hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

4466 Commits

Author SHA1 Message Date
Aditya Sharad
c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
semmle-qlci
04c2b23abd Merge pull request #520 from esben-semmle/js/clear-text-logging-taint-kinds 
Approved by asger-semmle
 2018-11-23 12:40:40 +00:00
Esben Sparre Andreasen
b780f82869 JS: sharpen js/clear-text-logging (ODASA-7485) 2018-11-22 13:38:43 +01:00
Asger F
61ef6552c3 JS: handle both data() and taint() source labels 2018-11-22 09:59:31 +00:00
semmle-qlci
4e72a08b8d Merge pull request #507 from esben-semmle/js/mixed-static-intance-this-access-inheritance 
Approved by xiemaisi
 2018-11-21 16:07:25 +00:00
semmle-qlci
f5d3274655 Merge pull request #508 from esben-semmle/js/indirect-global-call-with-default-arguments 
Approved by xiemaisi
 2018-11-21 16:06:46 +00:00
Esben Sparre Andreasen
72c4ef4d90 JS: fixup optional chaining on CallWithNonLocalAnalyzedReturnFlow 2018-11-21 14:18:14 +01:00
Asger F
4ae2493798 JS: rename query to Unsafe Dynamic Method Access 2018-11-21 12:34:18 +00:00
Esben Sparre Andreasen
caea6212ed JS: use inheritance in js/mixed-static-instance-this-access 2018-11-21 09:48:37 +01:00
Esben Sparre Andreasen
01ad9ed8bc JS: address review comments 2018-11-21 09:19:20 +01:00
Esben Sparre Andreasen
41b45352aa JS(ql): support optional chaining 2018-11-21 08:57:10 +01:00
Asger F
7d80847832 JS: add qhelp example to test suite 2018-11-20 18:44:18 +00:00
Asger F
49cd2876c9 JS: use StringConcatenation library in ConcatSanitizer 2018-11-20 18:12:07 +00:00
semmle-qlci
b21b066255 Merge pull request #499 from xiemaisi/js/target-blank-location 
Approved by esben-semmle
 2018-11-20 17:16:05 +00:00
Asger F
8aff66616b JS: suppress similar alerts from RemotePropertyInjection 2018-11-20 15:57:18 +00:00
Asger F
2239f863f7 JS: add query MethodNameInjection 2018-11-20 15:57:18 +00:00
Asger F
bc3b983768 JS: move CodeInjection tests into subfolder 2018-11-20 14:24:37 +00:00
semmle-qlci
1c1d2e943a Merge pull request #496 from esben-semmle/js/yui-directives 
Approved by xiemaisi
 2018-11-20 12:59:55 +00:00
semmle-qlci
8333f72030 Merge pull request #470 from esben-semmle/custom-abstract-values-only 
Approved by xiemaisi
 2018-11-20 12:59:35 +00:00
Max Schaefer
c1690a69e5 JavaScript: Make TargetBlank only highlight the first line of the link. 
Otherwise alerts for multi-line `<a>` elements end up looking very red.

I also took the opportunity to improve the tests slightly.
 2018-11-20 12:53:27 +00:00
Esben Sparre Andreasen
82fc8ae32a JS: support indirection with extra args in js/missing-this-qualifier 2018-11-20 11:29:03 +01:00
Esben Sparre Andreasen
54fea1a4cb JS: support "xyz:nomunge" YUI compressor directives 2018-11-20 09:00:33 +01:00
Esben Sparre Andreasen
ee7a6af7c7 JS: address review comments 2018-11-20 08:37:23 +01:00
Pavel Avgustinov
16ec9f1aa4 Merge remote-tracking branch 'origin/next' into bump/master-next 2018-11-19 10:37:07 +00:00
Asger F
6ec13feab4 JS: recognize sanitizing slashes in URL redirection queries 2018-11-16 10:43:25 +00:00
semmle-qlci
0647743333 Merge pull request #467 from xiemaisi/js/amd-imports 
Approved by asger-semmle
 2018-11-16 09:31:50 +00:00
semmle-qlci
4a14bef507 Merge pull request #466 from xiemaisi/js/more-data-flow-predicates 
Approved by asger-semmle
 2018-11-14 16:07:59 +00:00
Max Schaefer
6f6b3b0d5e JavaScript: Add a convenience method to SourceNode and use it in a few places. 2018-11-14 11:58:45 +00:00
Max Schaefer
a441bfb751 JavaScript: Add a convenience method to AMDModuleDefinition. 2018-11-14 11:36:40 +00:00
Aditya Sharad
f0715b09e1 Merge master into next. 2018-11-14 10:06:27 +00:00
Max Schaefer
9221b62ded JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates. 2018-11-14 09:32:31 +00:00
Max Schaefer
d57b5d9628 JavaScript: Remove ReflectdXssPath.ql, which is now spurious. 2018-11-14 09:16:40 +00:00
Max Schaefer
a499009f59 Merge pull request #395 from esben-semmle/js/useless-defensive-code 
JS: add query: js/useless-defensive-code
 2018-11-13 16:55:59 +00:00
Max Schaefer
4fdfbb77cc Merge pull request #444 from esben-semmle/js/browser-based-client-requests 
JS: add models of $.ajax, $.getJSON and XMLHttpRequst
 2018-11-13 16:53:52 +00:00
Esben Sparre Andreasen
daed0653cb JS: support property tracking of custom abstract values 2018-11-13 11:42:09 +01:00
Esben Sparre Andreasen
1d87c580b3 JS: introduce DefinedCustomAbstractValue 2018-11-13 11:40:31 +01:00
semmle-qlci
86e31a584e Merge pull request #447 from esben-semmle/js/indirect-sanitization 
Approved by asger-semmle
 2018-11-13 09:14:28 +00:00
Esben Sparre Andreasen
5666deac14 JS: rename js/useless-defensive-code to js/unneeded-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
8b71b25a2a JS: annotate test file with expected results 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
358e6188d9 JS: downgrade other alerts to js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
e29c57a58e JS: add whitelist to js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
b073fcfca2 JS: add query: js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
ce0dd241f6 JS: add models of $.ajax, $.getJSON and XMLHttpRequst 2018-11-13 08:14:51 +01:00
Max Schaefer
663bdd60a0 Merge pull request #396 from esben-semmle/js/unconditional-property-override 
JS: add query: js/unconditional-property-override
 2018-11-12 17:10:32 +00:00
Jonas Jensen
1500237009 Merge remote-tracking branch 'upstream/master' into mergeback-20181112 2018-11-12 13:24:27 +01:00
Esben Sparre Andreasen
eaad84bb4f JS: add support for dis- and conjunctions in SanitizingFunction 2018-11-12 10:23:52 +01:00
Esben Sparre Andreasen
ffc3d6ba49 JS: simplify test (move alerts four lines up) 2018-11-12 10:21:41 +01:00
Esben Sparre Andreasen
6d0c93b6a8 JS: introduce TaintTracking::AdditionalSanitizingCall 2018-11-12 10:21:39 +01:00
Tom Hvitved
40def8d364 Merge pull request #418 from dave-bartolomeo/dave/FormatConfig 
Allow mixed whitespace in certain test and external directories
 2018-11-12 09:43:39 +01:00
Aditya Sharad
761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00