hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

6144 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
b780f82869 JS: sharpen js/clear-text-logging (ODASA-7485) 2018-11-22 13:38:43 +01:00
Asger F
61ef6552c3 JS: handle both data() and taint() source labels 2018-11-22 09:59:31 +00:00
semmle-qlci
4e72a08b8d Merge pull request #507 from esben-semmle/js/mixed-static-intance-this-access-inheritance 
Approved by xiemaisi
 2018-11-21 16:07:25 +00:00
semmle-qlci
f5d3274655 Merge pull request #508 from esben-semmle/js/indirect-global-call-with-default-arguments 
Approved by xiemaisi
 2018-11-21 16:06:46 +00:00
Asger F
27c9326e70 JS: address doc review 2018-11-21 14:19:14 +00:00
Esben Sparre Andreasen
72c4ef4d90 JS: fixup optional chaining on CallWithNonLocalAnalyzedReturnFlow 2018-11-21 14:18:14 +01:00
Asger F
8c7e19567b JS: fix string value of taint configuration 2018-11-21 12:35:35 +00:00
Asger F
4ae2493798 JS: rename query to Unsafe Dynamic Method Access 2018-11-21 12:34:18 +00:00
Asger F
cb832b1de9 Merge branch 'unsafe-global-object-access' of github.com:asger-semmle/ql into unsafe-global-object-access 2018-11-21 11:14:21 +00:00
Asger F
84d642612e JS: more comments 2018-11-21 11:14:13 +00:00
Max Schaefer
fa761c07bd Update javascript/ql/src/Security/CWE-094/MethodNameInjection.ql 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2018-11-21 10:55:38 +00:00
Esben Sparre Andreasen
caea6212ed JS: use inheritance in js/mixed-static-instance-this-access 2018-11-21 09:48:37 +01:00
Esben Sparre Andreasen
01ad9ed8bc JS: address review comments 2018-11-21 09:19:20 +01:00
Esben Sparre Andreasen
41b45352aa JS(ql): support optional chaining 2018-11-21 08:57:10 +01:00
Esben Sparre Andreasen
00587ba7b4 JS(extractor): support optional chaining 2018-11-21 08:57:10 +01:00
Asger F
4138f814d8 JS: expand example 2018-11-20 18:42:49 +00:00
Asger F
260ae36cf8 JS: document the shared module 2018-11-20 18:27:02 +00:00
Asger F
3902f752d0 JS: share detection of objects with unsafe methods 2018-11-20 18:26:20 +00:00
Asger F
b16072a7be JS: share ConcatSanitizer in common module 2018-11-20 18:24:52 +00:00
Asger F
49cd2876c9 JS: use StringConcatenation library in ConcatSanitizer 2018-11-20 18:12:07 +00:00
Asger F
1c06f45046 JS: address some comments 2018-11-20 18:11:46 +00:00
semmle-qlci
b21b066255 Merge pull request #499 from xiemaisi/js/target-blank-location 
Approved by esben-semmle
 2018-11-20 17:16:05 +00:00
Asger F
8aff66616b JS: suppress similar alerts from RemotePropertyInjection 2018-11-20 15:57:18 +00:00
Asger F
2239f863f7 JS: add query MethodNameInjection 2018-11-20 15:57:18 +00:00
semmle-qlci
1c1d2e943a Merge pull request #496 from esben-semmle/js/yui-directives 
Approved by xiemaisi
 2018-11-20 12:59:55 +00:00
semmle-qlci
8333f72030 Merge pull request #470 from esben-semmle/custom-abstract-values-only 
Approved by xiemaisi
 2018-11-20 12:59:35 +00:00
Max Schaefer
c1690a69e5 JavaScript: Make TargetBlank only highlight the first line of the link. 
Otherwise alerts for multi-line `<a>` elements end up looking very red.

I also took the opportunity to improve the tests slightly.
 2018-11-20 12:53:27 +00:00
Esben Sparre Andreasen
82fc8ae32a JS: support indirection with extra args in js/missing-this-qualifier 2018-11-20 11:29:03 +01:00
Esben Sparre Andreasen
54fea1a4cb JS: support "xyz:nomunge" YUI compressor directives 2018-11-20 09:00:33 +01:00
Esben Sparre Andreasen
ee7a6af7c7 JS: address review comments 2018-11-20 08:37:23 +01:00
semmle-qlci
26a248b14a Merge pull request #487 from xiemaisi/js/lint-join-order 
Approved by esben-semmle
 2018-11-20 06:51:33 +00:00
semmle-qlci
7df397f8ab Merge pull request #486 from xiemaisi/js/lower-severities 
Approved by asger-semmle
 2018-11-20 06:39:23 +00:00
Max Schaefer
6021d2499d JavaScript: Remove accidentally committed .actual file. 2018-11-19 12:24:19 +00:00
Pavel Avgustinov
16ec9f1aa4 Merge remote-tracking branch 'origin/next' into bump/master-next 2018-11-19 10:37:07 +00:00
Max Schaefer
73ad3f5c8a JavaScript: Tweak JSLint library to avoid bad join order. 2018-11-19 09:12:02 +00:00
Max Schaefer
1b59a28be0 JavaScript: Downgrade a few "error" rules to "warning". 
For all of these queries, the results we tend to see in practice are certainly worth investigating, but aren't crashing bugs, so making them warnings seems more appropriate.
 2018-11-19 09:09:26 +00:00
Asger F
c06c9a02f7 JS: fix copy pasta and test output 2018-11-16 10:47:02 +00:00
Asger F
dd5f485fff JS: use original sanitizer for SSRF query 2018-11-16 10:46:14 +00:00
Asger F
6ec13feab4 JS: recognize sanitizing slashes in URL redirection queries 2018-11-16 10:43:25 +00:00
semmle-qlci
0647743333 Merge pull request #467 from xiemaisi/js/amd-imports 
Approved by asger-semmle
 2018-11-16 09:31:50 +00:00
Asger F
df202eff76 Merge pull request #468 from xiemaisi/js/has{Path,Flow}+ 
JavaScript: Rename `hasPathFlow` to `hasFlowPath` for consistency with other languages.
 2018-11-14 16:48:47 +00:00
semmle-qlci
4a14bef507 Merge pull request #466 from xiemaisi/js/more-data-flow-predicates 
Approved by asger-semmle
 2018-11-14 16:07:59 +00:00
Max Schaefer
6f6b3b0d5e JavaScript: Add a convenience method to SourceNode and use it in a few places. 2018-11-14 11:58:45 +00:00
Max Schaefer
a441bfb751 JavaScript: Add a convenience method to AMDModuleDefinition. 2018-11-14 11:36:40 +00:00
Max Schaefer
3fcd02ab0e JavaScript: Rename hasPathFlow to hasFlowPath for consistency with other languages. 2018-11-14 11:23:17 +00:00
Aditya Sharad
f0715b09e1 Merge master into next. 2018-11-14 10:06:27 +00:00
Max Schaefer
d6198fcc2a JavaScript: Introduce two more short-circuiting conjuncts. 2018-11-14 09:33:09 +00:00
Max Schaefer
52ae757279 JavaScript: Select Nodes (instead of PathNodes) everywhere. 2018-11-14 09:16:40 +00:00
Max Schaefer
e365b722ee JavaScript: Select source and sink in all path queries. 2018-11-14 09:16:40 +00:00
Max Schaefer
d5af008e31 JavaScript: Adjust ConditionalBypass query. 2018-11-14 09:16:40 +00:00