6144 Commits

Author	SHA1	Message	Date
Asger Feldthaus	9d006327df	JS: Update qldoc for ValueNode	2020-05-19 15:57:07 +01:00
semmle-qlci	26dfca80f6	Merge pull request #3510 from max-schaefer/cull-boring-queries ... Approved by asgerf, esbena	2020-05-19 15:41:53 +01:00
Max Schaefer	a803120414	Lower precision for a number of queries. ... These queries are currently run by default, but don't have their results displayed. Looking through results on LGTM.com, they are either false positives (e.g., `BitwiseSignCheck` which flags many perfectly harmless operations and `CompareIdenticalValues` which mostly flags NaN checks) or harmless results that developers are unlikely to care about (e.g., `EmptyArrayInit` or `MisspelledIdentifier`). With this PR, the only queries that are still run but not displayed are security queries, where different considerations may apply.	2020-05-19 13:43:17 +01:00
Erik Krogh Kristensen	b71919299b	Apply suggestions from code review ... Co-authored-by: Asger F <asgerf@github.com>	2020-05-19 14:03:03 +02:00
Asger F	875c3706e3	Update javascript/ql/src/semmle/javascript/CFG.qll ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-05-19 12:08:51 +01:00
Asger Feldthaus	3f30564d93	JS: Autoformat	2020-05-19 12:05:32 +01:00
semmle-qlci	0c081a8e87	Merge pull request #3497 from esbena/js/yield-and-local-objects ... Approved by asgerf, erik-krogh	2020-05-19 09:02:22 +01:00
semmle-qlci	0d762066f5	Merge pull request #3504 from erik-krogh/unique ... Approved by esbena	2020-05-19 08:35:08 +01:00
Asger Feldthaus	91b9e95010	JS: Fix join ordering in analysis of add expressions	2020-05-18 22:45:59 +01:00
Asger Feldthaus	6a37e4b7a3	JS: Cache clobberedProp	2020-05-18 22:45:59 +01:00
Asger Feldthaus	5213c511b9	JS: Improve perf of GlobalVarUse.isIncomplete	2020-05-18 22:45:59 +01:00
Asger Feldthaus	7d9923038e	JS: Fix perf issue from overriding isIncomplete	2020-05-18 22:45:59 +01:00
Asger Feldthaus	e58683769d	JS: Fix bad join order in exploratoryBoundInvokeStep	2020-05-18 22:45:59 +01:00
Asger Feldthaus	430bf2da8a	JS: Fix whitelisting in UselessConditional	2020-05-18 22:45:56 +01:00
Asger Feldthaus	1d994b017f	JS: Update type inference	2020-05-18 22:42:12 +01:00
Asger Feldthaus	d5d08da545	JS: Update getEnclosingExpr	2020-05-18 22:42:12 +01:00
Asger Feldthaus	12cc228946	JS: Update getFallbackTypeAnnotation	2020-05-18 22:42:12 +01:00
Asger Feldthaus	b06cd6db30	JS: Update Node.isIncomplete	2020-05-18 22:42:12 +01:00
Asger Feldthaus	5568f0e182	JS: Pass local arguments to parameter value node, not SSA node	2020-05-18 22:34:42 +01:00
Asger Feldthaus	dc2d6a5fd9	JS: Make ValueNode the ParameterNode with a step to the SSA node	2020-05-18 22:34:42 +01:00
Asger Feldthaus	37ddccfa15	JS: Merge DestructuringPatternNode into ValueNode	2020-05-18 22:29:33 +01:00
Asger Feldthaus	b3161b1c41	JS: Factor TNode into a separate file	2020-05-18 22:29:33 +01:00
Asger Feldthaus	d9123833af	JS: Avoid misoptimization in mayReturnImplicitValue	2020-05-18 22:29:33 +01:00
Asger Feldthaus	6a63f5b677	JS: Avoid bad join order in ImplicitProcessImport	2020-05-18 22:29:32 +01:00
Erik Krogh Kristensen	aa396a39d3	Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478	2020-05-18 20:57:51 +00:00
Erik Krogh Kristensen	b8ba31aaa0	autoformat	2020-05-18 21:06:19 +02:00
Erik Krogh Kristensen	0758413cc7	revert change to import	2020-05-18 21:06:19 +02:00
Erik Krogh Kristensen	742abf8751	refactor package export into a library, and add tests for the library	2020-05-18 21:06:14 +02:00
Erik Krogh Kristensen	d7b852f408	use count aggregate to count	2020-05-18 21:03:26 +02:00
Erik Krogh Kristensen	202b8a56b7	apply the unique aggregate where trivially applicable	2020-05-18 20:37:38 +02:00
Asger F	96d6115452	Merge branch 'master' into js/sql-type-tracking	2020-05-18 15:58:42 +01:00
Erik Krogh Kristensen	70a28f60e3	Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478	2020-05-18 14:05:37 +00:00
Asger F	a9983fdb49	Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-18 13:23:22 +01:00
Max Schaefer	6797fec1a3	JavaScript: Add more models of packages that execute commands over SSH.	2020-05-18 12:08:14 +01:00
Esben Sparre Andreasen	a9ba6ac659	JS: make LocalObjects::isEscape aware of yield	2020-05-18 12:43:46 +02:00
Erik Krogh Kristensen	0f82370f4e	rename getHighLight() -> getAlertLocation()	2020-05-18 12:28:28 +02:00
Erik Krogh Kristensen	2b1724291b	adjust qhelp to focus on user-controlled data	2020-05-18 12:27:20 +02:00
Erik Krogh Kristensen	d18808698a	adjust qhelp to focus on the execFile API	2020-05-18 12:22:46 +02:00
Esben Sparre Andreasen	aa87008775	JS: typo fixups	2020-05-18 12:19:46 +02:00
Erik Krogh Kristensen	9c294513c7	Apply suggestions from code review ... Co-authored-by: Asger F <asgerf@github.com>	2020-05-18 12:18:20 +02:00
semmle-qlci	14664be467	Merge pull request #3468 from p0/imp/nodejs-vm-sinks ... Approved by esbena	2020-05-18 11:10:13 +01:00
Esben Sparre Andreasen	b3691cd0e9	JS: change MembershipTest to MembershipCandidate	2020-05-18 11:51:00 +02:00
Asger Feldthaus	a18e0b37cf	JS: simplify sequelize model	2020-05-18 09:34:17 +01:00
Asger F	f52c827966	Apply suggestions from code review ... Base type of EscapingSanitizer Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-18 09:31:09 +01:00
Asger F	ffb22c061a	Apply suggestions from code review ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-18 09:28:22 +01:00
Erik Krogh Kristensen	bd3c4d4077	Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478	2020-05-18 07:51:19 +00:00
Esben Sparre Andreasen	ddb545c182	JS: introduce MembershipTests.qll and use in two locations	2020-05-18 09:50:00 +02:00
semmle-qlci	6041d52936	Merge pull request #3424 from asger-semmle/js/express-param-handler ... Approved by esbena	2020-05-18 08:48:24 +01:00
semmle-qlci	135eae9895	Merge pull request #3483 from esbena/js/fix-qhelp-FNs ... Approved by asgerf	2020-05-18 08:47:05 +01:00
semmle-qlci	0230b79efc	Merge pull request #3391 from erik-krogh/SplitFPs ... Approved by esbena	2020-05-18 08:46:26 +01:00