hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

11277 Commits

Author SHA1 Message Date
Asger F
ce18aca62b JS: update expected output 2018-12-19 11:30:46 +00:00
Asger F
78334af354 JS: remove cookie source; rely on persistent flow steps instead 2018-12-19 11:23:51 +00:00
Asger F
a91599e7fd TS: bump extractor version string 2018-12-19 10:37:27 +00:00
Asger F
0e40717358 JS: recognize res.sendfile root option 2018-12-19 10:25:15 +00:00
Asger F
f84301e476 JS: add tests with res.sendFile root option 2018-12-19 10:25:15 +00:00
Asger F
f9d7f8ba11 JS: fix links in qhelp 2018-12-19 10:10:56 +00:00
Asger F
f57454951b JS: move <ul> outside of <p> element 2018-12-18 14:15:12 +00:00
Asger F
7f538e82c0 JS: add test case for non-whitelisted use of location 2018-12-18 13:55:05 +00:00
Asger F
02978c97f1 JS: whitelist $(location) in simple cases 2018-12-18 13:11:42 +00:00
Asger F
c17eca90a1 JS: add test case for $(location) 2018-12-18 13:06:12 +00:00
semmle-qlci
c37d655fe8 Merge pull request #697 from esben-semmle/js/fix-heuristics-compilation-time 
Approved by asger-semmle
 2018-12-18 09:07:36 +00:00
Asger F
2044f5fe89 TS: reorganize convertBinaryExpression and create AssignmentExpression when appropriate 2018-12-17 16:23:46 +00:00
Asger F
cc0961a988 TS: translate logical operators correctly 2018-12-17 15:41:15 +00:00
Asger F
d595f20cb1 JS: add to correctness-more suite 2018-12-17 15:29:10 +00:00
Asger F
280382e91e JS: whitelist if array access at another index is seen 2018-12-17 15:19:26 +00:00
Asger F
5040d3e26c JS: add query for loop index bug 2018-12-17 13:35:44 +00:00
Jonas Jensen
5ac5aa0c2a Merge remote-tracking branch 'upstream/master' into mergeback-20181217 2018-12-17 13:42:45 +01:00
Esben Sparre Andreasen
4a631b42d4 JS: use .lastIndexOf in js/incomplete-url-substring-sanitization 2018-12-17 13:22:31 +01:00
Asger F
7adf1d9958 Merge pull request #631 from esben-semmle/js/bad-url-regexing 
JS: add query: js/incomplete-url-regexp
 2018-12-17 11:53:22 +00:00
Esben Sparre Andreasen
50cba92f5f JS: remove slow test Security/heuristics/AdditionalCommandInjections 2018-12-17 10:58:46 +01:00
Esben Sparre Andreasen
c6b4e29b93 JS: add "host" as a sink for js/request-forgery 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
60fe0176ed JS: add ClientRequest::getHost 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
3a5962aa34 JS: minor fixups in ClientRequests.qll 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
487b8c52c6 JS: fix <p></p> issue 2018-12-14 13:04:10 +01:00
Max Schaefer
5ccad6ffc2 JavaScript: Minor improvements. 2018-12-14 11:56:59 +00:00
Aditya Sharad
7bc729a7dc Merge master into next. 2018-12-14 10:16:47 +00:00
Esben Sparre Andreasen
bb3e3a541d JS: address doc review comments 2018-12-14 10:24:30 +01:00
semmle-qlci
936094d0b6 Merge pull request #671 from xiemaisi/js/more-unhelpful-magic 
Approved by asger-semmle
 2018-12-14 08:44:45 +00:00
Max Schaefer
f9106b3bfe Merge pull request #685 from asger-semmle/useless-conditional-as-value 
JS: fix FPs in UselessConditional
 2018-12-14 08:44:10 +00:00
semmle-qlci
7f21f145e2 Merge pull request #678 from asger-semmle/function-receiver 
Approved by xiemaisi
 2018-12-14 08:39:04 +00:00
Aditya Sharad
f71e5ac338 Merge master into next. 2018-12-13 17:57:31 +00:00
Asger F
f737830f18 JS: fix typo 2018-12-13 15:56:00 +00:00
Asger F
ae4b55de9a JS: fix FPs in UselessConditional 2018-12-13 15:41:41 +00:00
Asger F
cb349348e7 JS: rename getThisParameter to getReceiver 2018-12-13 10:19:44 +00:00
Max Schaefer
e194021c3b Merge pull request #629 from esben-semmle/js/persistent-read-taint 
JS: add persistent storage taint steps
 2018-12-13 08:24:42 +00:00
Max Schaefer
969fe6e4f1 Merge pull request #657 from esben-semmle/js/classify-more-files 
JS: classify additional files
 2018-12-13 08:20:33 +00:00
Max Schaefer
e8c8360ad1 Merge pull request #659 from esben-semmle/js/more-constant-string-usage 
JS: replace StringLiteral with ConstantString in two queries
 2018-12-13 08:19:22 +00:00
Max Schaefer
f1dcec8369 Merge pull request #667 from asger-semmle/ts-binding-pattern-with-defaults 
TS: fix extraction of binding pattern with default
 2018-12-13 08:18:22 +00:00
Max Schaefer
54bb9d185f Merge pull request #632 from asger-semmle/pseudo-random-bytes 
JS: add crypto.pseudoRandomBytes as source in InsecureRandomness.ql
 2018-12-13 08:14:40 +00:00
Max Schaefer
df42707050 Merge pull request #675 from asger-semmle/window.name 
JS: Add window.name as remote flow source
 2018-12-13 08:13:15 +00:00
Aditya Sharad
f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
Asger F
635a3cb1ec JS: add FunctionNode.getThisParameter 2018-12-12 16:26:02 +00:00
Asger F
a96c53f9b8 JS: restrict when a variable reference is considered a source 2018-12-12 12:28:26 +00:00
Asger F
14621760bb JS: add window.name as DOM-based remote flow source 2018-12-12 12:22:39 +00:00
Asger F
aa04e9c77f TS: fix extraction of binding pattern with default 2018-12-12 10:36:30 +00:00
Max Schaefer
faaca21996 JavaScript: Avoid more unhelpful magic. 2018-12-12 08:40:21 +00:00
Max Schaefer
4fc27aaa51 Merge branch 'master' into pseudo-random-bytes 2018-12-12 08:19:57 +00:00
semmle-qlci
06dd5f3616 Merge pull request #656 from xiemaisi/js/unused-local-underscore 
Approved by esben-semmle
 2018-12-12 08:11:37 +00:00
Esben Sparre Andreasen
fac638ffab JS: improve alert location of js/angular/unused-dependency 2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen
b5bbf990b0 JS: improve alert location of js/angular/repeated-dependency-injection 2018-12-11 21:47:08 +01:00