hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,868 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.4
Commit Graph

11884 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
1ae8e25603 change precision of js/loop-bound-injection and fix a false positive 2019-10-22 09:21:19 +02:00
semmle-qlci
eb9d90dff6 Merge pull request #2143 from esben-semmle/js/fix-all-sanitisers 
Approved by xiemaisi
 2019-10-22 07:16:27 +01:00
semmle-qlci
0dcb189e67 Merge pull request #2162 from xiemaisi/js/remove-deprecated-queries 
Approved by esben-semmle
 2019-10-22 07:15:58 +01:00
Esben Sparre Andreasen
5a983cb535 JS: add query js/shell-command-injection-from-environment 2019-10-21 23:31:55 +02:00
Erik Krogh Kristensen
2e0244cda6 address review feedback 2019-10-21 20:32:45 +02:00
Max Schaefer
b9203377c7 JavaScript: Remove a duplicate Configuration class. 2019-10-21 17:32:02 +01:00
Max Schaefer
55fb86d618 JavaScript: Remove deprecated queries. 
These queries have all been deprecated since 1.17 (released in July 2018). I think it's time to say goodbye.
 2019-10-21 14:42:02 +01:00
Erik Krogh Kristensen
9eda120de4 implement a new query to detect unreachable overloaded methods in TypeScript 2019-10-21 13:34:42 +02:00
Asger F
8aa34e6a54 JS: Add XSS test case for new PostMessageEventHandler cases 2019-10-21 11:32:22 +01:00
Asger F
0ad9067b7d JS: pragma[noopt] -> pragma[noinline] 2019-10-21 11:32:22 +01:00
Asger F
96b6c83eba JS: Tests and fixes for PartialInvokeNode 2019-10-21 11:32:22 +01:00
Asger F
3dcb134e6b JS: Improve documentation 2019-10-18 17:00:38 +01:00
Esben Sparre Andreasen
80a32aebc1 JS: add SystemCommandExecution::isShellInterpreted 2019-10-17 13:29:24 +02:00
Max Schaefer
a4bffe35fd JavaScript: Add support for globalThis. 2019-10-17 12:04:01 +01:00
Esben Sparre Andreasen
93b1e59d62 JS: fix spelling: sanitisers -> sanitizers 2019-10-17 09:05:03 +02:00
semmle-qlci
280a62ed30 Merge pull request #2138 from Semmle/xiemaisi-patch-1 
Approved by erik-krogh
 2019-10-16 15:14:29 +01:00
Pavel Avgustinov
7fa6c54731 Merge pull request #2119 from hmakholm/pr/qlpacks 
Add qlpack.json files
 2019-10-16 14:27:10 +01:00
Max Schaefer
f963ebcddc JavaScript: Remove stray comma from @tags. 2019-10-16 12:42:33 +01:00
Esben Sparre Andreasen
e1d7434be4 JS: add query js/useless-regexp-character-escape 2019-10-16 00:15:54 +02:00
Max Schaefer
dca808126f Merge pull request #2032 from erik-krogh/lessSpaces 
JS: remove false positive in js/missing-space-in-concatenation
 2019-10-14 14:25:40 +01:00
Erik Krogh Kristensen
28056791a5 add .getALocalSource() when testing for lodash-members 2019-10-14 14:14:26 +02:00
semmle-qlci
82db8c8856 Merge pull request #2108 from asger-semmle/typescript-3.6.3 
Approved by esben-semmle
 2019-10-14 12:33:06 +01:00
Henning Makholm
29167bbff8 Add qlpack.json files 
Eventually these files will subsume the current `queries.xml` files
at the top of query-containing and library directories. For now they're
just here to support internal testing of the tooling support for them
we're writing on.

Format and contents is a work in progress. If you're not in Semmle,
don't depend on anything here making sense (or staying stable) until
you see the version tags increase to something nonzero.
 2019-10-12 17:38:01 +02:00
Erik Krogh Kristensen
a7c1c34e1e fix test output, and add new test for array callbacks 2019-10-11 17:14:58 +02:00
Erik Krogh Kristensen
592cb18bf4 add array callbacks to useOfReturnlessFunction query 2019-10-11 16:26:27 +02:00
Erik Krogh Kristensen
31009d979d add type tracking to detect instances 2019-10-11 12:04:34 +02:00
semmle-qlci
7ba04768cd Merge pull request #2098 from asger-semmle/ts-computed-field-name-context 
Approved by esben-semmle
 2019-10-10 12:06:46 +01:00
Asger F
3e83d8486f TS: Update @types/node 2019-10-10 10:56:07 +01:00
Erik Krogh Kristensen
0a6b343820 add "class Deferred{...}" as potential Deferred implementation to fix the tests 2019-10-10 11:50:34 +02:00
Asger F
c10e48ddea TS: Bump to TypeScript 3.6.3 2019-10-10 10:24:48 +01:00
semmle-qlci
3726b79a23 Merge pull request #2103 from asger-semmle/remove-rollup-deps 
Approved by esben-semmle
 2019-10-10 10:10:45 +01:00
Erik Krogh Kristensen
4ec825b5b6 made model of Deferred more precise 2019-10-09 16:18:04 +02:00
Erik Krogh Kristensen
c7eb0f17a9 add TaintTracking test for new Deferred model 2019-10-09 13:59:00 +02:00
Esben Sparre Andreasen
0e79d3db46 Merge pull request #2065 from erik-krogh/noReturn 
JS: use of returnless function
 2019-10-09 13:44:39 +02:00
Asger F
cf24fa22c8 JS: Dont use deprecated class 2019-10-09 12:16:12 +01:00
Asger F
45b108842b JS: Update CallGraph test output 2019-10-09 12:16:11 +01:00
Asger F
b392559b39 JS: Accept that types may degrade CG precision 2019-10-09 12:16:11 +01:00
Asger F
ddf0d5379d JS: Angular: replace getAnInitialUse with parameterNode 2019-10-09 12:16:11 +01:00
Asger F
07df479b94 JS: IllegalInvocation: be more convservative 2019-10-09 12:16:11 +01:00
Asger F
ad8667d6db JS: IllegalInvocation regression test 2019-10-09 12:16:11 +01:00
Asger F
d3f587c12a JS: Restrict class values flowing through globals 2019-10-09 12:16:11 +01:00
Asger F
dbfd0ae03b JS: InconsistentNew regression test 2019-10-09 12:16:11 +01:00
Asger F
bdc409ccb6 JS: Move getACallee into CallGraphs module 2019-10-09 12:16:11 +01:00
Asger F
4a0e54a69f JS: Add library doc comment 2019-10-09 12:16:11 +01:00
Asger F
8404522c08 JS: Performance tweaks 2019-10-09 12:16:11 +01:00
Asger F
34497f6d19 JS: Use getABoundFunctionValue in PostMessageEventHandler 2019-10-09 12:16:11 +01:00
Asger F
d6d89a0703 JS: Move call graph computation into CallGraphs.qll 2019-10-09 12:16:10 +01:00
Asger F
96a13ff5d6 JS: Add goog.bind and angular.bind as partial invokes 2019-10-09 12:16:10 +01:00
Asger F
3bf86ee468 JS: Rename AdditionalPartialInvoke -> PartialInvoke::Range 2019-10-09 12:16:10 +01:00
Asger F
d6ba966c4e JS: Add getBoundFunction() 2019-10-09 12:16:10 +01:00