hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

11357 Commits

Author SHA1 Message Date
Asger F
2abe34b2f9 TypeScript: test case for whitespace before a rescanned token 
(cherry picked from commit a199035a05)
 2018-10-19 08:30:03 +01:00
Asger F
cbf06ae74d TypeScript: test case for tokenization of template literals 
(cherry picked from commit 9146cc26bd)
 2018-10-19 08:30:03 +01:00
Asger F
4d7e762629 TS: test case for type expansion through type parameter bound 
(cherry picked from commit 8bc92bd534)
 2018-10-19 08:30:03 +01:00
Max Schaefer
374fd597d7 JavaScript: Reinstate override. 
(cherry picked from commit df5a8651c3)
 2018-10-19 08:30:03 +01:00
Max Schaefer
b0425a298c JavaScript: Eliminate slow antijoin predicate. 
(cherry picked from commit 0cfd04dfa2)
 2018-10-19 08:30:03 +01:00
Max Schaefer
5167d43fbc JavaScript: Refactor AnalyzedPropertyWrite::writes to enable correct modelling of variable exports. 
(cherry picked from commit 080f974663)
 2018-10-19 08:30:03 +01:00
Max Schaefer
898ba94837 JavaScript: Address review comments. 
(cherry picked from commit 6835815673)
 2018-10-19 08:30:03 +01:00
Max Schaefer
2b7d69aaf4 JavaScript: Add support for Google Cloud Spanner. 
(cherry picked from commit cd284b2f97)
 2018-10-19 08:30:03 +01:00
Tom Hvitved
b282444740 Revert "JavaScript: Patch CFG to improve support for non-top level import declarations." 
This reverts commit f05e777e64.
 2018-10-19 08:30:03 +01:00
Max Schaefer
5e75a62f5c JavaScript: Add test case for type inference in the presence of non-toplevel imports. 
(cherry picked from commit 8b7bb8cecc)
 2018-10-19 08:30:03 +01:00
Max Schaefer
e683b51611 JavaScript: Generalise code that assumes imports only appear at the toplevel. 
(cherry picked from commit db32dc2bdf)
 2018-10-19 08:30:03 +01:00
Max Schaefer
de108a843d JavaScript: Patch CFG to improve support for non-top level import declarations. 2018-10-19 08:30:03 +01:00
Esben Sparre Andreasen
9c2ca9a7fa JS: make js/unused-local-variable flag import statements 2018-10-18 11:49:45 +02:00
Esben Sparre Andreasen
c65bc5cc90 JS: add Util::pluralize, also add tests for Util::capitalize 2018-10-18 11:49:28 +02:00
Tom Hvitved
58a0815033 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-17 2018-10-17 13:24:37 +02:00
Max Schaefer
6a75ebbae2 JavaScript: Update model of DOMException. 
cf. https://developer.mozilla.org/en-US/docs/Web/API/DOMException/DOMException

(cherry picked from commit 8cc7f5c242)
 2018-10-17 11:38:29 +01:00
Max Schaefer
d57e93d5c6 JavaScript: Fix typo in query help. 
(cherry picked from commit 1ab943c16b)
 2018-10-17 11:38:29 +01:00
semmle-qlci
1da873e819 Merge pull request #315 from esben-semmle/js/conditional-bypass-early-return 
Approved by xiemaisi
 2018-10-17 08:25:55 +01:00
semmle-qlci
e55eaefded Merge pull request #310 from esben-semmle/js/additional-client-request-data-nodes 
Approved by xiemaisi
 2018-10-16 12:59:22 +01:00
Esben Sparre Andreasen
2881649310 JS: add js/command-line-injection heuristic source: JSON.stringify() 2018-10-16 13:56:06 +02:00
semmle-qlci
e319159a59 Merge pull request #316 from xiemaisi/js/odasa-7355-workaround 
Approved by esben-semmle
 2018-10-16 12:47:58 +01:00
Esben Sparre Andreasen
c7fe96d4bd JS: implement getADataNode for Electron::ClientRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
e7836d74ab JS: implement getADataNode for NodeHttpUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
3c07b4faf1 JS: implement getADataNode for SuperAgentUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
eef0b8c94d JS: implement getADataNode for GotUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
977b287129 JS: implement getADataNode for FetchUrlRequest 2018-10-16 08:51:30 +02:00
Esben Sparre Andreasen
c21a0472d4 JS: implement getADataNode for AxiosUrlRequest 2018-10-16 08:50:56 +02:00
Esben Sparre Andreasen
1e115bce2c JS: add SourceNode support for chained method calls 2018-10-16 08:48:09 +02:00
Esben Sparre Andreasen
ffbbb807f4 JS: avoid flagging early returns in js/user-controlled-bypass 2018-10-16 08:39:59 +02:00
Max Schaefer
df5a8651c3 JavaScript: Reinstate override. 2018-10-16 07:31:28 +01:00
semmle-qlci
1e7696664e Merge pull request #302 from xiemaisi/js/google-spanner 
Approved by esben-semmle
 2018-10-16 06:48:43 +01:00
Max Schaefer
6835815673 JavaScript: Address review comments. 2018-10-15 20:14:40 +01:00
semmle-qlci
7543fa4a10 Merge pull request #298 from asger-semmle/partial-calls-merged 
Approved by xiemaisi
 2018-10-15 14:58:22 +01:00
Max Schaefer
0cfd04dfa2 JavaScript: Eliminate slow antijoin predicate. 2018-10-12 13:01:01 +01:00
Max Schaefer
080f974663 JavaScript: Refactor AnalyzedPropertyWrite::writes to enable correct modelling of variable exports. 2018-10-12 13:00:52 +01:00
semmle-qlci
16b29b2d08 Merge pull request #299 from asger-semmle/nosql-sinks 
Approved by xiemaisi
 2018-10-12 07:12:05 +01:00
Tom Hvitved
b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Asger F
da3e960e39 JS: address review comments 2018-10-11 12:45:45 +01:00
Max Schaefer
cd284b2f97 JavaScript: Add support for Google Cloud Spanner. 2018-10-11 09:30:39 +01:00
Asger F
9b10254cd4 JS: support label-specific sanitizer guards 2018-10-10 18:27:14 +01:00
Asger F
5e720486d5 JS: recognize req.query.x as deep object taint 2018-10-10 17:15:56 +01:00
Asger F
d72d7345b8 JS: make NosqlInjection use object taint 2018-10-10 17:05:59 +01:00
Asger F
b70f70f722 JS: Add TaintedObject flow label library 2018-10-10 17:05:59 +01:00
Asger F
396ad336a3 JS: add RemoteFlowSource.isDeepObject() and populate it 2018-10-10 17:05:59 +01:00
Asger F
46b2015065 JS: fix an outdated comment 2018-10-10 17:05:59 +01:00
Asger F
03b479114f JS: preserve document.url label out of .href property 2018-10-10 17:05:59 +01:00
Asger F
ea297dd442 JS: bugfix in handling of custom flow labels 2018-10-10 16:06:44 +01:00
Esben Sparre Andreasen
6687dfd558 JS: improve model of express' req.sendFile 2018-10-10 15:46:43 +02:00
Esben Sparre Andreasen
358b6c3413 JS: change "remote request" to "network request" 2018-10-10 15:34:39 +02:00
Esben Sparre Andreasen
e93545d16e JS: address more review comments 2018-10-10 15:28:42 +02:00