hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

11726 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
1efe2ba167 inline ifStmt field 2019-12-13 19:00:54 +01:00
semmle-qlci
9b6c394ac7 Merge pull request #2520 from max-schaefer/js/fix-2517 
Approved by esbena
 2019-12-13 12:59:37 +00:00
Erik Krogh Kristensen
3b2cc4674e autoformat 2019-12-13 11:44:52 +01:00
Erik Krogh Kristensen
e164f46330 changes based on review feedback 2019-12-13 11:44:31 +01:00
Asger F
45524d8b19 JS: Add to correctness-core suite 2019-12-12 16:05:05 +00:00
Asger F
e8f0e3811a JS: Replace backticks with <code> 2019-12-12 15:52:09 +00:00
Asger F
eb82b17f16 JS: QHelp and a bit of qldoc 2019-12-12 15:40:41 +00:00
Erik Krogh Kristensen
f35dc5d274 Merge remote-tracking branch 'upstream/master' into moarExceptions 2019-12-12 16:13:52 +01:00
Erik Krogh Kristensen
17358606cb change callback to rely on an behavior heuristic rather than a naming heuristic 2019-12-12 16:12:37 +01:00
Asger F
f398247d2f JS: Step through rephinements in getImmediatePredecessor 2019-12-12 15:11:25 +00:00
Asger F
a30f991b5e JS: Add query for missing await 2019-12-12 15:11:25 +00:00
Erik Krogh Kristensen
08d0cb795b revert the introduction of getEnclosingCall 2019-12-12 15:14:02 +01:00
Max Schaefer
dfeca63677 JavaScript: Fix characteristic predicate of XMLParent. 
The database type `@xmlparent` is defined a bit too loosely in that it includes all of `@file`, not just XML files. Fixing that would involve fiddling with the extractor/dbscheme, so I have opted to fix it at the QL level instead.
 2019-12-12 12:38:29 +00:00
Erik Krogh Kristensen
e818f4c08b refactored some duplicated methods into the abstract class, and specialized the type of emitter in NodeJS EventEmitter dispatch/registration 2019-12-11 18:25:03 +01:00
semmle-qlci
3d8c35e523 Merge pull request #2509 from asger-semmle/typescript-full-json 
Approved by max-schaefer
 2019-12-11 16:31:26 +00:00
Erik Krogh Kristensen
f537e28389 add pragma to internalBlocks predicate to fix performance 2019-12-11 15:19:30 +01:00
Asger F
063abb5cbc TS: Avoid name clash between tsconfig.json and type table 2019-12-11 12:15:44 +00:00
semmle-qlci
cb8e5fa3fc Merge pull request #2411 from asger-semmle/regexp-sanitizer-guards 
Approved by esbena, max-schaefer
 2019-12-11 12:00:21 +00:00
Erik Krogh Kristensen
62512dd3e9 expand the js/exception-xss to handle more types of exceptional flow 2019-12-11 10:43:50 +01:00
Erik Krogh Kristensen
267c4c07ed refactor EventEmitter model to use the ::Range pattern 2019-12-10 15:54:14 +01:00
Erik Krogh Kristensen
c4fd80d12b some review feedback 2019-12-10 14:53:01 +01:00
Erik Krogh Kristensen
e5d465da9a documentation fixes from @max-schaefer 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-10 12:01:51 +01:00
Erik Krogh Kristensen
59bafab6c3 update test to not use private class 2019-12-10 10:39:01 +01:00
Erik Krogh Kristensen
72cf14989a update expected output of test 2019-12-10 10:33:37 +01:00
Erik Krogh Kristensen
60a825cf66 fix tabs and spaces 2019-12-09 16:06:17 +01:00
Erik Krogh Kristensen
110302678c add model for EventEmitter in NodeJS, and base the Electron::IPC model on top of the new EventEmitter model 2019-12-09 14:27:35 +01:00
Henning Makholm
66b3c7cf07 JS tests: add queries.xml 
The `queries.xml` file defines which extractor the `codeql test` runner will use
to extract databases for the tests. In the future one will be able to write this
information in `qlpack.yml`, but we can't do that immediately because the
_existing_ CodeQL tooling would refuse to parse a `qlpack.yml` that has the new
field in it.

Adding a queries.xml file means that the normalization of file names in the test
output changes even with the old QLTest, so there are a number of consequential
updates of expected output files.
 2019-12-07 02:38:02 +01:00
Asger F
abec4badb5 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
344f0b4995 Fix typo in qldoc 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
c1da83bf6c Fix typo in qldoc 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
2acd616e6f JS: Review comments 2019-12-06 11:53:06 +00:00
Asger F
bbb6dad726 JS: Update koa testcase 2019-12-06 11:49:59 +00:00
Asger F
b407de01f8 JS: Update TaintBarriers test 2019-12-06 11:49:59 +00:00
Asger F
a6e75259d6 JS: More fine-grained regexp-based sanitizer guards 2019-12-06 11:49:59 +00:00
Asger F
ad6e949bad JS: Introduce RegExpCreationNode 2019-12-06 11:49:59 +00:00
Asger F
4354945c26 JS: Factor out recognition of RegExp flags 2019-12-06 11:49:59 +00:00
semmle-qlci
cfcd18b411 Merge pull request #2429 from erik-krogh/typeAheadSink 
Approved by esbena
 2019-12-03 08:07:25 +00:00
Henning Makholm
e441e432ff Merge pull request #2484 from asger-semmle/typescript-codeql-env-var 
JS: Make extractor aware of CodeQL env vars
 2019-12-02 18:36:45 +01:00
Asger F
f162749044 Merge pull request #2418 from max-schaefer/js/file-locatable 
JavaScript: Make `File` not extend `Locatable` anymore.
 2019-12-02 16:15:14 +00:00
Asger F
f988e9004f JS: Autoformat FileExtractor.java 2019-12-02 16:06:37 +00:00
Asger F
c931beb853 TS: Make AutoBuild aware of CodeQL env vars 2019-12-02 16:06:27 +00:00
Max Schaefer
ec2ba735de JavaScript: Update Dependencies library to not rely on Files being Locatable. 
Previously, we would consider an HTML file to be a dependent of all scripts embedded in it. Now we instead consider each JavaScript toplevel inside the HTML file to be a dependent, which is more sensible anyway.
 2019-12-02 12:40:49 +00:00
Nick Rolfe
d293418672 Merge pull request #2478 from jbj/mergeback-20191202 
Mergeback from rc/1.23 to master
 2019-12-02 12:28:20 +00:00
Erik Krogh Kristensen
ea9d6189de update expected test outpu 2019-12-02 12:52:39 +01:00
semmle-qlci
ceb9fff70c Merge pull request #2479 from max-schaefer/localTaintStep 
Approved by asgerf
 2019-12-02 11:35:43 +00:00
Max Schaefer
aeda2d68f8 JavaScript: Introduce localTaintStep predicate. 
It's sometimes useful for exploratory queries, and the other languages have it as well.
 2019-12-02 09:43:08 +00:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Erik Krogh Kristensen
c6c1ebe81a Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-12-02 08:41:49 +01:00
Max Schaefer
f958916c76 Merge pull request #2330 from erik-krogh/exceptionXss 
JS: Added query for detecting XSS that happens through an exception
 2019-11-29 09:04:45 +00:00
semmle-qlci
73e08eba43 Merge pull request #2468 from max-schaefer/js/regexp-predecessor 
Approved by asgerf
 2019-11-28 16:57:31 +00:00