hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

11726 Commits

Author SHA1 Message Date
Max Schaefer
d59c12e6eb JavaScript: Recognise Electron browser objects based on TypeScript types when available. 2019-02-23 21:43:13 +00:00
Max Schaefer
143bb711f9 JavaScript: Slightly restructure Electron BrowserWindow class hierarchy. 2019-02-23 21:43:13 +00:00
Max Schaefer
20d41b85de JavaScript: Delete an unused package.json in a test. 
While this file is part of the project used in the tutorial, it isn't necessary for the queries to work. It also specifies a dependency on a vulnerable version of Express, causing it to be (spuriously) flagged by security scanners.
 2019-02-23 13:59:18 +00:00
Max Schaefer
db9ac72e7a Merge pull request #957 from esben-semmle/js/another-autobinder-model 
JS: model one more 'autobind' for js/unbound-event-handler-receiver
 2019-02-22 20:58:17 +00:00
Max Schaefer
12ed2ca000 Merge pull request #958 from esben-semmle/js/improve-tainted-path 
JS: add taint steps for fs.realpath and fs.realpathSync
 2019-02-22 20:55:39 +00:00
Esben Sparre Andreasen
6c1b29e4b6 JS: add missing flowstep for unused parameter field initializers 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
6766716867 JS: add PropWrite tests for parameter field initializers 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
bdd8691e65 JS: add type inference for the return value of captured method calls 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
8af501d4d5 JS: avoid double reporting dead code with js/unused-variable 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
91dccc3356 JS: add query js/unused-property 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
0cf2eaec5e JS: introduce CapturedSource 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
305a249280 JS: add taint steps for fs.realpath and fs.realpathSync 2019-02-21 09:48:35 +01:00
Esben Sparre Andreasen
27cae0c190 JS: model one more 'autobind' for js/unbound-event-handler-receiver 2019-02-21 08:23:54 +01:00
james
50ad8a4089 update link in vue.qll 2019-02-20 16:43:56 +00:00
semmle-qlci
f5e419e774 Merge pull request #933 from xiemaisi/js/createContextualFragment 
Approved by asger-semmle
 2019-02-20 12:42:27 +00:00
Asger F
e7e29101e4 JS: add StringOps::Concatenation 2019-02-15 16:57:26 +00:00
Asger F
c115451b9d JS: Fix copy-pasta bug 2019-02-15 16:48:42 +00:00
Asger F
ab0ed66266 JS: Add EndsWith::Range 2019-02-15 16:48:15 +00:00
Asger F
2ccfd73be5 JS: Add Includes::Range 2019-02-15 16:42:41 +00:00
Asger F
56e081f7c9 JS: Add StartsWith::Range 2019-02-15 16:38:18 +00:00
Asger F
1aba111a00 JS: Use ::Range pattern for abstract classes 2019-02-15 14:28:07 +00:00
Asger F
c8823fa7cf JS: change charpred of ClosureModule to be AST-based 2019-02-15 14:28:06 +00:00
Asger F
d1607f7c47 JS: remove SourceNode supertype from ClosureNamespaceAccess 2019-02-15 14:28:06 +00:00
Asger F
8801431352 JS: elaborate qldoc for isTopLevelExpr 2019-02-15 14:28:06 +00:00
Asger F
fa34f8f414 JS: replace dataflow -> data flow 2019-02-15 14:28:06 +00:00
Asger F
701e662bc4 JS: rename more predicates for consistency 2019-02-15 14:28:06 +00:00
Asger F
23bd9e62f0 JS: Add ClosureNamespaceAccess 2019-02-15 14:28:06 +00:00
Asger F
939eab2c82 JS: refactor expressions to dataflow nodes 2019-02-15 14:28:06 +00:00
Asger F
8d78731ff0 JS: rename getNamespaceId to getClosureNamespace 2019-02-15 14:28:06 +00:00
Asger F
8c96f5f037 JS: tweak global flow for closure modules 2019-02-15 12:05:35 +00:00
semmle-qlci
26525fc1b5 Merge pull request #929 from asger-semmle/typescript-no-expansion 
Approved by xiemaisi
 2019-02-13 18:20:41 +00:00
semmle-qlci
92a6e7e04c Merge pull request #932 from asger-semmle/cookbook-prepare 
Approved by xiemaisi
 2019-02-13 18:20:09 +00:00
Asger F
dfe3f254de JS: generalize to include default imports 2019-02-13 18:03:57 +00:00
Asger F
d793427630 JS: treat +/- equally in suffix check query 2019-02-13 15:55:19 +00:00
Max Schaefer
5b2df068d3 Merge pull request #921 from asger-semmle/class-node-absval 
JS: use type inference to back up function-style classes
 2019-02-13 10:12:20 +00:00
semmle-qlci
c422ade739 Merge pull request #927 from xiemaisi/js/ambiguous-id-attr-templates 
Approved by esben-semmle
 2019-02-13 08:35:41 +00:00
Asger F
d532815efe JS: remove unused predicate 2019-02-12 17:34:21 +00:00
Asger F
be10f24de7 JS: make moduleImport() work for named imports 2019-02-12 17:22:06 +00:00
Max Schaefer
2fce626c3a JavaScript: Add Range.prototype.createContextualFragment as an XSS sink. 2019-02-12 16:32:30 +00:00
Max Schaefer
41eb1ff9d0 JavaScript: Drop precision of AmbiguousIdAttribute to 'high'. 2019-02-12 16:31:29 +00:00
Max Schaefer
25f95d9fb1 JavaScript: Be more conservative about templates in AmbiguousIdAttribute. 
Previously, we only excluded attributes where the value of the attribute itself suggests templating happening. Now we exclude all attributes in documents where _any_ attribute value suggests templating.
 2019-02-12 16:31:01 +00:00
Anders Schack-Mulligen
15a6044445 Javascript: Autoformat qlls 2019-02-12 14:41:31 +01:00
Asger F
3290c174c3 JS: Add DataFlow::Node.getAFunctionValue 2019-02-12 13:38:46 +00:00
Asger F
2fd1ee60a2 JS: add DataFlow::Node.getIntValue() 2019-02-12 13:38:46 +00:00
Asger F
0fd9d157f8 JS: add DataFlow::Node.getStringValue() 2019-02-12 13:38:45 +00:00
Anders Schack-Mulligen
1182fca665 Javascript: Autoformat qls 2019-02-12 14:38:42 +01:00
semmle-qlci
c133362660 Merge pull request #910 from xiemaisi/js/regexp-taint 
Approved by esben-semmle
 2019-02-12 13:15:16 +00:00
Asger F
0444fa307d TS: update test expectations 2019-02-12 12:33:09 +00:00
Asger F
7a813cfb84 TS: disable type expansion by default 2019-02-12 12:21:11 +00:00
semmle-qlci
ac3f413b87 Merge pull request #920 from xiemaisi/js/field-as-prop-write 
Approved by asger-semmle
 2019-02-12 10:48:13 +00:00