hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,307 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.2
Commit Graph

11679 Commits

Author SHA1 Message Date
Max Schaefer
01b43dff72 JavaScript: Make in-dist trap cache read-only. 2018-11-12 08:33:11 +00:00
Max Schaefer
032ed12242 JavaScript: Use in-dist trap cache when extracting externs. 2018-11-12 08:28:08 +00:00
Max Schaefer
f26d47aacb JavaScript: Bump extractor version. 
This is not so much because extractor output has changed (it hasn't, except for corner cases) but to disable trap caching so as to help us to flush out bugs.
 2018-11-12 08:19:17 +00:00
Max Schaefer
f06cef5d40 JavaScript: Port JSDoc parser to Java. 2018-11-12 08:18:53 +00:00
Max Schaefer
c14ebac455 JavaScript: Port regular expression parser to Java. 2018-11-12 08:18:53 +00:00
Aditya Sharad
761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Max Schaefer
63933cdecd JavaScript: Don't extract extens with --experimental turned on. 
There isn't any particularly compelling reason for doing so.
 2018-11-09 16:22:55 +00:00
Max Schaefer
f7d693d06f JavaScript: Make default extractor options more sensible. 
We now use module auto-detection and no TypeScript mode.

This only affects extern extraction in `AutoBuild`, everything else sets these options explicitly.
We currently do not have any ES2015 modules or TypeScript code in our externs, so in practice this is behaviour-preserving.
 2018-11-09 16:21:35 +00:00
Max Schaefer
fa8736adbc JavaScript: Introduce aliases for compatibility with other language libraries. 2018-11-09 11:27:14 +00:00
Max Schaefer
bdfe938d02 JavaScript: Improve StackTraceExposure query. 
It now also flags exposure of the entire exception object (not just the `stack` property).
 2018-11-09 09:42:09 +00:00
semmle-qlci
a7290e5aeb Merge pull request #434 from esben-semmle/js/type-confusion-with-taint-kinds 
Approved by asger-semmle
 2018-11-09 08:25:55 +00:00
semmle-qlci
c19747803b Merge pull request #425 from xiemaisi/js/lodash-recognition-extensible 
Approved by esben-semmle
 2018-11-09 08:08:40 +00:00
Dave Bartolomeo
2977395c32 Ignore whitespace errors in everything under lib 2018-11-08 11:06:42 -08:00
Dave Bartolomeo
d521502ded Allow mixed whitespace in parser tests 2018-11-08 11:06:42 -08:00
Dave Bartolomeo
55f4839abf Allow mixed whitespace in JavaScript test sources 2018-11-08 11:06:42 -08:00
Esben Sparre Andreasen
bd2fc33621 JS: annotate tests with expectations 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
ca215391b4 JS: substitute Assignment for DataFlow::PropWrite 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
b7f424df41 JS: introduce DataFlow::PropWrite::getWriteNode 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
d813a7cad2 JS: push negation 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
470c241c82 JS: use range instead of ad hoc LT/GT 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
1389009388 JS: naming and doc cleanups 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
33a297c829 JS: add query: js/useless-assignment-to-property 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
6ee47c437e JS: generalize and move DeadStoreOfLocal.qhelp to DeadStore.qhelp 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
cacb8fdee0 JS: move DeadStoreOfLocal::isDefaultInit to separate module 2018-11-08 13:23:19 +01:00
semmle-qlci
3c49bc6e67 Merge pull request #407 from asger-semmle/email-xss 
Approved by xiemaisi
 2018-11-08 10:53:10 +00:00
semmle-qlci
29cabc0e09 Merge pull request #424 from esben-semmle/js/syntactic-nullOrUndefined 
Approved by asger-semmle
 2018-11-08 10:52:44 +00:00
semmle-qlci
990c7e057f Merge pull request #419 from xiemaisi/js/fix-mixed-whitespace 
Approved by esben-semmle
 2018-11-07 23:47:48 +00:00
Aditya Sharad
ed49c623f1 Version: Bump to 1.18.2 release. 2018-11-07 14:36:40 +00:00
Esben Sparre Andreasen
0afbea968c Merge pull request #421 from xiemaisi/js/open-source-extractor 
JavaScript: Open-source extractor
 2018-11-07 15:13:27 +01:00
Asger F
e0d5557ef4 JS: add email HTML body as XSS sink 2018-11-07 11:31:40 +00:00
Esben Sparre Andreasen
f0343d0678 JS: use isUserControlledObject in js/type-confusion-through-parameter-tampering 2018-11-07 12:18:46 +01:00
Esben Sparre Andreasen
a2df4f9bfe JS: mark Koa params as user-controlled objects 2018-11-07 12:18:46 +01:00
Aditya Sharad
194042348a Eclipse plugins: Remove plugin metadata. 
This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.
 2018-11-07 11:01:05 +00:00
Max Schaefer
b058854964 JavaScript: Teach type inference about AMD imports. 2018-11-07 09:18:21 +00:00
Max Schaefer
22640f891e JavaScript: Make lodash/underscore recognition extensible. 2018-11-07 09:02:17 +00:00
Esben Sparre Andreasen
e6a190c06e JS: replace .stripParens query uses w. .getUnderlyingReference 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
f04293f73c JS: replace .stripParens library uses w. .getUnderlyingReference 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
43e215c7af JS: replace .stripParens query uses w. .getUnderlyingValue 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
030d9202de JS: replace .stripParens library uses w. .getUnderlyingValue 2018-11-07 09:32:02 +01:00
semmle-qlci
4225e0bb44 Merge pull request #356 from asger-semmle/parameter-node 
Approved by xiemaisi
 2018-11-07 08:31:05 +00:00
semmle-qlci
2457eb98df Merge pull request #166 from asger-semmle/documentable-self-assign 
Approved by esben-semmle, xiemaisi
 2018-11-07 08:30:17 +00:00
semmle-qlci
c20e24d549 Merge pull request #385 from asger-semmle/async-model 
Approved by xiemaisi
 2018-11-07 08:28:37 +00:00
semmle-qlci
282d1e2096 Merge pull request #404 from asger-semmle/useless-conditional2 
Approved by xiemaisi
 2018-11-07 08:28:01 +00:00
Max Schaefer
212a78b5fc Merge pull request #323 from esben-semmle/js/always-return-type-inference 
JS: additional return type inference
 2018-11-07 08:25:28 +00:00
Max Schaefer
f75ce7a6ef JavaScript: Fix project layout for trap tests. 2018-11-07 07:48:25 +00:00
Max Schaefer
4c4920c3a9 JavaScript: Open-source extractor. 2018-11-07 07:48:25 +00:00
Max Schaefer
5ffe45a80b JavaScript: Fix mixed tabs/spaces in qhelp. 2018-11-07 07:40:51 +00:00
Esben Sparre Andreasen
a79a6a07b8 JS: stop tracking properties of object literals 2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen
a07c094437 JS: introduce TypeInferredCalleeWithAnalyzedReturnFlow 2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen
fef3573152 JS: use global layer in AnalyzedNode::getABooleanValue and -getAType 2018-11-06 16:04:46 +01:00