hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

2665 Commits

Author SHA1 Message Date
semmle-qlci
d03aecaa98 Merge pull request #2235 from max-schaefer/js/issue-2233 
Approved by esbena
 2019-10-31 14:17:58 +00:00
Max Schaefer
8aae1f443f JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments. 2019-10-31 12:13:55 +00:00
Max Schaefer
311cbd824c JavaScript: Recognize ":" pseudo-directive. 2019-10-31 11:39:09 +00:00
semmle-qlci
2a3980222b Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes 
Approved by asger-semmle
 2019-10-31 10:47:30 +00:00
Max Schaefer
bb0771b36c JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-10-30 14:49:01 +00:00
Max Schaefer
8c133ff61d JavaScript: Deal with (un-)escaping on captured variables. 2019-10-30 14:46:50 +00:00
Max Schaefer
a8214ce7ee JavaScript: Fix regexes for escaping schemes. 2019-10-30 14:15:59 +00:00
Max Schaefer
5349e0f881 JavaScript: Recognise wrapped chains of replacements. 2019-10-30 13:14:38 +00:00
Max Schaefer
02d16b1dc9 JavaScript: Recognise wrapped string replacement functions. 2019-10-30 13:01:17 +00:00
Max Schaefer
aaeca32519 JavaScript: Recognize string escaping using .replace with a callback. 2019-10-30 12:45:32 +00:00
Max Schaefer
bd1c99d8a4 JavaScript: Recognise JSON.stringify and JSON.parse as escaper/unescaper. 2019-10-30 12:38:05 +00:00
semmle-qlci
a778efe71e Merge pull request #2216 from asger-semmle/xss-encodeURIComponent 
Approved by max-schaefer
 2019-10-30 11:49:31 +00:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Asger F
94dd9a1c04 JS: Block XSS flow through encodeURIComponent 2019-10-28 17:12:40 +00:00
semmle-qlci
33374ee089 Merge pull request #2202 from asger-semmle/express-sendfile 
Approved by esbena
 2019-10-28 09:24:34 +00:00
Max Schaefer
b333c6a214 Merge pull request #2106 from asger-semmle/call-graph-3 
JS: Call graph changes
 2019-10-28 09:24:10 +00:00
Erik Krogh Kristensen
92cebea235 update tests to include empty reciever case 2019-10-27 00:25:59 +02:00
Erik Krogh Kristensen
da23898eba update tests 2019-10-26 23:26:45 +02:00
Erik Krogh Kristensen
5b26d03f1c introduce backtracking, and also marking join/slice calls 2019-10-25 16:50:09 +02:00
Asger F
5636d42c13 JS: Update test 2019-10-25 09:57:10 +01:00
Erik Krogh Kristensen
5489a80372 add query for detecting ignored calls to Array.prototype.concat 2019-10-24 16:17:19 +02:00
semmle-qlci
1c79ec550e Merge pull request #2092 from esben-semmle/js/brittle-system-reflection-command 
Approved by mchammer01, xiemaisi
 2019-10-22 08:36:44 +01:00
semmle-qlci
0dcb189e67 Merge pull request #2162 from xiemaisi/js/remove-deprecated-queries 
Approved by esben-semmle
 2019-10-22 07:15:58 +01:00
Esben Sparre Andreasen
5a983cb535 JS: add query js/shell-command-injection-from-environment 2019-10-21 23:31:55 +02:00
Erik Krogh Kristensen
2e0244cda6 address review feedback 2019-10-21 20:32:45 +02:00
Max Schaefer
55fb86d618 JavaScript: Remove deprecated queries. 
These queries have all been deprecated since 1.17 (released in July 2018). I think it's time to say goodbye.
 2019-10-21 14:42:02 +01:00
Erik Krogh Kristensen
9eda120de4 implement a new query to detect unreachable overloaded methods in TypeScript 2019-10-21 13:34:42 +02:00
Asger F
8aa34e6a54 JS: Add XSS test case for new PostMessageEventHandler cases 2019-10-21 11:32:22 +01:00
Esben Sparre Andreasen
e1d7434be4 JS: add query js/useless-regexp-character-escape 2019-10-16 00:15:54 +02:00
Max Schaefer
dca808126f Merge pull request #2032 from erik-krogh/lessSpaces 
JS: remove false positive in js/missing-space-in-concatenation
 2019-10-14 14:25:40 +01:00
Erik Krogh Kristensen
28056791a5 add .getALocalSource() when testing for lodash-members 2019-10-14 14:14:26 +02:00
Erik Krogh Kristensen
a7c1c34e1e fix test output, and add new test for array callbacks 2019-10-11 17:14:58 +02:00
semmle-qlci
7ba04768cd Merge pull request #2098 from asger-semmle/ts-computed-field-name-context 
Approved by esben-semmle
 2019-10-10 12:06:46 +01:00
Esben Sparre Andreasen
0e79d3db46 Merge pull request #2065 from erik-krogh/noReturn 
JS: use of returnless function
 2019-10-09 13:44:39 +02:00
Asger F
07df479b94 JS: IllegalInvocation: be more convservative 2019-10-09 12:16:11 +01:00
Asger F
ad8667d6db JS: IllegalInvocation regression test 2019-10-09 12:16:11 +01:00
Asger F
d3f587c12a JS: Restrict class values flowing through globals 2019-10-09 12:16:11 +01:00
Asger F
dbfd0ae03b JS: InconsistentNew regression test 2019-10-09 12:16:11 +01:00
semmle-qlci
c8e5be74d5 Merge pull request #2093 from asger-semmle/ts-unused-var-fix 
Approved by erik-krogh
 2019-10-08 13:51:46 +01:00
Asger F
8146619913 JS: Set context of computed field names to enclosing ctor 2019-10-08 13:51:12 +01:00
Asger F
2235072841 JS: Add tests 2019-10-08 13:51:12 +01:00
Erik Krogh Kristensen
0933235132 whitelist calls to functions that always throw an exception 2019-10-08 11:54:57 +02:00
Erik Krogh Kristensen
1bbe1ecdba the js/use-of-returnless-function query now support multiple callees 2019-10-08 11:54:57 +02:00
Erik Krogh Kristensen
7025ba36c0 refactor of js/use-of-returnless-function 2019-10-08 11:54:57 +02:00
Erik Krogh Kristensen
dedae5ba1d refactor isExplicitConditional into a library file, and use it from js/use-of-returnless-function 2019-10-08 11:54:56 +02:00
Erik Krogh Kristensen
bda37b6d6f refactor of benignContext predicate based on code review 2019-10-08 11:54:56 +02:00
Erik Krogh Kristensen
bed14244ae add query for detecting uses return-values from functions that does not return a value 2019-10-08 11:53:14 +02:00
Asger F
316580334a TS: Fix extraction of default-exported class 2019-10-07 16:46:59 +01:00