codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Max Schaefer	b5b89c0eac	JavaScript: Track flow into method receivers.	2019-07-01 15:45:57 +01:00
Esben Sparre Andreasen	062778bdd8	JS: heuristically recognize x.spec.y and x.test.y as test files	2019-07-01 15:49:17 +02:00
Esben Sparre Andreasen	41e568d1f7	JS: classify files with many short variables as minified	2019-07-01 13:25:07 +02:00
Asger F	2ab72c4eef	JS: Support line breaks in types	2019-07-01 11:46:30 +01:00
Asger F	625cdb8765	JS: Update test output	2019-07-01 11:29:55 +01:00
Esben Sparre Andreasen	2eb7e4a818	JS: classify `x.test.js` files with `test(...)` calls as jest tests	2019-07-01 10:28:10 +02:00
Esben Sparre Andreasen	5ebcef41fa	JS: classify numeric file names as generated	2019-07-01 10:25:38 +02:00
Asger F	f5569b8b58	TS: Avoid infinite recursion in stringifyType	2019-06-28 10:53:33 +01:00
Max Schaefer	3c3422e221	JavaScript: Refactor unpromoted-candidate queries to no longer rely on tracked nodes.	2019-06-28 10:25:23 +01:00
Max Schaefer	b3e8103dce	JavaScript: Track flow through property getter functions.	2019-06-28 08:51:27 +01:00
semmle-qlci	44bd540c44	Merge pull request #1495 from asger-semmle/array-taint-step Approved by xiemaisi	2019-06-27 12:16:17 +01:00
semmle-qlci	1a9f3624c2	Merge pull request #1504 from xiemaisi/js/shift-bigint Approved by asger-semmle	2019-06-26 18:30:48 +01:00
Max Schaefer	e35fde322b	JavaScript: Teach `ShiftOutOfRange` about BigInt.	2019-06-26 09:16:34 -07:00
Asger F	57dac1d0d5	JS: Update test output to reflect new edge relation	2019-06-25 16:41:29 +01:00
Asger F	aa4d28028e	JS: Add test	2019-06-25 14:15:06 +01:00
Max Schaefer	4370f25b32	JavaScript: Remove dependency of module import on `globalVarRef`.	2019-06-20 21:08:34 +01:00
Ellen Arteca	99c32f08fb	JavaScript: Recognize imports from TypeScript type annotations	2019-06-20 10:45:30 +01:00
semmle-qlci	bffc3307b5	Merge pull request #1450 from esben-semmle/js/classify-json-js-as-generated Approved by xiemaisi	2019-06-13 09:45:37 +01:00
semmle-qlci	7332446ee1	Merge pull request #1444 from esben-semmle/js/express-node-inheritance Approved by xiemaisi	2019-06-12 21:43:44 +01:00
Esben Sparre Andreasen	3f11ae7eaa	Merge remote-tracking branch 'rc/1.21' into master	2019-06-12 12:57:55 +02:00
Esben Sparre Andreasen	59b7b0757a	JS: make Express' res/req extend Node's res/req	2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen	29f9103b39	JS: classify single-line JSON files as generated	2019-06-12 09:05:12 +02:00
semmle-qlci	7790ac45bd	Merge pull request #1409 from esben-semmle/js/more-command-injection Approved by xiemaisi	2019-06-11 11:59:18 +01:00
Max Schaefer	70cf32c889	JavaScript: Add a few more tests.	2019-06-11 08:44:14 +01:00
Esben Sparre Andreasen	299d4c6e93	JS: add additional SystemCommandExecutors	2019-06-11 09:38:10 +02:00
Max Schaefer	398ee0c133	JavaScript: Add tests for data-flow tutorial.	2019-06-07 14:33:26 +01:00
Max Schaefer	d723ab76d8	JavaScript: Fix `getDelimiterMatchingRegexp` to work on multi-line strings.	2019-06-05 08:09:19 +01:00
Max Schaefer	a4876270ec	JavaScript: Tweak `PasswordInConfigurationFile` alerts. Only highlight first line, and include the password in the alert message.	2019-06-05 08:09:19 +01:00
semmle-qlci	80ff63a3bb	Merge pull request #1387 from esben-semmle/js/unanchored-url-regex Approved by mc-semmle, xiemaisi	2019-06-03 17:27:08 +01:00
Esben Sparre Andreasen	bf51c54338	JS: add `RegExpPatternSource::getAParse` to hide the subclasses	2019-06-03 14:23:22 +02:00
Max Schaefer	d8a101df6d	JavaScript: Shrink `Configurations.qll` some more.	2019-06-03 10:32:25 +01:00
Esben Sparre Andreasen	7018a38691	JS: improve tests and regexp for js/regex/missing-regexp-anchor	2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen	3289c629f7	JS: address minor review comments	2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen	0fa73b8331	JS: add query js/regex/missing-regexp-anchor	2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen	69db54a03a	JS: add anchors to js/incomplete-hostname-regexp examples	2019-06-03 08:27:49 +02:00
Max Schaefer	3097037a6f	Merge pull request #1290 from esben-semmle/js/semver-lib JS: add SemVer library	2019-05-31 08:09:24 +01:00
semmle-qlci	0fa06e5c8d	Merge pull request #1180 from asger-semmle/tainted-path-squashed Approved by xiemaisi	2019-05-30 17:20:19 +01:00
Max Schaefer	3c8aea26da	JavaScript: Update expected test output.	2019-05-30 15:05:43 +01:00
semmle-qlci	bd15994bb4	Merge pull request #1367 from xiemaisi/js/configuration-api-consistency Approved by esben-semmle	2019-05-28 12:26:58 +01:00
Asger F	ef1ad0d3b7	JS: Summary expected output (not taint-tracking config anymore)	2019-05-28 12:05:51 +01:00
Asger F	9f1617a6a8	JS: Update TaintedPath.expected (4x paths)	2019-05-28 11:22:08 +01:00
Asger F	6617747185	JS: Update DataFlowTracking output for booleanOps.js	2019-05-28 11:19:23 +01:00
Max Schaefer	86e96c6dc3	JavaScript: Introduce `is{Barrier,Sanitizer}Edge` predicate. This name is more intuitive than the previous binary `is{Barrier,Sanitizer}` predicates, and is consistent with the other languages.	2019-05-28 08:08:14 +01:00
Max Schaefer	d9b3e461ba	Merge pull request #1351 from asger-semmle/js-incomplete-nodes JS: Mark some more nodes as incomplete	2019-05-28 07:59:23 +01:00
Max Schaefer	bad5465aad	Merge pull request #1360 from asger-semmle/customize-window-document JS: Make some DOM concepts customizable	2019-05-28 07:58:44 +01:00
Esben Sparre Andreasen	eb13ab52cf	JS: sharpen js/prototype-pollution with version analysis	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	0660db37f6	JS: introduce SemVer matching library	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	1cea29d89f	JS: improve prototype pollution tests	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	af3f0b1d04	JS: add test for missing support for package-lock.json	2019-05-27 22:32:32 +02:00
Max Schaefer	1bf7bcf010	Merge pull request #1356 from asger-semmle/tainted-path-cherry-picked JS: Refactor LabelledBarrierGuard	2019-05-23 12:26:35 +01:00

... 80 81 82 83 84 ...

4935 Commits