codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Author	SHA1	Message	Date
semmle-qlci	ead59baa0e	Merge pull request #1369 from xiemaisi/js/fix-autobuild-test Approved by asger-semmle	2019-05-28 12:27:17 +01:00
semmle-qlci	bd15994bb4	Merge pull request #1367 from xiemaisi/js/configuration-api-consistency Approved by esben-semmle	2019-05-28 12:26:58 +01:00
Asger F	ef1ad0d3b7	JS: Summary expected output (not taint-tracking config anymore)	2019-05-28 12:05:51 +01:00
Asger F	9f43844f1e	JS: Remove obsolete code	2019-05-28 11:54:57 +01:00
Asger F	8d60ae7200	JS: Avoid unnecessary casts	2019-05-28 11:54:42 +01:00
Asger F	9f1617a6a8	JS: Update TaintedPath.expected (4x paths)	2019-05-28 11:22:08 +01:00
Asger F	6617747185	JS: Update DataFlowTracking output for booleanOps.js	2019-05-28 11:19:23 +01:00
Max Schaefer	7f8f126338	JavaScript: Add support for XML extraction.	2019-05-28 09:44:24 +01:00
Max Schaefer	4992970181	JavaScript: Fix an auto-build test.	2019-05-28 09:44:24 +01:00
Max Schaefer	86e96c6dc3	JavaScript: Introduce `is{Barrier,Sanitizer}Edge` predicate. This name is more intuitive than the previous binary `is{Barrier,Sanitizer}` predicates, and is consistent with the other languages.	2019-05-28 08:08:14 +01:00
Max Schaefer	d9b3e461ba	Merge pull request #1351 from asger-semmle/js-incomplete-nodes JS: Mark some more nodes as incomplete	2019-05-28 07:59:23 +01:00
Max Schaefer	bad5465aad	Merge pull request #1360 from asger-semmle/customize-window-document JS: Make some DOM concepts customizable	2019-05-28 07:58:44 +01:00
Esben Sparre Andreasen	fd4c749e27	JS: change FrameworkLibraryInstance Script/TopLevel inheritance This is theoretically a breaking change, but it preserves the semantics of all queries in this repository, as far as I can see.	2019-05-28 08:31:23 +02:00
Esben Sparre Andreasen	1b1e9ed51a	JS: cache matchMarkerComment	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	189ac6c2bd	JS: add js/prototype-pollution to the security suite	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	eb13ab52cf	JS: sharpen js/prototype-pollution with version analysis	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	c143e31fb5	JS: rename getDefaultNode to getImportedModuleNode	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	0660db37f6	JS: introduce SemVer matching library	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	7d57d1915a	JS: introduce `DataFlow::DependencyModuleImport`	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	1cea29d89f	JS: improve prototype pollution tests	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	af3f0b1d04	JS: add test for missing support for package-lock.json	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	ef6f4c7a5e	JS: update docstring	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	f74653be46	JS: extract `getDefaultNode` from `DefaultRange`	2019-05-27 22:32:32 +02:00
Max Schaefer	1bf7bcf010	Merge pull request #1356 from asger-semmle/tainted-path-cherry-picked JS: Refactor LabelledBarrierGuard	2019-05-23 12:26:35 +01:00
Asger F	6bb011a4cc	JS: Stop using data/taint as flow labels in TaintedPath	2019-05-23 10:16:41 +01:00
Asger F	0823f6c935	JS: fix use of dataOrTaint()	2019-05-23 10:16:41 +01:00
Asger F	37fa2446d4	JS: review comments	2019-05-23 10:16:31 +01:00
Asger F	07d508d1bf	JS: Track taint through .replace()	2019-05-23 09:23:48 +01:00
Asger F	1ec3475457	JS: All of TaintedPath	2019-05-23 09:23:47 +01:00
semmle-qlci	fac620d6f3	Merge pull request #1357 from asger-semmle/jump-to-namespace Approved by xiemaisi	2019-05-23 09:00:24 +01:00
Asger F	9046fd15f7	JS: Update expected output of XSS query (benign)	2019-05-23 08:56:01 +01:00
Asger F	2fc0ab5595	JS: Stop using the AST-based isDocumentURL internally	2019-05-23 08:55:21 +01:00
Asger F	8b7dbf8b0f	JS: Align DOM::locationRef with isDocumentURL	2019-05-23 08:45:08 +01:00
Asger F	8590042a7e	JS: customizable window, document, DOM value	2019-05-22 15:49:56 +01:00
Asger F	153e778f7f	JS: Remove jump-to-namespace	2019-05-22 14:42:48 +01:00
Asger F	deb217326d	JS: Update our own queries	2019-05-22 13:13:08 +01:00
Asger F	61ef73b0f7	JS: Add change note and deprecation member	2019-05-22 12:23:29 +01:00
Asger F	6246eb2fe3	JS: Refactor LabeledSantizerGuard	2019-05-22 12:08:03 +01:00
semmle-qlci	dc8123db8e	Merge pull request #1355 from xiemaisi/js/data-flow-api-fiddling Approved by asger-semmle	2019-05-22 10:40:32 +01:00
semmle-qlci	c100c70a65	Merge pull request #1348 from xiemaisi/js/add-external-link-cwe Approved by esben-semmle	2019-05-22 08:12:51 +01:00
semmle-qlci	114ba0e722	Merge pull request #1349 from EdoDodo/js-performance Approved by xiemaisi	2019-05-21 17:50:01 +01:00
Asger F	180b5443ba	JS: Update output of incomplete.ql	2019-05-21 17:02:43 +01:00
Asger F	de2f323172	JS: Mark unused parameter nodes as incomplete	2019-05-21 16:53:39 +01:00
Asger F	69dbbcf1c8	JS: Mark destructuring nodes as incomplete	2019-05-21 16:52:35 +01:00
Asger F	faa47029d5	JS: Mark exceptional nodes as incomplete	2019-05-21 13:51:59 +01:00
Asger F	68ae409947	JS: Test for mismatch between taint and type inference	2019-05-21 13:26:02 +01:00
Edoardo Pirovano	9d2580f778	JS: Fix performance regression of query.	2019-05-21 12:26:11 +01:00
semmle-qlci	8cd3cb501a	Merge pull request #1346 from xiemaisi/js/revert-1078 Approved by esben-semmle	2019-05-21 12:19:57 +01:00
Max Schaefer	cf22761ccc	JavaScript: Add CWE-1022 to TargetBlank.	2019-05-21 12:16:32 +01:00
semmle-qlci	fe920ecfaa	Merge pull request #1331 from asger-semmle/destructuring-assignment-fix Approved by xiemaisi	2019-05-21 11:32:36 +01:00

... 194 195 196 197 198 ...

11357 Commits