hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

11726 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
c0b7538cf0 made the blacklist for methods named "function" work again 2019-10-02 14:56:41 +02:00
Erik Krogh Kristensen
e5290f3bb0 remove some parentheses 2019-10-02 14:51:47 +02:00
Erik Krogh Kristensen
22aac8e723 ensure that the existence of non-synthetic constructor is checked correctly 2019-10-02 14:49:33 +02:00
Erik Krogh Kristensen
a66e33ea5e add references to TypeScript spec for "new" and "constructor" keywords 2019-10-01 15:56:45 +02:00
Erik Krogh Kristensen
584b9d4e30 update expected test output 2019-10-01 15:53:37 +02:00
Erik Krogh Kristensen
2ad85d16bd refactor a list of negated conjunctions to a disjunction 2019-10-01 15:53:22 +02:00
Erik Krogh Kristensen
6c176fc967 introduce name as a variable, and adjust alert messages 2019-10-01 15:28:57 +02:00
Erik Krogh Kristensen
26a0bfac39 refactor js/suspicious-method-name-declaration to use isSynthetic predicate 2019-10-01 15:06:45 +02:00
Erik Krogh Kristensen
1e2aad5a29 fix pointer in .qlref, and update expected test results 2019-10-01 14:56:00 +02:00
Erik Krogh Kristensen
aa1368741b rename suspicious-method-name to suspicious-method-name-declaration 2019-10-01 14:37:07 +02:00
Erik Krogh Kristensen
0320f0f26b add query for detecting suspisous method names in TypeScript 2019-09-30 13:05:50 +02:00
Erik Krogh Kristensen
7fb8f8453d fix for when the concatenation root is in parentheses 2019-09-26 16:35:38 +02:00
Erik Krogh Kristensen
69365ccd03 remove false positive in missingSpaceInAppend by requring the presence of a word-like fragment 2019-09-26 12:59:05 +02:00
Asger F
c2f6855a7b JS: Update tests 2019-09-26 10:17:58 +01:00
Asger F
cafa9edf69 JS: upgrade script, stats, version string 2019-09-26 10:17:58 +01:00
Asger F
b4f67f20af JS: Extract types and signatures for functions 2019-09-26 10:17:58 +01:00
Asger F
999d10e1f0 JS: Use consistent indentation 2019-09-26 10:17:58 +01:00
Asger F
405d43d539 JS: Merge CallSignatureTypes test 2019-09-26 10:17:58 +01:00
Asger F
97494290de JS: Add getOverloadIndex() 2019-09-26 10:17:58 +01:00
Asger F
8ca294ae41 JS: Merge TypeScript/CallSignatures test 2019-09-26 10:17:58 +01:00
Max Schaefer
d4fca84898 JavaScript: Improve XSS sanitizer detection. 
We now use local data flow to detect more regexp-based sanitizers.
 2019-09-23 17:07:06 +01:00
semmle-qlci
825a3d2917 Merge pull request #1954 from asger-semmle/type-tracking-through-captured-vars 
Approved by xiemaisi
 2019-09-23 12:10:30 +01:00
semmle-qlci
e2c941c577 Merge pull request #1916 from erik-krogh/taintedLength 
Approved by asger-semmle, xiemaisi
 2019-09-23 11:47:48 +01:00
Max Schaefer
149ae5d7ab JavaScript: Fix IllegalInvocation. 
This fixes false positives that arise when a call such as `f.apply` can either be interpreted as a reflective invocation of `f`, or a normal call to method `apply` of `f`.
 2019-09-23 07:44:14 +01:00
Asger F
69a88c4fcd JS: Fix typo and add metadata to DomValueRefs 2019-09-20 15:43:08 +01:00
Asger F
1ce0a48996 JS: Update tests 2019-09-20 15:41:36 +01:00
semmle-qlci
6d9d859119 Merge pull request #1934 from asger-semmle/node-js-classification 
Approved by esben-semmle
 2019-09-20 09:50:34 +01:00
semmle-qlci
6f2e485ace Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible 
Approved by esben-semmle
 2019-09-19 12:45:45 +01:00
Erik Krogh Kristensen
7671b6759b import DataFlow::PathGraph from the ql file instead of the qll file 2019-09-19 11:59:45 +02:00
Erik Krogh Kristensen
bbf7e56e47 remove unused import in query 2019-09-19 11:49:20 +02:00
Max Schaefer
4e1e7bc127 JavaScript: Apply review suggestion. 
Co-Authored-By: Esben Sparre Andreasen <42067045+esben-semmle@users.noreply.github.com>
 2019-09-19 09:40:28 +01:00
Esben Sparre Andreasen
b631bfc8eb Merge branch 'master' into node-js-classification 2019-09-19 09:42:26 +02:00
Asger F
71763af2d5 JS: Further restrict receiver type inference 2019-09-18 16:18:10 +01:00
Asger F
e724f92ee8 JS: Also summarize loads 2019-09-18 16:18:10 +01:00
Asger F
ffc69cb61e JS: Summarize functions in type tracking 2019-09-18 16:17:59 +01:00
Asger F
3479f02082 JS: Add test showing lack of flow out of inner function 2019-09-18 16:17:22 +01:00
Asger F
76438f98ad JS: Add DomValuesRefs metric 2019-09-18 16:17:21 +01:00
Asger F
0924de4c56 JS: Simplify call graph metric 2019-09-18 16:17:21 +01:00
semmle-qlci
57a6c0c20d Merge pull request #1918 from esben-semmle/js/improve-getAResponseDataNode 
Approved by asger-semmle
 2019-09-18 14:03:45 +01:00
semmle-qlci
479fca9e30 Merge pull request #1946 from xiemaisi/js/top-level-await 
Approved by asger-semmle
 2019-09-18 12:32:09 +01:00
semmle-qlci
b4b7314757 Merge pull request #1941 from xiemaisi/js/fix-incorrect-suffix-check-performance 
Approved by asger-semmle
 2019-09-18 12:31:46 +01:00
Max Schaefer
3970ead7ab JavaScript: Add support for rate-limiter-flexible package. 2019-09-18 12:25:33 +01:00
Max Schaefer
9ff5c7007a JavaScript: Add support for top-level await. 2019-09-18 09:56:21 +01:00
Esben Sparre Andreasen
ac6554b7da Merge branch 'master' into js/improve-getAResponseDataNode 2019-09-17 13:18:41 +02:00
Max Schaefer
df739e0fca JavaScript: Fix performance regression in IncorrectSuffixCheck. 2019-09-16 15:25:17 +01:00
Esben Sparre Andreasen
a5645e168a JS: exclude keys from whitelist 2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen
0e2d2f8662 JS: whitelist some hardcoded dummy-passwords in two queries 2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen
aa3f4a7048 JS: change passwords in tests 2019-09-16 10:09:59 +02:00
Asger F
a8e8ae868a JS: Update extractor version string 2019-09-13 15:48:31 +01:00
Asger F
173f32d2ba JS: Recognize 'require' calls in more cases 2019-09-13 15:48:31 +01:00