hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

11285 Commits

Author SHA1 Message Date
Asger F
0c2e52baba JS: Summary/steps for iterators and generators 2023-10-13 12:42:41 +02:00
Asger F
da3a0de814 JS: Port String#replace to flow summary 2023-10-13 12:42:41 +02:00
Asger F
f0c2afe39e JS: Add flow summaries for maps and sets 2023-10-13 12:42:40 +02:00
Asger F
5054c43b18 JS: Add flow summaries/steps for promises and async/await 2023-10-13 12:42:40 +02:00
Asger F
4319b07798 JS: Add flow summaries for Arrays 2023-10-13 12:42:40 +02:00
Asger F
a31e251529 JS: Add flow summaries for core methods 2023-10-13 12:42:40 +02:00
Asger F
46fec8ea7e JS: Add AdditionalFlowInternal 
This provides access to more features than we want to expose publicly at the moment, but is useful for modelling certain language features.
 2023-10-13 12:42:40 +02:00
Asger F
3f20d71a9b JS: Add legacy post-update step 
This is to ensure getALocalSource() can be replaced by getPostUpdateNode() as the base of a store
 2023-10-13 12:42:40 +02:00
Asger F
6037ff553c JS: Add LegacyPreUpdateStep 
This contributes to both LegacyFlowStep and SharedTypeTrackingStep.

That is, this is for steps that are used by type-tracking and the old data flow library, but not the new data flow library.
 2023-10-13 12:42:40 +02:00
Asger F
27c7d5004a JS: Do the same for additional taint steps 2023-10-13 12:42:40 +02:00
Asger F
1afe06e3a5 JS: Add "additional" and "legacy" steps 
See the comment at the top of AdditionalFlowSteps.qll
 2023-10-13 12:42:40 +02:00
Asger F
c24a0e00f5 JS: Move SharedTaintStep to AdditionalTaintSteps.qll 
NOTE that this commit only moves around code. There are no changes.
 2023-10-13 12:42:40 +02:00
Asger F
5bccc652c8 JS: Move SharedFlowStep to AdditionalFlowSteps.qll 
NOTE that this commit only moves around code. There are no changes.
 2023-10-13 12:42:40 +02:00
Asger F
293899d648 JS: Add 'Awaited' token 2023-10-13 12:42:40 +02:00
Asger F
32070abb27 JS: Implicitly treat array steps as taint steps 2023-10-13 12:42:40 +02:00
Asger F
60101f5e6a JS: Instantiate flow summary library 2023-10-13 12:42:40 +02:00
Asger F
8dc0800526 JS: Add the shared FlowSummaryImpl.qll file 2023-10-13 12:42:40 +02:00
Asger F
f316da78d2 JS: Add FunctionSelfReferenceNode 2023-10-13 12:42:40 +02:00
Asger F
760873c01c JS: Basic instantiation of shared library 2023-10-13 12:42:40 +02:00
Asger F
3455463e71 JS: Add instantiation boilerplate 
Note that this commit won't compile on its own, but putting the boilerplate in its own commit
 2023-10-13 12:42:40 +02:00
Asger F
c839822eb9 JS: Add PostUpdateNode 2023-10-13 12:42:40 +02:00
Asger F
01952f17bf JS: Add some missing getContainer() predicates 2023-10-13 12:42:40 +02:00
Asger F
21300eef4c JS:Add ConstructorThisArgumentNode 2023-10-13 12:42:40 +02:00
Asger F
b499c6075a JS: Add Contents.qll 2023-10-13 12:42:40 +02:00
Asger F
79e7aae9f6 JS: Add TEarlyStageNode 2023-10-13 12:42:39 +02:00
Asger F
51ef0e5836 JS: Move TNode into a cached module 2023-10-13 12:42:39 +02:00
erik-krogh
9080e84fc9 add support for extracting .jsp files 2023-10-13 12:09:27 +02:00
Arthur Baars
a4d0ef6350 Add changenote 2023-10-12 13:04:00 +02:00
Arthur Baars
a9a21aa313 Rename DynamicImportExpr::getImport{Attributes => Options} 2023-10-12 13:00:39 +02:00
Arthur Baars
1f4fcf1f31 Rename test files 2023-10-12 13:00:39 +02:00
Arthur Baars
a1c1f7b910 Add tests for deprecated 'assert' syntax 2023-10-12 13:00:39 +02:00
Arthur Baars
f38d2e1b89 Replace 'assert' with 'with' in QL test files 2023-10-12 13:00:39 +02:00
Arthur Baars
c28004f2a6 Rename 'getImportAssertion()' to 'getImportAttributes()' in QL library 2023-10-12 13:00:39 +02:00
Arthur Baars
07172da1bc Add tests for deprecated 'assert' syntax 2023-10-12 12:51:13 +02:00
Arthur Baars
f7b02c01dd Rename getAssertion() to getAttributes() in the extractor 2023-10-12 12:51:13 +02:00
Arthur Baars
1d9ee5da3c Rename 'assertions' to 'attributes' in JS extractor 2023-10-12 12:49:25 +02:00
Arthur Baars
b936e91fe9 Support JS import attributes (previously import assertions) 2023-10-12 11:43:42 +02:00
amammad
3899f2cdf3 upgrade execa scripts 2023-10-12 10:44:57 +02:00
Henry Mercer
1a370bfbbe Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0 
Post-release preparation for codeql-cli-2.15.0
 2023-10-11 17:39:04 +01:00
amammad
261cabde67 better comments 2023-10-11 17:44:12 +02:00
amammad
b24c6fd579 for demonstration 2023-10-11 17:34:33 +02:00
github-actions[bot]
ae6af17c74 Post-release preparation for codeql-cli-2.15.0 2023-10-11 14:19:20 +00:00
amammad
de2ee4d289 stash I can't especify the argument and command differences with new API 2023-10-11 14:36:56 +02:00
amammad
4cd3618dcd Merge branch 'main' into amammad-js-CodeInjection_execa 2023-10-11 13:27:26 +02:00
Maiky
c0e6d7c049 Merge branch 'github:main' into maikypedia/javascript-cors 2023-10-11 12:20:42 +02:00
Erik Krogh Kristensen
85bb14f04f Merge pull request #14405 from erik-krogh/tagCall 
JS: recognize tagged template literals as `DataFlow::CallNode`
 2023-10-11 11:25:34 +02:00
Erik Krogh Kristensen
6377e92067 Update javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-10-11 09:52:48 +02:00
amammad
32859eb057 move to experimental 2023-10-10 22:46:44 +02:00
amammad
4198f61c16 fix a qldoc isuse 2023-10-10 22:21:43 +02:00
amammad
6f73e9c3ba revert for in additional steps 2023-10-10 22:12:37 +02:00