hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

11808 Commits

Author SHA1 Message Date
semmle-qlci
313134cb8c Merge pull request #1148 from xiemaisi/js/adm-zip 
Approved by esben-semmle
 2019-03-21 14:00:30 +00:00
Asger F
1a6c95c908 TS: update test expectation 2019-03-21 11:06:04 +00:00
Max Schaefer
1835028b93 JavaScript: Show character code when reporting unexpected character. 2019-03-21 10:44:49 +00:00
Max Schaefer
4533e1f6fe JavaScript: Add model of adm-zip library for ZipSlip query. 2019-03-21 08:04:06 +00:00
Asger F
5768d85c7b TS: fix trap test output 2019-03-20 12:46:52 +00:00
Asger F
8201e7ea27 TS: update trap test output 2019-03-20 10:23:28 +00:00
Asger F
aaa8bfb874 TS: allow namespace imports as types 2019-03-20 10:09:18 +00:00
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
Max Schaefer
77c383aee2 JavaScript: Simplify flow-summary queries. 
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.

I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
 2019-03-19 10:58:49 +00:00
Jason Reed
4475dd4b9f JavaScript: Add test and fix change note. 2019-03-15 14:40:48 -04:00
Jason Reed
aa9ba9557c JavaScript: Include 'unzipper' library in ZipSlip. 2019-03-15 09:32:39 -04:00
Jason Reed
8124980f58 JavaScript: Add change note and comment. 2019-03-15 09:32:39 -04:00
Jason Reed
a674dbb5cd JavaScript: Update docstrings to reflect generalization. 2019-03-15 09:31:26 -04:00
Jason Reed
6589813ec7 JavaScript: Add tar-stream extraction to ZipSlip query. 2019-03-15 09:31:26 -04:00
Max Schaefer
5441352d41 Merge pull request #1113 from esben-semmle/js/useless-property-assign-setter 
JS: improve use of attributes from ~Object.defineProperty~
 2019-03-15 12:11:50 +00:00
semmle-qlci
cb86687302 Merge pull request #1078 from psygnisfive/UndefinedReturns 
Approved by xiemaisi
 2019-03-15 08:37:12 +00:00
Rebecca Valentine
f3683794d6 stylistic changes per PR change req. in description 
https://github.com/Semmle/ql/pull/1078#pullrequestreview-214401005
 2019-03-14 09:49:02 -07:00
semmle-qlci
e648477d14 Merge pull request #1114 from xiemaisi/js/yield-import 
Approved by asger-semmle
 2019-03-14 16:48:04 +00:00
semmle-qlci
d549a0dcb8 Merge pull request #1111 from xiemaisi/js/performance-fiddling 
Approved by esben-semmle
 2019-03-14 14:56:26 +00:00
semmle-qlci
5d9d23ee71 Merge pull request #1110 from xiemaisi/js/yield-in-non-generator 
Approved by asger-semmle
 2019-03-14 11:59:43 +00:00
semmle-qlci
7513bcf7ec Merge pull request #1095 from xiemaisi/js/base64 
Approved by esben-semmle
 2019-03-14 11:58:50 +00:00
Max Schaefer
8e52528219 JavaScript: Refactor reachableFromInput to improve join. 2019-03-14 11:53:46 +00:00
Max Schaefer
993345fb7b JavaScript: Track Electron browser objects locally only. 2019-03-14 11:53:46 +00:00
Esben Sparre Andreasen
bd7eef08e8 JS: introduce CallToObjectDefineProperty::getAPropertyAttribute 2019-03-14 11:59:27 +01:00
Esben Sparre Andreasen
ff5b85067a JS: add tests 2019-03-14 11:55:41 +01:00
Max Schaefer
69c63110c1 JavaScript: Teach Function.isGenerator to check for yield. 2019-03-14 10:48:44 +00:00
Max Schaefer
5d35626c58 JavaScript: Rename a test file to avoid case clash. 2019-03-14 08:55:30 +00:00
Max Schaefer
cc8d68082e JavaScript: Show ZipSlip results by default. 2019-03-14 08:50:47 +00:00
Rebecca Valentine
f9012cb00e improves tests 2019-03-13 10:48:02 -07:00
Rebecca Valentine
64f731c8aa adds clarification in docs 2019-03-13 10:46:39 -07:00
Rebecca Valentine
688e7a9730 improves docs 2019-03-13 10:10:57 -07:00
Rebecca Valentine
7ef33de9d2 add tests to ignore generators and async functions per PR change request in description 
https://github.com/Semmle/ql/pull/1078#discussion_r265010018
 2019-03-13 10:04:23 -07:00
Max Schaefer
e2cb8c5ceb JavaScript: Fix example in TypeBackTracker qldoc. 2019-03-13 15:20:41 +00:00
Max Schaefer
03a2204c30 JavaScript: Improve support for dynamic imports. 
`yield import(...)` previously caused a syntax error, now it is parsed
correctly.

`parseYield` is the only place where the value of `startsExpr` matters,
so this change should not affect anything else.
 2019-03-13 14:40:12 +00:00
Max Schaefer
8f6cb1cdb9 JavaScript: Add models for many more base64 packages. 
No tests; there are too many of these.
 2019-03-13 12:27:23 +00:00
Max Schaefer
f76efcb558 JavaScript: Fix modelling of Buffer base64 encoders and decoders. 2019-03-13 12:27:23 +00:00
Robert Brignull
5380e1df68 Merge remote-tracking branch 'upstream/rc/1.20' into merge/rc/1.20 2019-03-13 10:55:30 +00:00
Esben Sparre Andreasen
3e8e2ca890 JavaScript: Accept review suggestion. 
Co-Authored-By: xiemaisi <max@semmle.com>
 2019-03-13 08:47:17 +00:00
Max Schaefer
2dccd39bb7 JavaScript: Fix two comments. 2019-03-13 08:20:58 +00:00
Max Schaefer
28d8011bcf JavaScript: Add models for popular base64 transcoders. 2019-03-13 08:20:58 +00:00
semmle-qlci
6baf52614e Merge pull request #1074 from xiemaisi/js/socket.io-comm 
Approved by esben-semmle
 2019-03-13 07:38:12 +00:00
semmle-qlci
5f480af760 Merge pull request #1086 from esben-semmle/js/dead-local-destructuring-defaults 
Approved by xiemaisi
 2019-03-13 07:37:55 +00:00
Rebecca Valentine
64e64c16a8 resolves PR change req mentioned in description 
https://github.com/Semmle/ql/pull/1078#discussion_r264557257
 2019-03-12 11:29:43 -07:00
Rebecca Valentine
9a7f9aa808 resolves PR change req mentioned in description 
2affd2bef6 (r264557539)
 2019-03-12 11:23:46 -07:00
Max Schaefer
f540dcb486 JavaScript: Address review comments. 2019-03-12 16:56:10 +00:00
semmle-qlci
4de297c964 Merge pull request #1072 from asger-semmle/prop-write-static-accessor 
Approved by esben-semmle
 2019-03-12 16:51:54 +00:00
semmle-qlci
669f035444 Merge pull request #1084 from asger-semmle/typescript3.3 
Approved by esben-semmle
 2019-03-12 16:34:48 +00:00
Esben Sparre Andreasen
408ac9878b JS: document limitation of js/useless-assignment-to-local 2019-03-12 15:30:28 +01:00
semmle-qlci
13c6f55a2e Merge pull request #1085 from asger-semmle/extract-symbol 
Approved by xiemaisi
 2019-03-12 14:07:17 +00:00
Asger F
f2ec35c334 TS: remove unused import 2019-03-12 11:35:59 +00:00