codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	efe7ba4f3d	JS: split InsecureRandomness.qll	2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen	b85d3756b0	JS: split DifferentKindsComparisonBypass.qll	2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen	56172317ed	JS: split HardCodedDataInterpretedAsCode.qll	2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen	d786f36120	JS: split CorsMisconfigurationForCredentials.qll	2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen	1f54f3269d	JS: split HttpToFileAccess.qll	2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen	ee6003655a	JS: split UnsafeDynamicMethodAccess.qll	2019-07-04 22:42:55 +02:00
semmle-qlci	298aa92814	Merge pull request #1543 from xiemaisi/js/reflective-call-flow Approved by asger-semmle	2019-07-04 12:02:24 +01:00
Max Schaefer	91a718cfe5	JavaScript: Fix data flow out of reflective calls. We were previously missing a data-flow edge from reflected calls to the corresponding reflective call, that is, for `f.call(...)` we didn't have a flow edge from the implicit call to `f` to the result of `f.call(...)`.	2019-07-04 08:29:04 +01:00
Esben Sparre Andreasen	bb452bea45	JS: split UnsafeDeserialization.qll	2019-07-04 08:39:10 +02:00
Esben Sparre Andreasen	626f3fa598	JS: split ConditionalBypass.qll	2019-07-04 08:33:39 +02:00
semmle-qlci	40f7e6f514	Merge pull request #1540 from esben-semmle/js/bump-prototype-pollution-lodash Approved by xiemaisi	2019-07-04 07:19:45 +01:00
semmle-qlci	6cda33c39e	Merge pull request #511 from esben-semmle/js/classify-minified-by-variable-names Approved by xiemaisi	2019-07-03 16:31:43 +01:00
semmle-qlci	b07a3e6725	Merge pull request #1439 from esben-semmle/js/configuration-node-separation Approved by asger-semmle, xiemaisi	2019-07-03 16:31:10 +01:00
semmle-qlci	7fbc730b05	Merge pull request #1517 from asger-semmle/instance-type-tracking-final Approved by xiemaisi	2019-07-03 08:26:16 +01:00
semmle-qlci	44823ca46d	Merge pull request #1522 from asger-semmle/ts-stringify-recursive-type-alias Approved by xiemaisi	2019-07-03 08:25:50 +01:00
Esben Sparre Andreasen	051c6ca31f	JS: split CodeInjection.qll into two parts	2019-07-03 09:18:27 +02:00
Esben Sparre Andreasen	ecf367fa65	JS: bump vulnerable lodash version for prototype pollution See https://github.com/lodash/lodash/pull/4336	2019-07-03 08:18:16 +02:00
Asger F	70cbecaf1b	JS: Update more test outputs	2019-07-02 21:08:13 +01:00
Asger F	52a5bce10d	TS: Update test affected by new stringification	2019-07-02 21:01:47 +01:00
Asger F	329ff0db1b	JS: Add an use getAPropertySource()	2019-07-02 10:09:06 +01:00
Asger F	5ce08e2c78	JS: Address review comments	2019-07-02 10:09:06 +01:00
Asger F	408fd3e106	JS: Augment call graph using type-tracked class instances	2019-07-02 10:09:06 +01:00
Asger F	779d98a143	JS: Prevent bad join in hasOwnProperty	2019-07-02 10:09:05 +01:00
Max Schaefer	bfb236f56d	JavaScript: Add more default source nodes. In particular, `await`, `yield` and dynamic `import` expressions are now source nodes, as well as a few other experimental and legacy language features involving non-local flow.	2019-07-02 08:10:28 +01:00
semmle-qlci	71c86fa69b	Merge pull request #1527 from esben-semmle/js/classify-more-generated-and-tests Approved by asger-semmle	2019-07-02 07:38:10 +01:00
semmle-qlci	26fd1b91cf	Merge pull request #1485 from esben-semmle/js/fix-yaml-strings Approved by xiemaisi	2019-07-02 07:00:43 +01:00
semmle-qlci	b0b152aaaa	Merge pull request #1529 from xiemaisi/js/getter-summaries Approved by asger-semmle	2019-07-02 06:16:34 +01:00
Max Schaefer	7f95c20345	JavaScript: Add support for tracking flow into receivers of reflective calls.	2019-07-01 17:54:43 +01:00
semmle-qlci	3b126d9c4e	Merge pull request #1488 from asger-semmle/call-graph-metric Approved by xiemaisi	2019-07-01 16:09:34 +01:00
Max Schaefer	895055f30e	JavaScript: Avoid unhelpful magic. The constraint `exists(callback.getParameter(i))` was getting pushed into `higherOrderCall`, which isn't a bad thing to do. However, this then led to a join on `i`, which is a very bad thing to do.	2019-07-01 15:45:57 +01:00
Max Schaefer	b5b89c0eac	JavaScript: Track flow into method receivers.	2019-07-01 15:45:57 +01:00
Esben Sparre Andreasen	062778bdd8	JS: heuristically recognize x.spec.y and x.test.y as test files	2019-07-01 15:49:17 +02:00
Esben Sparre Andreasen	7cab308205	fixup! JS: classify numeric file names as generated	2019-07-01 15:49:03 +02:00
Asger F	0c04580b5e	JS: fix typo in doc	2019-07-01 13:25:55 +01:00
Asger F	ff4d6ece80	JS: Rename metrics to ResolvableCallX	2019-07-01 12:34:48 +01:00
Asger F	16e6dd12d0	JS: Address review comments part 1	2019-07-01 12:30:51 +01:00
Esben Sparre Andreasen	41e568d1f7	JS: classify files with many short variables as minified	2019-07-01 13:25:07 +02:00
Asger F	2ab72c4eef	JS: Support line breaks in types	2019-07-01 11:46:30 +01:00
Asger F	625cdb8765	JS: Update test output	2019-07-01 11:29:55 +01:00
Asger F	4f05eab3fd	JS: Make docs match reality	2019-07-01 11:29:55 +01:00
Asger F	2822e493ae	JS: Switch to absolute offsets	2019-07-01 11:29:55 +01:00
Asger F	d6ba1ffa8a	JS: Some loc() fixes	2019-07-01 11:29:55 +01:00
Asger F	fd0791bd8c	JS: Parse types from original source string	2019-07-01 11:29:55 +01:00
Asger F	a3c7b631f4	JS: Extract type source text with substring	2019-07-01 11:29:55 +01:00
Asger F	edd96b056e	JS: Remove redundant source field	2019-07-01 11:29:55 +01:00
Asger F	9403834af5	JS: Include leading star in parsed source	2019-07-01 11:29:55 +01:00
Asger F	9b4bdaecce	JS: Remove unneeded replace call	2019-07-01 11:29:55 +01:00
Esben Sparre Andreasen	2eb7e4a818	JS: classify `x.test.js` files with `test(...)` calls as jest tests	2019-07-01 10:28:10 +02:00
Esben Sparre Andreasen	5ebcef41fa	JS: classify numeric file names as generated	2019-07-01 10:25:38 +02:00
Asger F	aff90b1082	TS: Add a missing semicolon	2019-06-28 10:53:33 +01:00

... 199 200 201 202 203 ...

11726 Commits