hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

2686 Commits

Author SHA1 Message Date
semmle-qlci
f00863fb58 Merge pull request #383 from esben-semmle/js/unused-eval-variable 
Approved by xiemaisi
 2018-10-31 10:42:55 +00:00
Asger F
2c11844c5b Revert "Merge pull request #380 from asger-semmle/generalize-useless-conditional" 
This reverts commit 28f3b686a7, reversing
changes made to dc3c5a684c.
 2018-10-31 10:38:38 +00:00
Max Schaefer
c75d785684 JavaScript: Fix modelling of _.partial. 
Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array;
cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial.
 2018-10-31 06:31:59 -04:00
Asger F
44d10cb74c JS: add test cases 2018-10-30 14:24:33 +00:00
Asger F
7e5e5aea11 JS: use guard nodes instead of synactic isConditional check 2018-10-30 14:22:31 +00:00
Esben Sparre Andreasen
74642b9b81 JS: whitelist js/unused-local-variable near direct eval calls 2018-10-30 13:08:24 +01:00
Esben Sparre Andreasen
ce3b4a6400 JS: add additional js/unused-local-variable tests 2018-10-30 13:07:23 +01:00
semmle-qlci
8b866ade0e Merge pull request #373 from asger-semmle/jsx-factory-import 
Approved by xiemaisi
 2018-10-30 10:35:49 +00:00
semmle-qlci
1509752df6 Merge pull request #345 from esben-semmle/js/intro-getUnderlying 
Approved by xiemaisi
 2018-10-30 10:34:00 +00:00
Esben Sparre Andreasen
90c77134af JS: make use of getUnderlyingValue in js/useless-assignment-to-local 2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen
fbd3a097a2 JS: add misc. tests 2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen
8f635e6493 JS: truncate js/unknown-directive message content 2018-10-26 15:21:16 +02:00
Asger F
91943ae2cb JS: support transform-react-jsx plugin 2018-10-26 12:06:56 +01:00
Asger F
d7eb4ef40e JS: test case for transform-react-jsx plugin 2018-10-26 12:06:18 +01:00
Aditya Sharad
56ee5ff99a Merge master into next. 
`master` up to and including cfe0b8803a.
 2018-10-25 15:32:47 +01:00
Max Schaefer
34b33ca04c JavaScript: Recognise rest patterns as lvalues. 2018-10-25 15:31:46 +01:00
Max Schaefer
9a856935db Merge remote-tracking branch 'upstream/rc/1.18' into rc/1.18-master-merge 2018-10-24 10:43:37 +01:00
Max Schaefer
212edc2e18 Merge pull request #307 from esben-semmle/js/unused-import 
JS: make js/unused-local-variable flag import statements
 2018-10-22 13:13:02 +01:00
Max Schaefer
7702b58794 Merge pull request #305 from asger-semmle/json-taint-kind 
JS: Add flow label for tainted objects and sharpen NosqlInjection
 2018-10-22 11:58:50 +01:00
Max Schaefer
25224cc4a0 Revert "TypeScript: disable queries that rely on token information" 
This reverts commit 003b600e24.
 2018-10-22 11:06:11 +01:00
Esben Sparre Andreasen
2e49cd117a JS: avoid flagging early returns in js/user-controlled-bypass 
(cherry picked from commit ffbbb807f4)
 2018-10-19 08:30:03 +01:00
Esben Sparre Andreasen
9c2ca9a7fa JS: make js/unused-local-variable flag import statements 2018-10-18 11:49:45 +02:00
Tom Hvitved
58a0815033 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-17 2018-10-17 13:24:37 +02:00
semmle-qlci
1da873e819 Merge pull request #315 from esben-semmle/js/conditional-bypass-early-return 
Approved by xiemaisi
 2018-10-17 08:25:55 +01:00
Esben Sparre Andreasen
ffbbb807f4 JS: avoid flagging early returns in js/user-controlled-bypass 2018-10-16 08:39:59 +02:00
semmle-qlci
16b29b2d08 Merge pull request #299 from asger-semmle/nosql-sinks 
Approved by xiemaisi
 2018-10-12 07:12:05 +01:00
Tom Hvitved
b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Asger F
9b10254cd4 JS: support label-specific sanitizer guards 2018-10-10 18:27:14 +01:00
Asger F
5e720486d5 JS: recognize req.query.x as deep object taint 2018-10-10 17:15:56 +01:00
Asger F
d72d7345b8 JS: make NosqlInjection use object taint 2018-10-10 17:05:59 +01:00
Esben Sparre Andreasen
6687dfd558 JS: improve model of express' req.sendFile 2018-10-10 15:46:43 +02:00
Esben Sparre Andreasen
358b6c3413 JS: change "remote request" to "network request" 2018-10-10 15:34:39 +02:00
Esben Sparre Andreasen
3b2440e850 JS: remove useless externs definitions for tests 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
b00aa36cdc JS: polish HttpToFileAccess.ql 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
d261915598 JS: polish FileAccessToHttp.ql 2018-10-10 12:12:54 +02:00
Asger F
74f115fa40 JS: add test case 2018-10-10 10:46:40 +01:00
Asger F
030bae9454 JS: Canonicalize ThisNode 2018-10-09 08:53:41 +01:00
Tom Hvitved
ccebd5eb11 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 16:23:29 +02:00
Asger F
d2af4ab94a Merge pull request #227 from xiemaisi/js/taint-kinds 
JavaScript: Add support for state-based taint tracking.
 2018-10-08 15:09:12 +01:00
Tom Hvitved
49644bfb47 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 11:48:56 +02:00
Esben Sparre Andreasen
a668f906bc JS: recognize binding decorators on classes 2018-10-08 07:58:12 +02:00
semmle-qlci
98254e87e1 Merge pull request #132 from denislevin/denisl/js/HttpToFileAccessTest 
Approved by xiemaisi
 2018-10-04 14:06:46 +01:00
Max Schaefer
017ae4990d JavaScript: Use custom flow labels in ClientSideUrlRedirect. 2018-10-03 15:49:02 +01:00
semmle-qlci
e9adc63d91 Merge pull request #260 from xiemaisi/js/confusing-precedence 
Approved by esben-semmle, mc-semmle
 2018-10-03 09:07:18 +01:00
Denis Levin
e147e690ee Merge branch 'master' into denisl/js/HttpToFileAccessTest 2018-10-02 15:13:35 -07:00
Max Schaefer
425d2bfba7 Merge pull request #266 from esben-semmle/js/improve-dead-store-of-local 
JS: support noop parentheses in js/useless-assignment-to-local
 2018-10-02 16:19:56 +01:00
semmle-qlci
b35f450b01 Merge pull request #162 from asger-semmle/partial-calls 
Approved by esben-semmle, xiemaisi
 2018-10-02 11:24:02 +01:00
Max Schaefer
768368498f JavaScript: Introduce new query UnclearOperatorPrecedence. 2018-10-02 08:46:51 +01:00
Max Schaefer
a63b7fc215 JavaScript: Introduce new library predicate for computing whitespace around binary operators. 2018-10-02 08:46:11 +01:00
semmle-qlci
829a5cc451 Merge pull request #259 from asger-semmle/open-redirect-expr 
Approved by xiemaisi
 2018-10-02 08:32:48 +01:00