hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

11886 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
c7fe96d4bd JS: implement getADataNode for Electron::ClientRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
e7836d74ab JS: implement getADataNode for NodeHttpUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
3c07b4faf1 JS: implement getADataNode for SuperAgentUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
eef0b8c94d JS: implement getADataNode for GotUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
977b287129 JS: implement getADataNode for FetchUrlRequest 2018-10-16 08:51:30 +02:00
Esben Sparre Andreasen
c21a0472d4 JS: implement getADataNode for AxiosUrlRequest 2018-10-16 08:50:56 +02:00
Esben Sparre Andreasen
1e115bce2c JS: add SourceNode support for chained method calls 2018-10-16 08:48:09 +02:00
Esben Sparre Andreasen
ffbbb807f4 JS: avoid flagging early returns in js/user-controlled-bypass 2018-10-16 08:39:59 +02:00
Max Schaefer
df5a8651c3 JavaScript: Reinstate override. 2018-10-16 07:31:28 +01:00
semmle-qlci
1e7696664e Merge pull request #302 from xiemaisi/js/google-spanner 
Approved by esben-semmle
 2018-10-16 06:48:43 +01:00
Max Schaefer
6835815673 JavaScript: Address review comments. 2018-10-15 20:14:40 +01:00
semmle-qlci
7543fa4a10 Merge pull request #298 from asger-semmle/partial-calls-merged 
Approved by xiemaisi
 2018-10-15 14:58:22 +01:00
Max Schaefer
0cfd04dfa2 JavaScript: Eliminate slow antijoin predicate. 2018-10-12 13:01:01 +01:00
Max Schaefer
080f974663 JavaScript: Refactor AnalyzedPropertyWrite::writes to enable correct modelling of variable exports. 2018-10-12 13:00:52 +01:00
semmle-qlci
16b29b2d08 Merge pull request #299 from asger-semmle/nosql-sinks 
Approved by xiemaisi
 2018-10-12 07:12:05 +01:00
Tom Hvitved
b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Asger F
da3e960e39 JS: address review comments 2018-10-11 12:45:45 +01:00
Max Schaefer
cd284b2f97 JavaScript: Add support for Google Cloud Spanner. 2018-10-11 09:30:39 +01:00
Asger F
9b10254cd4 JS: support label-specific sanitizer guards 2018-10-10 18:27:14 +01:00
Asger F
5e720486d5 JS: recognize req.query.x as deep object taint 2018-10-10 17:15:56 +01:00
Asger F
d72d7345b8 JS: make NosqlInjection use object taint 2018-10-10 17:05:59 +01:00
Asger F
b70f70f722 JS: Add TaintedObject flow label library 2018-10-10 17:05:59 +01:00
Asger F
396ad336a3 JS: add RemoteFlowSource.isDeepObject() and populate it 2018-10-10 17:05:59 +01:00
Asger F
46b2015065 JS: fix an outdated comment 2018-10-10 17:05:59 +01:00
Asger F
03b479114f JS: preserve document.url label out of .href property 2018-10-10 17:05:59 +01:00
Asger F
ea297dd442 JS: bugfix in handling of custom flow labels 2018-10-10 16:06:44 +01:00
Esben Sparre Andreasen
6687dfd558 JS: improve model of express' req.sendFile 2018-10-10 15:46:43 +02:00
Esben Sparre Andreasen
358b6c3413 JS: change "remote request" to "network request" 2018-10-10 15:34:39 +02:00
Esben Sparre Andreasen
e93545d16e JS: address more review comments 2018-10-10 15:28:42 +02:00
Esben Sparre Andreasen
c885490c7e JS: address review comments 2018-10-10 12:18:30 +02:00
Esben Sparre Andreasen
0da1ac4d75 JS: naming and documentation cleanup for NodeJS file system accesses 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
64b0d39390 JS: polish HttpToFileAccess.qll 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
df72492f16 JS: polish FileAccessToHttp.qll 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
43f98a7ef8 JS: refactor NodeJSFileSystemRead* to FileStreamRead 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
30f7f41dff JS: refactor NodeJSFileSystemWrite to FileStreamWrite 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
e99b9d34c5 JS: polish characters of NodeJSFileSystemAccess*Call 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
4e4597a24d JS: replace HTTP::RequestBody with ClientRequest.getADataNode 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
0fc56e443e JS: introduce ClientRequest.getADataNode 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
3b2440e850 JS: remove useless externs definitions for tests 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
a3ec739210 JS: restructure FileSystemWriteAccess/FileSystemReadAccess API 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
b00aa36cdc JS: polish HttpToFileAccess.ql 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
d261915598 JS: polish FileAccessToHttp.ql 2018-10-10 12:12:54 +02:00
Asger F
74f115fa40 JS: add test case 2018-10-10 10:46:40 +01:00
Asger F
2a87d53db4 JS: Add additional Mongoose/MongoDB sinks 2018-10-10 10:11:18 +01:00
Asger F
4e7f171f54 JavaScript: do not cache AdditionalPartialInvokeNode 2018-10-10 09:40:49 +01:00
Max Schaefer
8d8148d58e Merge pull request #294 from asger-semmle/canonical-this-source 
JS: Canonicalize 'this' in the data-flow graph
 2018-10-10 08:10:53 +01:00
Max Schaefer
355786c2d8 Merge pull request #296 from esben-semmle/js/more-array-creation 
JS: use DataFlow::ArrayCreationNode in additional places
 2018-10-10 08:10:17 +01:00
Asger F
9fb73f41c9 JS: rename ReactComponent::getAThisAccess -> getAThisNode 2018-10-09 08:54:44 +01:00
Asger F
fd58039753 JS: update additional QL test output 2018-10-09 08:54:14 +01:00
Asger F
030bae9454 JS: Canonicalize ThisNode 2018-10-09 08:53:41 +01:00