codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	20b48a2d24	JS: support relational indexof comparison sanitizers	2018-08-22 15:58:47 +02:00
Esben Sparre Andreasen	218c0cb51a	JS: address review comments	2018-08-22 13:54:07 +02:00
Esben Sparre Andreasen	fef257b1ec	JS: remove emptiness checks from the type confusion `x.length` sinks	2018-08-22 13:25:22 +02:00
semmle-qlci	7e7e30c01c	Merge pull request #73 from esben-semmle/js/cleartext-logging-query Approved by xiemaisi	2018-08-22 08:04:36 +01:00
semmle-qlci	7661a98909	Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference Approved by xiemaisi	2018-08-22 08:02:27 +01:00
Esben Sparre Andreasen	2b9f5c3fa2	JS: remove check for test-environment in js/clear-text-logging	2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen	3636708d30	JS: extract and expose StringConcatenationTaintStep in TaintTracking	2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen	6f5fb2a9fe	JS: update queries and tests for improved type inference	2018-08-21 22:07:38 +02:00
Esben Sparre Andreasen	bbdf6b0f1d	JS: mark PrintfStyleCall as a taint step	2018-08-21 09:02:35 +02:00
semmle-qlci	44e4b25f42	Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client Approved by xiemaisi	2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen	0c4fb15651	JS: add query js/cleartext-logging	2018-08-20 08:34:16 +02:00
Robert Marsh	aaeda5dfcc	JavaScript: add the ESLint attack as a test	2018-08-17 10:16:52 -07:00
Esben Sparre Andreasen	a025dafcf5	JS: classify twitter-text library instances	2018-08-15 08:51:31 +02:00
Max Schaefer	886329689f	JavaScript: Teach `globalVarRef` about top-level `this` and the `global` npm package.	2018-08-14 09:15:15 +01:00
Asger F	d9ba5a1cab	JavaScript: add test cases for new array steps	2018-08-13 12:27:12 +01:00
semmle-qlci	3d0748c542	Merge pull request #48 from xiemaisi/js/webview-sinks Approved by asger-semmle	2018-08-13 09:37:33 +01:00
Max Schaefer	199990feea	JavaScript: Add `WebView`-related taint sinks for `CodeInjection`, `DomBasedXss` and `ServerSideUrlRedirect`.	2018-08-10 15:59:27 +01:00
semmle-qlci	2478c6e150	Merge pull request #43 from xiemaisi/js/odasa-7275 Approved by	2018-08-10 12:52:05 +01:00
Asger F	b00938e9b3	Make NodeJSLib use moduleMember for ES6-compatibility	2018-08-09 15:10:21 +01:00
Max Schaefer	e32dc08cd0	Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization JS: change alert location for js/incomplete-object-initialization	2018-08-09 13:58:11 +01:00
Max Schaefer	41da997651	JavaScript: Teach `IncompleteSanitization` to recognize incomplete URL {en,de}coding.	2018-08-09 12:44:16 +01:00
Max Schaefer	badb167962	Merge pull request #35 from esben-semmle/js/classify-application-insight JS: classify the ApplicationInsights library instance	2018-08-09 08:12:12 +01:00
Max Schaefer	0de9eed71c	Merge pull request #32 from asger-semmle/export-import-flow TypeScript: bugfixes for import-assign statement	2018-08-08 16:35:43 +01:00
Esben Sparre Andreasen	2589cf70c9	JS: classify the ApplicationInsights library instance	2018-08-08 15:39:22 +02:00
Asger F	94bac1253d	TypeScript: bugfixes for import-assign statement	2018-08-08 12:02:28 +01:00
Esben Sparre Andreasen	8ee943f264	JS: restrict alert location to a single line	2018-08-08 10:50:42 +02:00
Esben Sparre Andreasen	e1947f04df	JS: change alert location for js/incomplete-object-initialization	2018-08-08 10:43:52 +02:00
Esben Sparre Andreasen	4e98ce21b4	JS: permit some calls with spurious arguments to empty functions	2018-08-08 10:13:02 +02:00
semmle-qlci	6533ddfeaf	Merge pull request #20 from esben-semmle/js/more-auth-calls-and-rate-limiters Approved by xiemaisi	2018-08-07 09:42:07 +01:00
Esben Sparre Andreasen	b6951d8249	JS: add tests for improved js/missing-rate-limiting	2018-08-06 15:15:44 +02:00
Max Schaefer	9ba3d80bad	JavaScript: Lift call graph library to data flow graph.	2018-08-06 08:34:06 +01:00
Asger F	156b94e436	JavaScript: Add model of JSON parsers	2018-08-03 15:27:35 +01:00
Pavel Avgustinov	b55526aa58	QL code and tests for C#/C++/JavaScript.	2018-08-02 17:53:23 +01:00

... 48 49 50 51 52

2583 Commits