hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

4466 Commits

Author SHA1 Message Date
Asger F
e46e2b2515 Revert "JS: Add support for Closure modules" 2019-02-06 17:30:45 +00:00
semmle-qlci
b8be66ec48 Merge pull request #887 from asger-semmle/jsdoc-accessors 
Approved by xiemaisi
 2019-02-06 16:30:48 +00:00
semmle-qlci
b13c11017c Merge pull request #885 from asger-semmle/async-waterfall 
Approved by xiemaisi
 2019-02-06 16:30:17 +00:00
Esben Sparre Andreasen
235625d03a Merge branch 'master' into js/vue-support-1 2019-02-06 16:57:16 +01:00
semmle-qlci
09825f28ed Merge pull request #817 from asger-semmle/closure-modules 
Approved by esben-semmle, xiemaisi
 2019-02-06 15:51:53 +00:00
semmle-qlci
a2691b32b5 Merge pull request #851 from xiemaisi/js/post-message-star 
Approved by esben-semmle
 2019-02-06 09:57:04 +00:00
Asger F
abb7e63697 JS: update GlobalVariableRef.expected 2019-02-06 09:16:30 +00:00
Esben Sparre Andreasen
5e2b1c026a JS: introduce HTML::ScriptElement::getScript() 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
a78dd422b6 JS: add query js/vue/arrow-method-on-vue-instance 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
ea175b2a9f JS: introduce Vue XSS sinks 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
ddf9ca2505 JS: introduce base Vue model 2019-02-06 09:37:23 +01:00
Asger F
8924aa3ee0 JS: add test case 2019-02-05 16:51:21 +00:00
Asger F
cad5a064cd JS: recognize a-sync-waterfall package 2019-02-05 16:38:47 +00:00
Esben Sparre Andreasen
b72441f9c2 JS: use StringOps:: in js/incomplete-url-substring-sanitization 2019-02-05 15:17:55 +01:00
Asger F
4b32d8c63f JS: refactor SourceType/Platform 2019-02-04 14:24:39 +00:00
Asger F
8f3b0f584a JS: Extract predicates for ES2015/closure modules 2019-02-04 14:21:34 +00:00
Asger F
c707935841 JS: add Closure::moduleImport and Closure::moduleMember 2019-02-04 14:21:34 +00:00
Asger F
6a63c3f149 JS: raise precision of global accesses 2019-02-04 14:21:34 +00:00
Asger F
9589ccd40d JS: support imports/exports for closure library code 2019-02-04 14:21:34 +00:00
Asger F
30ba7aedfe JS: split SourceType.MODULE into two 2019-02-04 14:21:34 +00:00
semmle-qlci
e195ac996e Merge pull request #868 from xiemaisi/js/discard-tokens-early 
Approved by esben-semmle
 2019-02-04 11:32:03 +00:00
Max Schaefer
9bfde9553d Merge pull request #839 from asger-semmle/field-propwrite 
JS: add PropWrites cases for instance fields initialization
 2019-02-01 10:56:25 +00:00
semmle-qlci
222738072d Merge pull request #840 from esben-semmle/js/propagate-sound-avalue 
Approved by xiemaisi
 2019-02-01 09:23:43 +00:00
Max Schaefer
b87abc9602 JavaScript: Extend suspiciousCredentials predicate to recognise authKey and similar. 2019-01-31 09:03:23 +00:00
Max Schaefer
87e62f0bd5 JavaScript: Teach PostMessageStar to reason about partially tainted objects. 2019-01-31 08:59:47 +00:00
Max Schaefer
aeb8cc62b2 JavaScript: Reclassify PostMessageStar as CWE-201. 2019-01-31 08:08:52 +00:00
semmle-qlci
fc5b9dd55e Merge pull request #837 from asger-semmle/hardcoded-empty-string 
Approved by esben-semmle
 2019-01-30 13:40:39 +00:00
Esben Sparre Andreasen
cfc53ade69 JS: add more tests for js/incomplete-url-substring-sanitization 2019-01-30 12:57:03 +01:00
Max Schaefer
769e407c24 JavaScript: Add new query PostMessageStar. 2019-01-30 10:26:43 +00:00
Max Schaefer
d6c3ae2fb4 JavaScript: Fix bug in extraction of next_token. 2019-01-29 12:58:32 +00:00
Max Schaefer
ea429f4fbe JavaScript: Add test case exposing bug in getNextToken. 2019-01-29 12:50:31 +00:00
Asger F
60cef60c1d JS: ensure PropWrites exist for all instance members 2019-01-29 10:12:54 +00:00
Esben Sparre Andreasen
0d1f4270d6 JS: introduce SsaVarAccessWithNonLocalAnalysis 2019-01-29 10:20:36 +01:00
Esben Sparre Andreasen
2683a9b43a JS: add testss for js/trivial-conditional 2019-01-29 10:19:03 +01:00
semmle-qlci
a5aee9ed0f Merge pull request #833 from esben-semmle/js/sharpen-cond 
Approved by xiemaisi
 2019-01-29 08:03:06 +00:00
Asger F
5815aa1e8b JS: add test case to PropWrite tests 2019-01-28 15:43:52 +00:00
Asger F
dacde5da12 JS: restrict ClassMemberAsPropWrite to static members 2019-01-28 15:40:25 +00:00
Asger F
3245142203 JS: Dont flag empty string as hardcoded username 2019-01-28 13:01:52 +00:00
semmle-qlci
962416ffc2 Merge pull request #805 from asger-semmle/callback-taint-source 
Approved by xiemaisi
 2019-01-28 08:45:37 +00:00
semmle-qlci
8b029a2d9f Merge pull request #827 from xiemaisi/js/duplicate-toplevel-percent 
Approved by esben-semmle
 2019-01-28 08:40:23 +00:00
Esben Sparre Andreasen
ef3b107cc1 JS: sharpen the js/trivial-conditional whitelist 2019-01-25 18:19:45 +01:00
semmle-qlci
d8947a71a5 Merge pull request #735 from asger-semmle/string-ops 
Approved by xiemaisi
 2019-01-25 15:15:19 +00:00
Max Schaefer
254fafc6ce JavaScript: Round down percentage in DuplicateToplevel.ql. 
All the other duplication queries already do this.
 2019-01-25 22:44:07 +08:00
Max Schaefer
39191ed6f1 JavaScript: Add more statements to test cases for DuplicateToplevel. 
Now both `a.js` and `b.js` have ten (non-block) statements, which allows for more interesting tests.
 2019-01-25 22:42:51 +08:00
Max Schaefer
e6672aaf70 Merge pull request #804 from esben-semmle/js/sharpen-unneeded-defensive 
JS: better handling of nested expressions in js/unneeded-defensive-code
 2019-01-25 11:23:51 +08:00
Esben Sparre Andreasen
00ef80dfc5 Merge pull request #741 from asger-semmle/this-access-path 
JS: support 'this' as the root of an access path
 2019-01-21 16:48:34 +01:00
Asger F
77d748aa00 JS: "return" flow through callbacks 2019-01-21 10:39:35 +00:00
Esben Sparre Andreasen
9e4613094a JS: sharpen js/unneeded-defensive-code for negations and sequences 2019-01-21 09:00:35 +01:00
Asger F
4b4daa645f JS: handle accessors separately 2019-01-18 15:42:05 +00:00
Asger F
e18b635314 JS: add getADirectSuperClass() 2019-01-18 15:42:05 +00:00