hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

10661 Commits

Author SHA1 Message Date
Max Schaefer
aebc5bc6c3 JavaScript: Update qhelp example for CleartextStorage. 2019-02-08 08:43:22 +00:00
Max Schaefer
0be81dacdc JavaScript: Add classification of sensitive expressions. 
We now classify sensitive expressions into four categories (secret, id, password, certificate). This allows queries more fine-grained control over what kinds of sensitive data they want to deal with: for clear-text storage, for instance, user ids aren't so much of a problem.
 2019-02-08 08:43:22 +00:00
Max Schaefer
6389f32847 JavaScript: Update expected output for ExtractSinkSummaries query. 2019-02-08 08:43:22 +00:00
Max Schaefer
326b93bf84 JavaScript: Clean up classification of sensitive strings. 2019-02-08 08:43:22 +00:00
Asger F
9dae08bbcf JS: fix javadoc 2019-02-07 13:53:29 +00:00
Asger F
c2321045f2 TS: fix import of q.d.ts in test case 2019-02-07 12:37:54 +00:00
Asger F
6cc30fe732 JS: add stats for new relations 2019-02-07 12:00:53 +00:00
Asger F
e4b230ba60 Revert "Merge pull request #897 from Semmle/revert-817-closure-modules" 
This reverts commit 95185345fd, reversing
changes made to b8be66ec48.
 2019-02-07 11:58:38 +00:00
Esben Sparre Andreasen
5ad83360be JS: move default parameter values to the DefUse graph 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
65530c5edf JS: add test for js/useless-comparison-test 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
55fd948c24 JS: add test for js/trivial-conditional 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
f956e570cb JS: support default destructuring values in the dataflow graph 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
687b7f0a7f JS: exclude direct flow from the RHS in a destructuring assignment 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
f333419bb4 JS: add defuse+dataflow tests for destructuring and default values 2019-02-07 11:24:46 +01:00
Max Schaefer
447a1db616 JavaScript: Assign FileAccessToHttp and HttpToFileAccess a precision. 
They will now be run on LGTM, but their results won't be displayed by default.
 2019-02-07 09:48:05 +00:00
semmle-qlci
b4b37b3a7b Merge pull request #880 from esben-semmle/js/better-alert-message-1 
Approved by xiemaisi
 2019-02-07 08:01:21 +00:00
Max Schaefer
812cba0fe3 Merge pull request #828 from esben-semmle/js/vue-support-1 
JS: basic Vue support
 2019-02-07 08:00:17 +00:00
Asger F
e46e2b2515 Revert "JS: Add support for Closure modules" 2019-02-06 17:30:45 +00:00
semmle-qlci
b8be66ec48 Merge pull request #887 from asger-semmle/jsdoc-accessors 
Approved by xiemaisi
 2019-02-06 16:30:48 +00:00
semmle-qlci
b13c11017c Merge pull request #885 from asger-semmle/async-waterfall 
Approved by xiemaisi
 2019-02-06 16:30:17 +00:00
Esben Sparre Andreasen
235625d03a Merge branch 'master' into js/vue-support-1 2019-02-06 16:57:16 +01:00
semmle-qlci
09825f28ed Merge pull request #817 from asger-semmle/closure-modules 
Approved by esben-semmle, xiemaisi
 2019-02-06 15:51:53 +00:00
semmle-qlci
a2691b32b5 Merge pull request #851 from xiemaisi/js/post-message-star 
Approved by esben-semmle
 2019-02-06 09:57:04 +00:00
Asger F
abb7e63697 JS: update GlobalVariableRef.expected 2019-02-06 09:16:30 +00:00
Asger F
44939263e4 JS: update TRAP files 2019-02-06 09:12:16 +00:00
Asger F
c52ed9152f JS: handle .mjs files correctly 2019-02-06 09:12:10 +00:00
Esben Sparre Andreasen
f15af70c02 JS: use HTML::ScriptElement::getScript in Vue 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
5e2b1c026a JS: introduce HTML::ScriptElement::getScript() 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
a78dd422b6 JS: add query js/vue/arrow-method-on-vue-instance 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
ea175b2a9f JS: introduce Vue XSS sinks 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
a6cfee5f26 JS: prevent inlining of three auxiliary Vue methods 2019-02-06 09:37:23 +01:00
Esben Sparre Andreasen
ddf9ca2505 JS: introduce base Vue model 2019-02-06 09:37:23 +01:00
Asger F
46b996a936 JS: autoformat ¯\_(ツ)_/¯ 2019-02-05 16:52:06 +00:00
Asger F
8924aa3ee0 JS: add test case 2019-02-05 16:51:21 +00:00
Asger F
cad5a064cd JS: recognize a-sync-waterfall package 2019-02-05 16:38:47 +00:00
Esben Sparre Andreasen
b72441f9c2 JS: use StringOps:: in js/incomplete-url-substring-sanitization 2019-02-05 15:17:55 +01:00
Asger F
51360d8772 JS: add Parameter.getJSDocTag 2019-02-05 11:35:16 +00:00
Asger F
79b9784b08 JS: handle ES2015 modules compiling to Node.js modules 2019-02-04 14:26:24 +00:00
Asger F
5e10e955ee JS: update trivial TRAP changes 2019-02-04 14:25:05 +00:00
Asger F
4b32d8c63f JS: refactor SourceType/Platform 2019-02-04 14:24:39 +00:00
Asger F
ac6b9d1282 JS: add TRAP test with closure modules 2019-02-04 14:24:39 +00:00
Asger F
cac09cf154 JS: Update TRAP output 2019-02-04 14:24:39 +00:00
Asger F
be105b6348 JS: add dbscheme upgrade script 2019-02-04 14:21:34 +00:00
Asger F
8f3b0f584a JS: Extract predicates for ES2015/closure modules 2019-02-04 14:21:34 +00:00
Asger F
51fe31d049 JS: fix FPs in DeadStoreOfLocal 2019-02-04 14:21:34 +00:00
Asger F
6a451a6b53 JS: Fix InvalidExport.ql 2019-02-04 14:21:34 +00:00
Asger F
72fe63074a JS: convert tabs to spaces 2019-02-04 14:21:34 +00:00
Asger F
df88534b36 JS: use PropWrite in exports() predicate 2019-02-04 14:21:34 +00:00
Asger F
c707935841 JS: add Closure::moduleImport and Closure::moduleMember 2019-02-04 14:21:34 +00:00
Asger F
82c0756248 JS: autoformat 2019-02-04 14:21:34 +00:00