hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

4466 Commits

Author SHA1 Message Date
Max Schaefer
017ae4990d JavaScript: Use custom flow labels in ClientSideUrlRedirect. 2018-10-03 15:49:02 +01:00
Max Schaefer
f4ea8bc82a JavaScript: Introduce flow labels. 2018-10-03 15:49:02 +01:00
Max Schaefer
f3239cbec9 JavaScript: Respect barriers on return edges. 2018-10-03 15:49:01 +01:00
Max Schaefer
cc1c7b11d6 Merge pull request #263 from asger-semmle/ts-tokens 
TypeScript: add tokenization test cases
 2018-10-03 15:38:58 +01:00
Max Schaefer
8b7bb8cecc JavaScript: Add test case for type inference in the presence of non-toplevel imports. 2018-10-03 13:08:31 +01:00
semmle-qlci
e9adc63d91 Merge pull request #260 from xiemaisi/js/confusing-precedence 
Approved by esben-semmle, mc-semmle
 2018-10-03 09:07:18 +01:00
Denis Levin
e147e690ee Merge branch 'master' into denisl/js/HttpToFileAccessTest 2018-10-02 15:13:35 -07:00
Max Schaefer
425d2bfba7 Merge pull request #266 from esben-semmle/js/improve-dead-store-of-local 
JS: support noop parentheses in js/useless-assignment-to-local
 2018-10-02 16:19:56 +01:00
semmle-qlci
b35f450b01 Merge pull request #162 from asger-semmle/partial-calls 
Approved by esben-semmle, xiemaisi
 2018-10-02 11:24:02 +01:00
Asger F
057af7c865 TypeScript: add test case with mixed rescanned tokens 2018-10-02 10:42:33 +01:00
Max Schaefer
768368498f JavaScript: Introduce new query UnclearOperatorPrecedence. 2018-10-02 08:46:51 +01:00
Max Schaefer
a63b7fc215 JavaScript: Introduce new library predicate for computing whitespace around binary operators. 2018-10-02 08:46:11 +01:00
semmle-qlci
829a5cc451 Merge pull request #259 from asger-semmle/open-redirect-expr 
Approved by xiemaisi
 2018-10-02 08:32:48 +01:00
Esben Sparre Andreasen
595fe217dd JS: support noop parentheses in js/useless-assignment-to-local 
The syntatic recognizer `isNullOrUndef` did not handle expressions
that were wrapped in parentheses.

This eliminates some results here:
https://lgtm.com/projects/g/vuejs/vue/alerts?mode=tree&ruleFocus=7900088
 2018-10-02 09:31:32 +02:00
Denis Levin
9c487bc6d9 Merge branch 'master' 2018-10-01 14:51:56 -07:00
Denis Levin
82d8b4e371 Adding the source link to the test case samples 2018-10-01 11:45:38 -07:00
Aditya Sharad
337defdf3d Merge master into next. 2018-10-01 17:39:27 +01:00
Asger F
d3a1df644c TypeScript: test case for tokens starting with ">" 2018-10-01 17:35:21 +01:00
Asger F
a199035a05 TypeScript: test case for whitespace before a rescanned token 2018-10-01 17:35:15 +01:00
Asger F
9146cc26bd TypeScript: test case for tokenization of template literals 2018-10-01 14:36:19 +01:00
Asger F
9f07b1011d JS: bugfix in server-side redirect query 2018-10-01 12:34:13 +01:00
Asger F
e4c8653549 JS: Factor RequestHeaderAccess into separate class 2018-09-27 16:28:58 +01:00
Asger F
46336a5643 JS: Add HostHeaderPoisoningInEmailGeneration query 2018-09-27 10:20:35 +01:00
Asger F
1b4fc93e9d JS: add HTTP::RequestInputAccess.getAHeaderName() 2018-09-27 10:20:35 +01:00
Asger F
f7775f36a8 JS: Add EmailClients lib 2018-09-27 10:20:35 +01:00
semmle-qlci
c36e7f07be Merge pull request #231 from asger-semmle/express-headers 
Approved by xiemaisi
 2018-09-26 15:40:58 +01:00
semmle-qlci
a93939b827 Merge pull request #230 from esben-semmle/js/ad-hoc-whitelisting 
Approved by xiemaisi
 2018-09-26 14:14:25 +01:00
Aditya Sharad
75680dbfef Merge branch 'next' into qlucie/master 2018-09-26 12:08:33 +01:00
Asger F
057c3a92b4 JS: update other Express test outputs 2018-09-26 08:36:52 +01:00
Esben Sparre Andreasen
7c006d4530 Merge pull request #222 from xiemaisi/js/identity-replacement 
JavaScript: Add new query flagging identity replacements.
 2018-09-26 09:25:19 +02:00
Asger F
a47b1dc774 JS: recognize Express header access with dynamic name 2018-09-26 08:22:21 +01:00
Esben Sparre Andreasen
52061b35d8 JS: address review comments: improve regex, limit sanitizer usage 2018-09-26 09:20:07 +02:00
Asger F
e78a4e9f10 JS: update output from other Express tests 2018-09-26 07:58:44 +01:00
Asger F
ce11b5330d JS: recognize Express headers as RequestInputAccess 2018-09-26 07:58:44 +01:00
Max Schaefer
0e63ea1b51 JavaScript: Update tests. 2018-09-25 11:27:12 +01:00
Max Schaefer
1ab11109f9 JavaScript: Add new query flagging identity replacements. 2018-09-25 11:27:11 +01:00
Asger F
3ca7d6b4bf JavaScript: address comments 2018-09-25 10:16:40 +01:00
Asger F
269bbc9a1a JavaScript: add flow steps through partial function application 2018-09-25 10:16:40 +01:00
Denis Levin
1438cae362 Correction to the test's expected file as the test was modified. 2018-09-24 10:45:54 -07:00
semmle-qlci
7f56be6fe2 Merge pull request #216 from asger-semmle/lusca-csrf 
Approved by esben-semmle
 2018-09-24 11:34:24 +01:00
semmle-qlci
46178271d1 Merge pull request #213 from asger-semmle/sendfile 
Approved by xiemaisi
 2018-09-24 11:32:46 +01:00
Esben Sparre Andreasen
42fc28bc55 JS: add ad hoc whitelist checks as sanitizers 2018-09-24 11:17:35 +02:00
Dave Bartolomeo
1f36f5552f Normalize all text files to LF 
Use `* text=auto eol=lf`
 2018-09-23 16:24:31 -07:00
Denis Levin
8152cefa60 Squished changes for HttpToFileAccess commint 2018-09-21 16:44:01 -07:00
Asger F
4797924bea JS: review comments 2018-09-21 14:46:21 +01:00
Asger F
5f467d2fc5 JS: recognize CSRF middleware from lusca package 2018-09-21 13:15:40 +01:00
Asger F
6f109a742f JS: add a test case for res.sendfile 2018-09-21 11:04:33 +01:00
alexet
b94df82833 JavaScript: Fix expected output due to qltest change. 2018-09-20 15:56:20 +01:00
semmle-qlci
f146e34e26 Merge pull request #207 from dave-bartolomeo/dave/JSNewlines 
Approved by esben-semmle
 2018-09-20 14:49:54 +01:00
Dave Bartolomeo
b12c739915 JavaScript: Normalize line endings of .js and .html files 
Added .gitattributes files for the two directories where we intentionally have line endings other than LF
 2018-09-19 21:33:27 -07:00