hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

11726 Commits

Author SHA1 Message Date
Max Schaefer
f06cef5d40 JavaScript: Port JSDoc parser to Java. 2018-11-12 08:18:53 +00:00
Max Schaefer
c14ebac455 JavaScript: Port regular expression parser to Java. 2018-11-12 08:18:53 +00:00
Aditya Sharad
761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Max Schaefer
63933cdecd JavaScript: Don't extract extens with --experimental turned on. 
There isn't any particularly compelling reason for doing so.
 2018-11-09 16:22:55 +00:00
Max Schaefer
f7d693d06f JavaScript: Make default extractor options more sensible. 
We now use module auto-detection and no TypeScript mode.

This only affects extern extraction in `AutoBuild`, everything else sets these options explicitly.
We currently do not have any ES2015 modules or TypeScript code in our externs, so in practice this is behaviour-preserving.
 2018-11-09 16:21:35 +00:00
Max Schaefer
fa8736adbc JavaScript: Introduce aliases for compatibility with other language libraries. 2018-11-09 11:27:14 +00:00
Max Schaefer
bdfe938d02 JavaScript: Improve StackTraceExposure query. 
It now also flags exposure of the entire exception object (not just the `stack` property).
 2018-11-09 09:42:09 +00:00
semmle-qlci
a7290e5aeb Merge pull request #434 from esben-semmle/js/type-confusion-with-taint-kinds 
Approved by asger-semmle
 2018-11-09 08:25:55 +00:00
semmle-qlci
c19747803b Merge pull request #425 from xiemaisi/js/lodash-recognition-extensible 
Approved by esben-semmle
 2018-11-09 08:08:40 +00:00
Dave Bartolomeo
2977395c32 Ignore whitespace errors in everything under lib 2018-11-08 11:06:42 -08:00
Dave Bartolomeo
d521502ded Allow mixed whitespace in parser tests 2018-11-08 11:06:42 -08:00
Dave Bartolomeo
55f4839abf Allow mixed whitespace in JavaScript test sources 2018-11-08 11:06:42 -08:00
Esben Sparre Andreasen
bd2fc33621 JS: annotate tests with expectations 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
ca215391b4 JS: substitute Assignment for DataFlow::PropWrite 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
b7f424df41 JS: introduce DataFlow::PropWrite::getWriteNode 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
d813a7cad2 JS: push negation 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
470c241c82 JS: use range instead of ad hoc LT/GT 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
1389009388 JS: naming and doc cleanups 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
33a297c829 JS: add query: js/useless-assignment-to-property 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
6ee47c437e JS: generalize and move DeadStoreOfLocal.qhelp to DeadStore.qhelp 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
cacb8fdee0 JS: move DeadStoreOfLocal::isDefaultInit to separate module 2018-11-08 13:23:19 +01:00
semmle-qlci
3c49bc6e67 Merge pull request #407 from asger-semmle/email-xss 
Approved by xiemaisi
 2018-11-08 10:53:10 +00:00
semmle-qlci
29cabc0e09 Merge pull request #424 from esben-semmle/js/syntactic-nullOrUndefined 
Approved by asger-semmle
 2018-11-08 10:52:44 +00:00
semmle-qlci
990c7e057f Merge pull request #419 from xiemaisi/js/fix-mixed-whitespace 
Approved by esben-semmle
 2018-11-07 23:47:48 +00:00
Aditya Sharad
ed49c623f1 Version: Bump to 1.18.2 release. 2018-11-07 14:36:40 +00:00
Esben Sparre Andreasen
0afbea968c Merge pull request #421 from xiemaisi/js/open-source-extractor 
JavaScript: Open-source extractor
 2018-11-07 15:13:27 +01:00
Asger F
e0d5557ef4 JS: add email HTML body as XSS sink 2018-11-07 11:31:40 +00:00
Esben Sparre Andreasen
f0343d0678 JS: use isUserControlledObject in js/type-confusion-through-parameter-tampering 2018-11-07 12:18:46 +01:00
Esben Sparre Andreasen
a2df4f9bfe JS: mark Koa params as user-controlled objects 2018-11-07 12:18:46 +01:00
Aditya Sharad
194042348a Eclipse plugins: Remove plugin metadata. 
This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.
 2018-11-07 11:01:05 +00:00
Max Schaefer
b058854964 JavaScript: Teach type inference about AMD imports. 2018-11-07 09:18:21 +00:00
Max Schaefer
22640f891e JavaScript: Make lodash/underscore recognition extensible. 2018-11-07 09:02:17 +00:00
Esben Sparre Andreasen
e6a190c06e JS: replace .stripParens query uses w. .getUnderlyingReference 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
f04293f73c JS: replace .stripParens library uses w. .getUnderlyingReference 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
43e215c7af JS: replace .stripParens query uses w. .getUnderlyingValue 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
030d9202de JS: replace .stripParens library uses w. .getUnderlyingValue 2018-11-07 09:32:02 +01:00
semmle-qlci
4225e0bb44 Merge pull request #356 from asger-semmle/parameter-node 
Approved by xiemaisi
 2018-11-07 08:31:05 +00:00
semmle-qlci
2457eb98df Merge pull request #166 from asger-semmle/documentable-self-assign 
Approved by esben-semmle, xiemaisi
 2018-11-07 08:30:17 +00:00
semmle-qlci
c20e24d549 Merge pull request #385 from asger-semmle/async-model 
Approved by xiemaisi
 2018-11-07 08:28:37 +00:00
semmle-qlci
282d1e2096 Merge pull request #404 from asger-semmle/useless-conditional2 
Approved by xiemaisi
 2018-11-07 08:28:01 +00:00
Max Schaefer
212a78b5fc Merge pull request #323 from esben-semmle/js/always-return-type-inference 
JS: additional return type inference
 2018-11-07 08:25:28 +00:00
Max Schaefer
f75ce7a6ef JavaScript: Fix project layout for trap tests. 2018-11-07 07:48:25 +00:00
Max Schaefer
4c4920c3a9 JavaScript: Open-source extractor. 2018-11-07 07:48:25 +00:00
Max Schaefer
5ffe45a80b JavaScript: Fix mixed tabs/spaces in qhelp. 2018-11-07 07:40:51 +00:00
Esben Sparre Andreasen
a79a6a07b8 JS: stop tracking properties of object literals 2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen
a07c094437 JS: introduce TypeInferredCalleeWithAnalyzedReturnFlow 2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen
fef3573152 JS: use global layer in AnalyzedNode::getABooleanValue and -getAType 2018-11-06 16:04:46 +01:00
Asger F
1252cde7f3 JS: remove a comma 2018-11-06 12:24:34 +00:00
Asger F
dcf6218d1d JS: update test expectations 2018-11-06 12:22:05 +00:00
Asger F
c991d67fcb JS: fix typos 2018-11-06 12:12:43 +00:00