codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
Asger Feldthaus	b98db62e82	JS: Recognize req.user a cookie access	2020-01-24 09:44:20 +00:00
Asger Feldthaus	a68bb9ffd1	JS: Ignore calls and csrf/captcha access	2020-01-23 15:32:05 +00:00
Asger Feldthaus	b1ec3e1bf2	JS: Add test and dont check predecessors	2020-01-23 14:59:03 +00:00
Erik Krogh Kristensen	6494649125	fix a number of FPs in js/exception-xss	2020-01-20 15:11:57 +01:00
semmle-qlci	4efc418e2c	Merge pull request #2617 from asger-semmle/prototype-pollution-utility Approved by esbena, mchammer01	2020-01-16 13:02:07 +00:00
Asger Feldthaus	6d9306366c	JS: ignore useless-expr in first stmt in try block	2020-01-15 11:49:23 +00:00
semmle-qlci	3c4749be88	Merge pull request #2624 from asger-semmle/js-duplicate-alert-strict-mode Approved by max-schaefer	2020-01-14 11:59:45 +00:00
Asger F	2c05ee8ab8	JS: Add regression test	2020-01-14 10:53:00 +00:00
Asger F	9bd3c4a11c	JS: Add sanitizer for "in" exprs	2020-01-14 10:53:00 +00:00
Asger Feldthaus	7ac30e2289	JS: Add test for rephinement nodes	2020-01-14 10:53:00 +00:00
Asger F	a447645c10	JS: Add test with typeof on value	2020-01-14 10:52:59 +00:00
Asger F	bd9405ab84	JS: Guard against more FPs	2020-01-14 10:52:59 +00:00
Asger F	f7543aec95	JS: Support Reflect.ownKeys	2020-01-14 10:52:59 +00:00
Asger F	8af233307a	JS: Support enumeration through Object.entries	2020-01-14 10:52:59 +00:00
Asger F	96bf9db200	JS: Add another test and more barriers	2020-01-14 10:52:59 +00:00
Asger F	bc7871078a	JS: Fix FPs from Object.create(null)	2020-01-14 10:52:59 +00:00
Asger F	c889420dd3	JS: Add qhelp samples to test suite	2020-01-14 10:52:59 +00:00
Asger F	654f145772	JS: Add PrototypePollutionUtility query	2020-01-14 10:52:59 +00:00
Asger Feldthaus	73e60a7400	JS: Ignore strict-mode-call-stack-introspection for expr stmts	2020-01-13 16:03:03 +00:00
semmle-qlci	f1f69ef85d	Merge pull request #2589 from esbena/js/ignore-duplicate-params-for-empty-functions Approved by erik-krogh	2020-01-09 11:58:04 +00:00
Max Schaefer	308da0774d	Merge pull request #2525 from asger-semmle/promise-missing-await JS: New query: missing await	2020-01-08 15:29:45 +00:00
Asger Feldthaus	66a16d21a9	JS: Fix buggy test cases	2020-01-07 10:19:09 +00:00
Asger Feldthaus	2d534163d0	JS: Add test for empty regex	2020-01-07 10:10:29 +00:00
Asger Feldthaus	9f6e04887b	JS: Fix FP from word boundaries	2020-01-07 10:09:17 +00:00
Asger Feldthaus	4c25d84b6e	JS: Fix and expand test cases	2020-01-06 14:43:29 +00:00
Asger F	9928762769	JS: Add RegExpAlwaysMatches query	2020-01-06 13:48:02 +00:00
semmle-qlci	48deb30756	Merge pull request #2573 from max-schaefer/js/generalise-alert-suppression Approved by asgerf	2020-01-06 10:43:17 +00:00
semmle-qlci	5dcc5b3b1e	Merge pull request #2581 from erik-krogh/FlowUselessExpr Approved by max-schaefer	2020-01-06 08:33:36 +00:00
Esben Sparre Andreasen	9279bfc8a2	JS: add test case for arrow functions with duplicate parameter names	2020-01-06 09:21:36 +01:00
Esben Sparre Andreasen	96748ca32e	JS: sharpen js/duplicate-parameter-name	2020-01-06 08:51:00 +01:00
Esben Sparre Andreasen	5718fbd98a	JS: update test	2020-01-06 08:33:38 +01:00
Asger F	30a8769dad	JS: Add more bad promise contexts	2020-01-03 14:12:55 +00:00
Erik Krogh Kristensen	c22d3d0b3a	add test for block-level flow type annotations	2020-01-03 11:07:35 +01:00
semmle-qlci	06d812a6ff	Merge pull request #2556 from erik-krogh/RegexpVoidCxt Approved by max-schaefer	2020-01-03 08:38:56 +00:00
Max Schaefer	8d1ad5c5f3	JavaScript: Alert suppression through single-line /* */ style comments.	2020-01-02 10:45:20 +00:00
Erik Krogh Kristensen	15d74b7d03	remove FP from js/regexpinjection where no regexp was constructed	2019-12-19 10:47:03 +01:00
Erik Krogh Kristensen	bf56797ad7	update expected output of tests	2019-12-17 16:27:55 +01:00
Erik Krogh Kristensen	7c931452d9	autoformat	2019-12-16 13:45:42 +01:00
Erik Krogh Kristensen	904976c7ac	update tests after removing control-flow checks from error-callbacks	2019-12-16 08:30:21 +01:00
Erik Krogh Kristensen	e164f46330	changes based on review feedback	2019-12-13 11:44:31 +01:00
Erik Krogh Kristensen	f35dc5d274	Merge remote-tracking branch 'upstream/master' into moarExceptions	2019-12-12 16:13:52 +01:00
Asger F	a30f991b5e	JS: Add query for missing await	2019-12-12 15:11:25 +00:00
Erik Krogh Kristensen	08d0cb795b	revert the introduction of getEnclosingCall	2019-12-12 15:14:02 +01:00
semmle-qlci	cb8e5fa3fc	Merge pull request #2411 from asger-semmle/regexp-sanitizer-guards Approved by esbena, max-schaefer	2019-12-11 12:00:21 +00:00
Erik Krogh Kristensen	62512dd3e9	expand the js/exception-xss to handle more types of exceptional flow	2019-12-11 10:43:50 +01:00
Henning Makholm	66b3c7cf07	JS tests: add queries.xml The `queries.xml` file defines which extractor the `codeql test` runner will use to extract databases for the tests. In the future one will be able to write this information in `qlpack.yml`, but we can't do that immediately because the _existing_ CodeQL tooling would refuse to parse a `qlpack.yml` that has the new field in it. Adding a queries.xml file means that the normalization of file names in the test output changes even with the old QLTest, so there are a number of consequential updates of expected output files.	2019-12-07 02:38:02 +01:00
Asger F	2acd616e6f	JS: Review comments	2019-12-06 11:53:06 +00:00
Asger F	bbb6dad726	JS: Update koa testcase	2019-12-06 11:49:59 +00:00
Asger F	a6e75259d6	JS: More fine-grained regexp-based sanitizer guards	2019-12-06 11:49:59 +00:00
semmle-qlci	cfcd18b411	Merge pull request #2429 from erik-krogh/typeAheadSink Approved by esbena	2019-12-03 08:07:25 +00:00

... 38 39 40 41 42 ...

2665 Commits