmle/tainted-path-squashed 
Approved by xiemaisi
 2019-05-30 17:20:19 +01:00
Max Schaefer
3c8aea26da JavaScript: Update expected test output. 2019-05-30 15:05:43 +01:00