hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

4992 Commits

Author SHA1 Message Date
Asger F
e55330b820 JS: Fix flow through += 2019-04-05 13:55:48 +01:00
semmle-qlci
063dbeeff3 Merge pull request #1198 from esben-semmle/js/more-express-route-handlers 
Approved by xiemaisi
 2019-04-05 09:47:51 +01:00
Esben Sparre Andreasen
60ba74a210 JS: Express cleanup and generalization 2019-04-04 21:42:08 +02:00
Esben Sparre Andreasen
c94ca46366 JS: add more Express tests 2019-04-04 21:42:08 +02:00
Asger F
43f6b8fa70 JS: Add test 2019-04-04 11:44:56 +01:00
Asger F
3da76cb798 JS: add model of ShellJS 2019-04-04 11:44:56 +01:00
Asger F
3bc7371fd6 JS: be less conservative about incomplete nodes in prefix sanitizers 2019-04-03 15:20:03 +01:00
Esben Sparre Andreasen
3c608fe11e Merge branch 'master' into js/improve-createServer 2019-04-03 12:37:33 +02:00
semmle-qlci
1da828fa80 Merge pull request #1195 from esben-semmle/js/firebase-express-requests 
Approved by xiemaisi
 2019-04-03 11:36:02 +01:00
Esben Sparre Andreasen
f23a5a5fee JS: model firebase-functions/https.onRequest 2019-04-03 08:01:45 +02:00
Esben Sparre Andreasen
0b733b4f23 JS: treat the last argument to https.createServer as a route handler 2019-04-02 14:38:31 +02:00
semmle-qlci
02f4695a5b Merge pull request #1152 from esben-semmle/js/koa-improvements 
Approved by xiemaisi
 2019-04-02 08:51:19 +01:00
semmle-qlci
54b4e59d12 Merge pull request #1182 from esben-semmle/js/sourcenode-regexp-literals 
Approved by xiemaisi
 2019-04-01 21:58:58 +01:00
Esben Sparre Andreasen
2622fc64db JS: autoformat 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
7fec005806 JS: use DataFlow::SourceNode in three locations in Koa 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
919eed6630 JS: add koa tests 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
00c8387bb3 JS: model Koa redirects 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
298dbe13c4 JS: improve Koa model to account for aliases on the context object 2019-04-01 22:49:00 +02:00
Esben Sparre Andreasen
0e01988622 JS: add koa tests 2019-04-01 22:49:00 +02:00
Rebecca Valentine
2b6869fff3 updates expecteds to reflect changes in the test file 2019-04-01 11:21:21 -07:00
Rebecca Valentine
0d0adada42 fixes tests and adds test results to expecteds 2019-04-01 11:13:04 -07:00
Rebecca Valentine
a16b5d36a8 adds tests 2019-04-01 10:40:51 -07:00
semmle-qlci
a4de82de06 Merge pull request #1185 from xiemaisi/js/improve-amd-imports 
Approved by asger-semmle
 2019-04-01 16:30:47 +01:00
semmle-qlci
a7d9a50dcf Merge pull request #1176 from xiemaisi/js/fix-socket-io-type-tracking 
Approved by asger-semmle
 2019-04-01 13:57:13 +01:00
Esben Sparre Andreasen
364ba1b4ac JS: use RegExpLiteral as a SourceNode 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
7923c9d77c JS: add tests for missing flow of regular expressions 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
42d3012f81 JS: let RegExpLiteral be a DataFlow::SourceNode 2019-04-01 09:19:25 +02:00
semmle-qlci
ed0ef36427 Merge pull request #1035 from asger-semmle/firebase 
Approved by xiemaisi
 2019-03-29 13:44:02 +00:00
Max Schaefer
f5279b2a1d JavaScript: Resolve AMD imports based on absolute paths if there is only a single candidate. 2019-03-29 08:30:05 +00:00
Max Schaefer
b29b3dff4d JavaScript: Use proper camel-case for AMD-related class names. 2019-03-29 08:14:07 +00:00
semmle-qlci
35ea746045 Merge pull request #1172 from asger-semmle/hostname-prefix-sanitizer 
Approved by xiemaisi
 2019-03-28 11:55:10 +00:00
Max Schaefer
c097031c7e JavaScript: Fix uses of TypeTracker with custom flow steps. 
These steps need to check that the type hasn't been tracked into a property.
 2019-03-28 10:33:04 +00:00
Asger F
99dc2435af JS: update test 2019-03-27 15:03:04 +00:00
Asger F
42c0efd549 JS: add test 2019-03-27 13:21:45 +00:00
semmle-qlci
86040575b1 Merge pull request #1161 from esben-semmle/js/classify-mode-html 
Approved by xiemaisi
 2019-03-27 12:56:04 +00:00
Asger F
d4c7312d80 JS: more sanitizing prefixes 2019-03-27 11:22:31 +00:00
Asger F
50f2afb622 JS: add test 2019-03-27 11:20:39 +00:00
Esben Sparre Andreasen
3cd93129a6 JS: classify HTML files with > 20 elements on a line as generated 2019-03-26 08:03:56 +01:00
Max Schaefer
084159dcfd JavaScript: Teach type trackers to track flow through one level of properties. 2019-03-25 20:38:58 +00:00
Max Schaefer
9fbc0eb717 JavaScript: Switch from path summaries to step summaries for type tracking. 
This is sufficient since we are not doing summarisation.
 2019-03-25 20:37:05 +00:00
Max Schaefer
55394df96f JavaScript: Refactor HTTP libraries to use type tracking instead of tracked nodes. 2019-03-25 16:57:46 +00:00
Max Schaefer
74db8b1979 JavaScript: Use type tracking instead of tracked nodes in Express. 2019-03-25 16:57:46 +00:00
Esben Sparre Andreasen
4ab3407726 JS: add classification test cases 2019-03-25 10:45:44 +01:00
Max Schaefer
8c460ae385 Merge remote-tracking branch 'upstream/master' into rc/1.20-merge-master 
Conflict in `javascript/extractor/src/com/semmle/js/extractor/Main.java` resolved
in favour of `master`.
 2019-03-21 14:46:29 +00:00
Asger F
1a6c95c908 TS: update test expectation 2019-03-21 11:06:04 +00:00
Max Schaefer
4533e1f6fe JavaScript: Add model of adm-zip library for ZipSlip query. 2019-03-21 08:04:06 +00:00
Asger F
aaa8bfb874 TS: allow namespace imports as types 2019-03-20 10:09:18 +00:00
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
Max Schaefer
77c383aee2 JavaScript: Simplify flow-summary queries. 
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.

I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
 2019-03-19 10:58:49 +00:00
Jason Reed
4475dd4b9f JavaScript: Add test and fix change note. 2019-03-15 14:40:48 -04:00