hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

11808 Commits

Author SHA1 Message Date
Max Schaefer
a417884173 JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-23 21:56:02 +02:00
Esben Sparre Andreasen
6885b5cf1f JS: fix yaml StringIndexOutOfBoundsException 2019-06-21 15:18:56 +02:00
semmle-qlci
59dd3b2fb7 Merge pull request #1477 from asger-semmle/ts-debug-failure-in-tsconfig 
Approved by xiemaisi
 2019-06-21 12:45:13 +01:00
semmle-qlci
4d779026d2 Merge pull request #1479 from xiemaisi/js/remove-circularity 
Approved by asger-semmle
 2019-06-21 09:03:13 +01:00
Max Schaefer
4370f25b32 JavaScript: Remove dependency of module import on globalVarRef. 2019-06-20 21:08:34 +01:00
Max Schaefer
544a55dd0e JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-20 17:04:47 +01:00
Ellen Arteca
99c32f08fb JavaScript: Recognize imports from TypeScript type annotations 2019-06-20 10:45:30 +01:00
Asger F
52f31dcb07 TS: Rely on ts.sys.readFile for decoding 2019-06-19 11:57:22 +01:00
Mark Shannon
77030c4dde Merge branch 'rc/1.21' into 'master' 2019-06-13 12:32:45 +01:00
semmle-qlci
8a43fdc806 Merge pull request #1448 from xiemaisi/js/fix-access-paths-perf-regression 
Approved by esben-semmle
 2019-06-13 10:13:27 +01:00
semmle-qlci
bffc3307b5 Merge pull request #1450 from esben-semmle/js/classify-json-js-as-generated 
Approved by xiemaisi
 2019-06-13 09:45:37 +01:00
semmle-qlci
7332446ee1 Merge pull request #1444 from esben-semmle/js/express-node-inheritance 
Approved by xiemaisi
 2019-06-12 21:43:44 +01:00
semmle-qlci
913544600a Merge pull request #1449 from xiemaisi/js/fix-http-response-sink-perf-regression 
Approved by esben-semmle
 2019-06-12 21:36:23 +01:00
Max Schaefer
60964efce5 JavaScript: Avoid bad context pushing in ReflectedXss::HttpResponseSink. 2019-06-12 16:20:35 +01:00
Esben Sparre Andreasen
3f11ae7eaa Merge remote-tracking branch 'rc/1.21' into master 2019-06-12 12:57:55 +02:00
Esben Sparre Andreasen
6e022f66c4 JS: formatting of Express and NodeJSLib.qll 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen
59b7b0757a JS: make Express' res/req extend Node's res/req 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen
29f9103b39 JS: classify single-line JSON files as generated 2019-06-12 09:05:12 +02:00
semmle-qlci
7790ac45bd Merge pull request #1409 from esben-semmle/js/more-command-injection 
Approved by xiemaisi
 2019-06-11 11:59:18 +01:00
Max Schaefer
70cf32c889 JavaScript: Add a few more tests. 2019-06-11 08:44:14 +01:00
Esben Sparre Andreasen
299d4c6e93 JS: add additional SystemCommandExecutors 2019-06-11 09:38:10 +02:00
Max Schaefer
b32a037ff2 JavaScript: Refactor a few access path computation predicates. 2019-06-10 11:15:52 +01:00
Max Schaefer
398ee0c133 JavaScript: Add tests for data-flow tutorial. 2019-06-07 14:33:26 +01:00
Max Schaefer
16c33b54b6 JavaScript: Recognise references to the process global. 2019-06-06 11:48:18 +01:00
Max Schaefer
d233cea79d JavaScript: Lower precision of PasswordInConfigurationFile. 
In spite of recent improvements, this query is still too noisy to show
by default.
 2019-06-05 08:09:19 +01:00
Max Schaefer
d723ab76d8 JavaScript: Fix getDelimiterMatchingRegexp to work on multi-line strings. 2019-06-05 08:09:19 +01:00
Max Schaefer
a4876270ec JavaScript: Tweak PasswordInConfigurationFile alerts. 
Only highlight first line, and include the password in the alert
message.
 2019-06-05 08:09:19 +01:00
Max Schaefer
c09b859aa7 JavaScript: Add three missing @metricType annotations. 2019-06-04 17:17:14 +01:00
semmle-qlci
1fa975b4c9 Merge pull request #1393 from xiemaisi/js/concretify 
Approved by esben-semmle
 2019-06-04 11:34:47 +01:00
semmle-qlci
80ff63a3bb Merge pull request #1387 from esben-semmle/js/unanchored-url-regex 
Approved by mc-semmle, xiemaisi
 2019-06-03 17:27:08 +01:00
Esben Sparre Andreasen
04868e5b97 JS: format qhelp examples 2019-06-03 17:05:19 +02:00
Esben Sparre Andreasen
9e0a97e82f JS: address qhelp review comments 2019-06-03 16:39:39 +02:00
Esben Sparre Andreasen
bf51c54338 JS: add RegExpPatternSource::getAParse to hide the subclasses 2019-06-03 14:23:22 +02:00
Esben Sparre Andreasen
7b652214c5 JS: address docstring comments 2019-06-03 13:59:39 +02:00
Max Schaefer
d8a101df6d JavaScript: Shrink Configurations.qll some more. 2019-06-03 10:32:25 +01:00
Esben Sparre Andreasen
14644270ac JS: fix comment typo 2019-06-03 08:32:35 +02:00
Esben Sparre Andreasen
7018a38691 JS: improve tests and regexp for js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
3289c629f7 JS: address minor review comments 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
0fa73b8331 JS: add query js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
69db54a03a JS: add anchors to js/incomplete-hostname-regexp examples 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
3358e49698 JS: refactor the predicate RegExp::regexp to three classes. 
This preserves the ad hoc message formatting in IncompleteHostnameRegExp.ql
 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
98ae2597bb JS: refactor IncompleteHostnameRegExp::regexp to RegExp.qll 2019-06-03 08:27:49 +02:00
Max Schaefer
c560096b17 JavaScript: Make Script and CodeInAttribute concrete. 2019-05-31 12:04:14 +01:00
Max Schaefer
74688bb600 Merge pull request #1341 from esben-semmle/js/sync-suites 
JS: Add queries to the manual suite for LGTM constistency
 2019-05-31 08:18:08 +01:00
Max Schaefer
3097037a6f Merge pull request #1290 from esben-semmle/js/semver-lib 
JS: add SemVer library
 2019-05-31 08:09:24 +01:00
semmle-qlci
0fa06e5c8d Merge pull request #1180 from asger-semmle/tainted-path-squashed 
Approved by xiemaisi
 2019-05-30 17:20:19 +01:00
Max Schaefer
3c8aea26da JavaScript: Update expected test output. 2019-05-30 15:05:43 +01:00
Max Schaefer
5ac408d641 JavaScript: Remove a few more configurations from AllConfigurations.qll. 
This works around BDD node exhaustion we get due to the complex type
hierarchy caused by importing many configurations at once. I've also
renamed the library accordingly.
 2019-05-30 13:13:16 +01:00
Asger F
72c0925967 TS: Bump to TypeScript 3.5.1 2019-05-30 11:40:25 +01:00
Max Schaefer
38a38ab780 JavaScript: Make autobuilder fail if no JS/TS code was seen. 
In particular, the autobuilder will no longer succeed for projects that
contain HTML or YAML files but no JS/TS code. Further down the line,
this prevents LGTM.com from classifying such projects as "JavaScript"
projects.
 2019-05-28 14:43:59 +01:00