hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,531 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.7
Commit Graph

11940 Commits

Author SHA1 Message Date
Max Schaefer
b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
semmle-qlci
6b27dcabc5 Merge pull request #704 from asger-semmle/ts-binary-exprs 
Approved by esben-semmle
 2019-01-04 08:37:41 +00:00
semmle-qlci
8174fb51ae Merge pull request #705 from asger-semmle/loop-index-concurrent-modification 
Approved by mc-semmle, xiemaisi
 2019-01-03 17:06:12 +00:00
semmle-qlci
6c768263d2 Merge pull request #716 from xiemaisi/js/cosmetics 
Approved by esben-semmle
 2019-01-03 16:11:50 +00:00
Asger F
f24313a215 JS: address doc review 2019-01-03 10:49:36 +00:00
Max Schaefer
0a2df6c00d JavaScript: Highlight id attribute (not entire element) in AmbiguousIdAttribute. 2019-01-02 11:44:02 +00:00
Asger F
bc59e65222 JS: update suite file 2019-01-02 11:42:47 +00:00
Asger F
9f22da4557 JS: rename query to "Loop iteration skipped due to shifting" 2019-01-02 11:34:06 +00:00
Asger F
8c3b44a525 JS: address comments 2019-01-02 11:12:52 +00:00
Max Schaefer
a9844b2eda JavaScript: Fix performance regression in IncorrectSuffixCheck. 2019-01-02 10:23:16 +00:00
Esben Sparre Andreasen
c57f8a6d6e Merge pull request #691 from asger-semmle/sendfile-root 
JS: Recognize 'root' option in Express res.sendFile
 2018-12-19 16:06:15 +01:00
semmle-qlci
495a1fcf3b Merge pull request #698 from asger-semmle/remove-cookie-as-source 
Approved by esben-semmle
 2018-12-19 15:05:44 +00:00
semmle-qlci
b11b714152 Merge pull request #696 from esben-semmle/js/host-request-forgery 
Approved by asger-semmle
 2018-12-19 15:04:08 +00:00
Asger F
ce18aca62b JS: update expected output 2018-12-19 11:30:46 +00:00
Asger F
78334af354 JS: remove cookie source; rely on persistent flow steps instead 2018-12-19 11:23:51 +00:00
Asger F
a91599e7fd TS: bump extractor version string 2018-12-19 10:37:27 +00:00
Asger F
0e40717358 JS: recognize res.sendfile root option 2018-12-19 10:25:15 +00:00
Asger F
f84301e476 JS: add tests with res.sendFile root option 2018-12-19 10:25:15 +00:00
Asger F
f9d7f8ba11 JS: fix links in qhelp 2018-12-19 10:10:56 +00:00
Asger F
f57454951b JS: move <ul> outside of <p> element 2018-12-18 14:15:12 +00:00
Asger F
7f538e82c0 JS: add test case for non-whitelisted use of location 2018-12-18 13:55:05 +00:00
Asger F
02978c97f1 JS: whitelist $(location) in simple cases 2018-12-18 13:11:42 +00:00
Asger F
c17eca90a1 JS: add test case for $(location) 2018-12-18 13:06:12 +00:00
semmle-qlci
c37d655fe8 Merge pull request #697 from esben-semmle/js/fix-heuristics-compilation-time 
Approved by asger-semmle
 2018-12-18 09:07:36 +00:00
Asger F
2044f5fe89 TS: reorganize convertBinaryExpression and create AssignmentExpression when appropriate 2018-12-17 16:23:46 +00:00
Asger F
cc0961a988 TS: translate logical operators correctly 2018-12-17 15:41:15 +00:00
Asger F
d595f20cb1 JS: add to correctness-more suite 2018-12-17 15:29:10 +00:00
Asger F
280382e91e JS: whitelist if array access at another index is seen 2018-12-17 15:19:26 +00:00
Asger F
5040d3e26c JS: add query for loop index bug 2018-12-17 13:35:44 +00:00
Jonas Jensen
5ac5aa0c2a Merge remote-tracking branch 'upstream/master' into mergeback-20181217 2018-12-17 13:42:45 +01:00
Esben Sparre Andreasen
4a631b42d4 JS: use .lastIndexOf in js/incomplete-url-substring-sanitization 2018-12-17 13:22:31 +01:00
Asger F
7adf1d9958 Merge pull request #631 from esben-semmle/js/bad-url-regexing 
JS: add query: js/incomplete-url-regexp
 2018-12-17 11:53:22 +00:00
Esben Sparre Andreasen
50cba92f5f JS: remove slow test Security/heuristics/AdditionalCommandInjections 2018-12-17 10:58:46 +01:00
Esben Sparre Andreasen
c6b4e29b93 JS: add "host" as a sink for js/request-forgery 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
60fe0176ed JS: add ClientRequest::getHost 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
3a5962aa34 JS: minor fixups in ClientRequests.qll 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
487b8c52c6 JS: fix <p></p> issue 2018-12-14 13:04:10 +01:00
Max Schaefer
5ccad6ffc2 JavaScript: Minor improvements. 2018-12-14 11:56:59 +00:00
Aditya Sharad
7bc729a7dc Merge master into next. 2018-12-14 10:16:47 +00:00
Esben Sparre Andreasen
bb3e3a541d JS: address doc review comments 2018-12-14 10:24:30 +01:00
semmle-qlci
936094d0b6 Merge pull request #671 from xiemaisi/js/more-unhelpful-magic 
Approved by asger-semmle
 2018-12-14 08:44:45 +00:00
Max Schaefer
f9106b3bfe Merge pull request #685 from asger-semmle/useless-conditional-as-value 
JS: fix FPs in UselessConditional
 2018-12-14 08:44:10 +00:00
semmle-qlci
7f21f145e2 Merge pull request #678 from asger-semmle/function-receiver 
Approved by xiemaisi
 2018-12-14 08:39:04 +00:00
Aditya Sharad
f71e5ac338 Merge master into next. 2018-12-13 17:57:31 +00:00
Asger F
f737830f18 JS: fix typo 2018-12-13 15:56:00 +00:00
Asger F
ae4b55de9a JS: fix FPs in UselessConditional 2018-12-13 15:41:41 +00:00
Asger F
cb349348e7 JS: rename getThisParameter to getReceiver 2018-12-13 10:19:44 +00:00
Max Schaefer
e194021c3b Merge pull request #629 from esben-semmle/js/persistent-read-taint 
JS: add persistent storage taint steps
 2018-12-13 08:24:42 +00:00
Max Schaefer
969fe6e4f1 Merge pull request #657 from esben-semmle/js/classify-more-files 
JS: classify additional files
 2018-12-13 08:20:33 +00:00
Max Schaefer
e8c8360ad1 Merge pull request #659 from esben-semmle/js/more-constant-string-usage 
JS: replace StringLiteral with ConstantString in two queries
 2018-12-13 08:19:22 +00:00