hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

5020 Commits

Author SHA1 Message Date
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
semmle-qlci
2cddb82f10 Merge pull request #2210 from max-schaefer/js/better-destructuring-type-inference 
Approved by asger-semmle, esbena
 2019-10-29 08:08:51 +00:00
Asger F
94dd9a1c04 JS: Block XSS flow through encodeURIComponent 2019-10-28 17:12:40 +00:00
semmle-qlci
33374ee089 Merge pull request #2202 from asger-semmle/express-sendfile 
Approved by esbena
 2019-10-28 09:24:34 +00:00
Max Schaefer
b333c6a214 Merge pull request #2106 from asger-semmle/call-graph-3 
JS: Call graph changes
 2019-10-28 09:24:10 +00:00
Erik Krogh Kristensen
92cebea235 update tests to include empty reciever case 2019-10-27 00:25:59 +02:00
Erik Krogh Kristensen
da23898eba update tests 2019-10-26 23:26:45 +02:00
Erik Krogh Kristensen
5b26d03f1c introduce backtracking, and also marking join/slice calls 2019-10-25 16:50:09 +02:00
Max Schaefer
89f68f47a0 JavaScript: Improve type inference for captured variables. 2019-10-25 14:22:24 +01:00
Max Schaefer
6269dd99ab JavaScript: Improve type inference for destructuring assignments. 2019-10-25 14:22:24 +01:00
Asger F
04ee483c9e JS: update test output 2019-10-25 14:10:18 +01:00
Asger F
5636d42c13 JS: Update test 2019-10-25 09:57:10 +01:00
Erik Krogh Kristensen
5489a80372 add query for detecting ignored calls to Array.prototype.concat 2019-10-24 16:17:19 +02:00
Erik Krogh Kristensen
834b572f45 add initial support for expressions in TypeScript 2019-10-24 10:17:00 +02:00
semmle-qlci
1c79ec550e Merge pull request #2092 from esben-semmle/js/brittle-system-reflection-command 
Approved by mchammer01, xiemaisi
 2019-10-22 08:36:44 +01:00
semmle-qlci
0dcb189e67 Merge pull request #2162 from xiemaisi/js/remove-deprecated-queries 
Approved by esben-semmle
 2019-10-22 07:15:58 +01:00
Esben Sparre Andreasen
5a983cb535 JS: add query js/shell-command-injection-from-environment 2019-10-21 23:31:55 +02:00
Erik Krogh Kristensen
2e0244cda6 address review feedback 2019-10-21 20:32:45 +02:00
Max Schaefer
55fb86d618 JavaScript: Remove deprecated queries. 
These queries have all been deprecated since 1.17 (released in July 2018). I think it's time to say goodbye.
 2019-10-21 14:42:02 +01:00
Erik Krogh Kristensen
9eda120de4 implement a new query to detect unreachable overloaded methods in TypeScript 2019-10-21 13:34:42 +02:00
Asger F
8aa34e6a54 JS: Add XSS test case for new PostMessageEventHandler cases 2019-10-21 11:32:22 +01:00
Asger F
96b6c83eba JS: Tests and fixes for PartialInvokeNode 2019-10-21 11:32:22 +01:00
Max Schaefer
a4bffe35fd JavaScript: Add support for globalThis. 2019-10-17 12:04:01 +01:00
Esben Sparre Andreasen
e1d7434be4 JS: add query js/useless-regexp-character-escape 2019-10-16 00:15:54 +02:00
Max Schaefer
dca808126f Merge pull request #2032 from erik-krogh/lessSpaces 
JS: remove false positive in js/missing-space-in-concatenation
 2019-10-14 14:25:40 +01:00
Erik Krogh Kristensen
28056791a5 add .getALocalSource() when testing for lodash-members 2019-10-14 14:14:26 +02:00
Erik Krogh Kristensen
a7c1c34e1e fix test output, and add new test for array callbacks 2019-10-11 17:14:58 +02:00
Erik Krogh Kristensen
31009d979d add type tracking to detect instances 2019-10-11 12:04:34 +02:00
semmle-qlci
7ba04768cd Merge pull request #2098 from asger-semmle/ts-computed-field-name-context 
Approved by esben-semmle
 2019-10-10 12:06:46 +01:00
Erik Krogh Kristensen
c7eb0f17a9 add TaintTracking test for new Deferred model 2019-10-09 13:59:00 +02:00
Esben Sparre Andreasen
0e79d3db46 Merge pull request #2065 from erik-krogh/noReturn 
JS: use of returnless function
 2019-10-09 13:44:39 +02:00
Asger F
45b108842b JS: Update CallGraph test output 2019-10-09 12:16:11 +01:00
Asger F
b392559b39 JS: Accept that types may degrade CG precision 2019-10-09 12:16:11 +01:00
Asger F
07df479b94 JS: IllegalInvocation: be more convservative 2019-10-09 12:16:11 +01:00
Asger F
ad8667d6db JS: IllegalInvocation regression test 2019-10-09 12:16:11 +01:00
Asger F
d3f587c12a JS: Restrict class values flowing through globals 2019-10-09 12:16:11 +01:00
Asger F
dbfd0ae03b JS: InconsistentNew regression test 2019-10-09 12:16:11 +01:00
Esben Sparre Andreasen
ea63414e97 Merge pull request #2016 from asger-semmle/jquery 
Add type tracking and type info to jQuery model
 2019-10-09 10:55:57 +02:00
semmle-qlci
c8e5be74d5 Merge pull request #2093 from asger-semmle/ts-unused-var-fix 
Approved by erik-krogh
 2019-10-08 13:51:46 +01:00
Asger F
8146619913 JS: Set context of computed field names to enclosing ctor 2019-10-08 13:51:12 +01:00
Asger F
2235072841 JS: Add tests 2019-10-08 13:51:12 +01:00
Asger F
90ad55e8ce JS: Update DOM test 2019-10-08 11:50:18 +01:00
Erik Krogh Kristensen
0933235132 whitelist calls to functions that always throw an exception 2019-10-08 11:54:57 +02:00
Erik Krogh Kristensen
1bbe1ecdba the js/use-of-returnless-function query now support multiple callees 2019-10-08 11:54:57 +02:00
Erik Krogh Kristensen
7025ba36c0 refactor of js/use-of-returnless-function 2019-10-08 11:54:57 +02:00
Erik Krogh Kristensen
dedae5ba1d refactor isExplicitConditional into a library file, and use it from js/use-of-returnless-function 2019-10-08 11:54:56 +02:00
Erik Krogh Kristensen
bda37b6d6f refactor of benignContext predicate based on code review 2019-10-08 11:54:56 +02:00
Erik Krogh Kristensen
bed14244ae add query for detecting uses return-values from functions that does not return a value 2019-10-08 11:53:14 +02:00
Asger F
316580334a TS: Fix extraction of default-exported class 2019-10-07 16:46:59 +01:00
Asger F
8fcf0ed30c JS: Update Angular/JQLiteObject test 2019-10-07 14:31:09 +01:00