hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,868 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.4
Commit Graph

5024 Commits

Author SHA1 Message Date
Aditya Sharad
56ee5ff99a Merge master into next. 
`master` up to and including cfe0b8803a.
 2018-10-25 15:32:47 +01:00
Max Schaefer
34b33ca04c JavaScript: Recognise rest patterns as lvalues. 2018-10-25 15:31:46 +01:00
Max Schaefer
394d7b7a9b JavaScript: Update expected output of CFG test. 2018-10-25 15:31:46 +01:00
Max Schaefer
d2993b9e04 JavaScript: Model data flow of destructuring assignments more precisely. 2018-10-25 15:31:46 +01:00
Aditya Sharad
292189c1e0 Merge pull request #347 from xiemaisi/rc/1.18-master-merge 
Mergeback rc/1.18 to master
 2018-10-24 16:03:30 +01:00
Max Schaefer
9a856935db Merge remote-tracking branch 'upstream/rc/1.18' into rc/1.18-master-merge 2018-10-24 10:43:37 +01:00
Max Schaefer
f103b1a371 JavaScript: Copy over a test left in internal repo. 
This test seems to have been accidentally committed into the old location in the internal repo.
 2018-10-24 08:40:54 +01:00
Max Schaefer
212edc2e18 Merge pull request #307 from esben-semmle/js/unused-import 
JS: make js/unused-local-variable flag import statements
 2018-10-22 13:13:02 +01:00
Max Schaefer
7702b58794 Merge pull request #305 from asger-semmle/json-taint-kind 
JS: Add flow label for tainted objects and sharpen NosqlInjection
 2018-10-22 11:58:50 +01:00
Max Schaefer
25224cc4a0 Revert "TypeScript: disable queries that rely on token information" 
This reverts commit 003b600e24.
 2018-10-22 11:06:11 +01:00
Esben Sparre Andreasen
2e49cd117a JS: avoid flagging early returns in js/user-controlled-bypass 
(cherry picked from commit ffbbb807f4)
 2018-10-19 08:30:03 +01:00
Asger F
f9634040b0 TypeScript: add test case with mixed rescanned tokens 
(cherry picked from commit 057af7c865)
 2018-10-19 08:30:03 +01:00
Asger F
39c788f4f1 TypeScript: test case for tokens starting with ">" 
(cherry picked from commit d3a1df644c)
 2018-10-19 08:30:03 +01:00
Asger F
2abe34b2f9 TypeScript: test case for whitespace before a rescanned token 
(cherry picked from commit a199035a05)
 2018-10-19 08:30:03 +01:00
Asger F
cbf06ae74d TypeScript: test case for tokenization of template literals 
(cherry picked from commit 9146cc26bd)
 2018-10-19 08:30:03 +01:00
Asger F
4d7e762629 TS: test case for type expansion through type parameter bound 
(cherry picked from commit 8bc92bd534)
 2018-10-19 08:30:03 +01:00
Max Schaefer
5167d43fbc JavaScript: Refactor AnalyzedPropertyWrite::writes to enable correct modelling of variable exports. 
(cherry picked from commit 080f974663)
 2018-10-19 08:30:03 +01:00
Max Schaefer
2b7d69aaf4 JavaScript: Add support for Google Cloud Spanner. 
(cherry picked from commit cd284b2f97)
 2018-10-19 08:30:03 +01:00
Max Schaefer
5e75a62f5c JavaScript: Add test case for type inference in the presence of non-toplevel imports. 
(cherry picked from commit 8b7bb8cecc)
 2018-10-19 08:30:03 +01:00
Esben Sparre Andreasen
9c2ca9a7fa JS: make js/unused-local-variable flag import statements 2018-10-18 11:49:45 +02:00
Esben Sparre Andreasen
c65bc5cc90 JS: add Util::pluralize, also add tests for Util::capitalize 2018-10-18 11:49:28 +02:00
Tom Hvitved
58a0815033 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-17 2018-10-17 13:24:37 +02:00
semmle-qlci
1da873e819 Merge pull request #315 from esben-semmle/js/conditional-bypass-early-return 
Approved by xiemaisi
 2018-10-17 08:25:55 +01:00
semmle-qlci
e55eaefded Merge pull request #310 from esben-semmle/js/additional-client-request-data-nodes 
Approved by xiemaisi
 2018-10-16 12:59:22 +01:00
Esben Sparre Andreasen
2881649310 JS: add js/command-line-injection heuristic source: JSON.stringify() 2018-10-16 13:56:06 +02:00
semmle-qlci
e319159a59 Merge pull request #316 from xiemaisi/js/odasa-7355-workaround 
Approved by esben-semmle
 2018-10-16 12:47:58 +01:00
Esben Sparre Andreasen
c7fe96d4bd JS: implement getADataNode for Electron::ClientRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
e7836d74ab JS: implement getADataNode for NodeHttpUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
3c07b4faf1 JS: implement getADataNode for SuperAgentUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
eef0b8c94d JS: implement getADataNode for GotUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
977b287129 JS: implement getADataNode for FetchUrlRequest 2018-10-16 08:51:30 +02:00
Esben Sparre Andreasen
c21a0472d4 JS: implement getADataNode for AxiosUrlRequest 2018-10-16 08:50:56 +02:00
Esben Sparre Andreasen
ffbbb807f4 JS: avoid flagging early returns in js/user-controlled-bypass 2018-10-16 08:39:59 +02:00
semmle-qlci
1e7696664e Merge pull request #302 from xiemaisi/js/google-spanner 
Approved by esben-semmle
 2018-10-16 06:48:43 +01:00
Max Schaefer
080f974663 JavaScript: Refactor AnalyzedPropertyWrite::writes to enable correct modelling of variable exports. 2018-10-12 13:00:52 +01:00
semmle-qlci
16b29b2d08 Merge pull request #299 from asger-semmle/nosql-sinks 
Approved by xiemaisi
 2018-10-12 07:12:05 +01:00
Tom Hvitved
b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Max Schaefer
cd284b2f97 JavaScript: Add support for Google Cloud Spanner. 2018-10-11 09:30:39 +01:00
Asger F
9b10254cd4 JS: support label-specific sanitizer guards 2018-10-10 18:27:14 +01:00
Asger F
5e720486d5 JS: recognize req.query.x as deep object taint 2018-10-10 17:15:56 +01:00
Asger F
d72d7345b8 JS: make NosqlInjection use object taint 2018-10-10 17:05:59 +01:00
Esben Sparre Andreasen
6687dfd558 JS: improve model of express' req.sendFile 2018-10-10 15:46:43 +02:00
Esben Sparre Andreasen
358b6c3413 JS: change "remote request" to "network request" 2018-10-10 15:34:39 +02:00
Esben Sparre Andreasen
3b2440e850 JS: remove useless externs definitions for tests 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
b00aa36cdc JS: polish HttpToFileAccess.ql 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
d261915598 JS: polish FileAccessToHttp.ql 2018-10-10 12:12:54 +02:00
Asger F
74f115fa40 JS: add test case 2018-10-10 10:46:40 +01:00
Asger F
fd58039753 JS: update additional QL test output 2018-10-09 08:54:14 +01:00
Asger F
030bae9454 JS: Canonicalize ThisNode 2018-10-09 08:53:41 +01:00
Tom Hvitved
ccebd5eb11 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 16:23:29 +02:00