hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

11726 Commits

Author SHA1 Message Date
Max Schaefer
6835815673 JavaScript: Address review comments. 2018-10-15 20:14:40 +01:00
semmle-qlci
7543fa4a10 Merge pull request #298 from asger-semmle/partial-calls-merged 
Approved by xiemaisi
 2018-10-15 14:58:22 +01:00
Max Schaefer
0cfd04dfa2 JavaScript: Eliminate slow antijoin predicate. 2018-10-12 13:01:01 +01:00
Max Schaefer
080f974663 JavaScript: Refactor AnalyzedPropertyWrite::writes to enable correct modelling of variable exports. 2018-10-12 13:00:52 +01:00
semmle-qlci
16b29b2d08 Merge pull request #299 from asger-semmle/nosql-sinks 
Approved by xiemaisi
 2018-10-12 07:12:05 +01:00
Tom Hvitved
b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Asger F
da3e960e39 JS: address review comments 2018-10-11 12:45:45 +01:00
Max Schaefer
cd284b2f97 JavaScript: Add support for Google Cloud Spanner. 2018-10-11 09:30:39 +01:00
Asger F
9b10254cd4 JS: support label-specific sanitizer guards 2018-10-10 18:27:14 +01:00
Asger F
5e720486d5 JS: recognize req.query.x as deep object taint 2018-10-10 17:15:56 +01:00
Asger F
d72d7345b8 JS: make NosqlInjection use object taint 2018-10-10 17:05:59 +01:00
Asger F
b70f70f722 JS: Add TaintedObject flow label library 2018-10-10 17:05:59 +01:00
Asger F
396ad336a3 JS: add RemoteFlowSource.isDeepObject() and populate it 2018-10-10 17:05:59 +01:00
Asger F
46b2015065 JS: fix an outdated comment 2018-10-10 17:05:59 +01:00
Asger F
03b479114f JS: preserve document.url label out of .href property 2018-10-10 17:05:59 +01:00
Asger F
ea297dd442 JS: bugfix in handling of custom flow labels 2018-10-10 16:06:44 +01:00
Esben Sparre Andreasen
6687dfd558 JS: improve model of express' req.sendFile 2018-10-10 15:46:43 +02:00
Esben Sparre Andreasen
358b6c3413 JS: change "remote request" to "network request" 2018-10-10 15:34:39 +02:00
Esben Sparre Andreasen
e93545d16e JS: address more review comments 2018-10-10 15:28:42 +02:00
Esben Sparre Andreasen
c885490c7e JS: address review comments 2018-10-10 12:18:30 +02:00
Esben Sparre Andreasen
0da1ac4d75 JS: naming and documentation cleanup for NodeJS file system accesses 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
64b0d39390 JS: polish HttpToFileAccess.qll 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
df72492f16 JS: polish FileAccessToHttp.qll 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
43f98a7ef8 JS: refactor NodeJSFileSystemRead* to FileStreamRead 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
30f7f41dff JS: refactor NodeJSFileSystemWrite to FileStreamWrite 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
e99b9d34c5 JS: polish characters of NodeJSFileSystemAccess*Call 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
4e4597a24d JS: replace HTTP::RequestBody with ClientRequest.getADataNode 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
0fc56e443e JS: introduce ClientRequest.getADataNode 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
3b2440e850 JS: remove useless externs definitions for tests 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
a3ec739210 JS: restructure FileSystemWriteAccess/FileSystemReadAccess API 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
b00aa36cdc JS: polish HttpToFileAccess.ql 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
d261915598 JS: polish FileAccessToHttp.ql 2018-10-10 12:12:54 +02:00
Asger F
74f115fa40 JS: add test case 2018-10-10 10:46:40 +01:00
Asger F
2a87d53db4 JS: Add additional Mongoose/MongoDB sinks 2018-10-10 10:11:18 +01:00
Asger F
4e7f171f54 JavaScript: do not cache AdditionalPartialInvokeNode 2018-10-10 09:40:49 +01:00
Max Schaefer
8d8148d58e Merge pull request #294 from asger-semmle/canonical-this-source 
JS: Canonicalize 'this' in the data-flow graph
 2018-10-10 08:10:53 +01:00
Max Schaefer
355786c2d8 Merge pull request #296 from esben-semmle/js/more-array-creation 
JS: use DataFlow::ArrayCreationNode in additional places
 2018-10-10 08:10:17 +01:00
Asger F
9fb73f41c9 JS: rename ReactComponent::getAThisAccess -> getAThisNode 2018-10-09 08:54:44 +01:00
Asger F
fd58039753 JS: update additional QL test output 2018-10-09 08:54:14 +01:00
Asger F
030bae9454 JS: Canonicalize ThisNode 2018-10-09 08:53:41 +01:00
Asger F
3bc5e3bfdf JS: Replace some uses AnalyzedValueNode with AnalyzedNode 2018-10-09 08:53:41 +01:00
Tom Hvitved
ccebd5eb11 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 16:23:29 +02:00
Tom Hvitved
546a91e192 Revert "JavaScript: Patch CFG to improve support for non-top level import declarations." 
This reverts commit f05e777e64.
 2018-10-08 16:20:40 +02:00
Max Schaefer
e354694173 Merge pull request #273 from asger-semmle/csrf-sources 
JS: add RemoteFlowSource.isThirdPartyControllable()
 2018-10-08 15:09:38 +01:00
Asger F
d2af4ab94a Merge pull request #227 from xiemaisi/js/taint-kinds 
JavaScript: Add support for state-based taint tracking.
 2018-10-08 15:09:12 +01:00
Esben Sparre Andreasen
70cd03d3bc JS: use DataFlow::ArrayCreationNode in additional places 2018-10-08 15:47:11 +02:00
Tom Hvitved
49644bfb47 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 11:48:56 +02:00
Esben Sparre Andreasen
a668f906bc JS: recognize binding decorators on classes 2018-10-08 07:58:12 +02:00
semmle-qlci
98254e87e1 Merge pull request #132 from denislevin/denisl/js/HttpToFileAccessTest 
Approved by xiemaisi
 2018-10-04 14:06:46 +01:00
Asger F
8bc92bd534 TS: test case for type expansion through type parameter bound 2018-10-04 12:05:05 +01:00