codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
Max Schaefer	f1dcec8369	Merge pull request #667 from asger-semmle/ts-binding-pattern-with-defaults TS: fix extraction of binding pattern with default	2018-12-13 08:18:22 +00:00
Max Schaefer	54bb9d185f	Merge pull request #632 from asger-semmle/pseudo-random-bytes JS: add crypto.pseudoRandomBytes as source in InsecureRandomness.ql	2018-12-13 08:14:40 +00:00
Max Schaefer	df42707050	Merge pull request #675 from asger-semmle/window.name JS: Add window.name as remote flow source	2018-12-13 08:13:15 +00:00
Aditya Sharad	f92456fcad	Merge master into next. Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`, resolved by accepting test output (combining changes).	2018-12-12 17:26:18 +00:00
Asger F	635a3cb1ec	JS: add FunctionNode.getThisParameter	2018-12-12 16:26:02 +00:00
Asger F	a96c53f9b8	JS: restrict when a variable reference is considered a source	2018-12-12 12:28:26 +00:00
Asger F	14621760bb	JS: add window.name as DOM-based remote flow source	2018-12-12 12:22:39 +00:00
Asger F	aa04e9c77f	TS: fix extraction of binding pattern with default	2018-12-12 10:36:30 +00:00
Max Schaefer	faaca21996	JavaScript: Avoid more unhelpful magic.	2018-12-12 08:40:21 +00:00
Max Schaefer	4fc27aaa51	Merge branch 'master' into pseudo-random-bytes	2018-12-12 08:19:57 +00:00
semmle-qlci	06dd5f3616	Merge pull request #656 from xiemaisi/js/unused-local-underscore Approved by esben-semmle	2018-12-12 08:11:37 +00:00
Esben Sparre Andreasen	fac638ffab	JS: improve alert location of js/angular/unused-dependency	2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen	b5bbf990b0	JS: improve alert location of js/angular/repeated-dependency-injection	2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen	5acd1ca26d	JS: improve alert location of js/angular/duplicate-dependency	2018-12-11 21:47:08 +01:00
Asger F	a01a9dc5cc	JS: add crypto.pseudoRandomBytes as source in InsecureRandomness.ql	2018-12-11 16:06:22 +00:00
Aditya Sharad	dde42a5723	Merge rc/1.19 into next.	2018-12-11 14:38:58 +00:00
Esben Sparre Andreasen	376ed7a4d2	JS: generalize js/command-line-injection to handle ConstantString	2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen	a1d92bfa50	JS: generalize js/incomplete-sanitization to handle ConstantString	2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen	1bc73ab592	JS: address review comments	2018-12-11 13:03:17 +01:00
Esben Sparre Andreasen	7cc6f2f4d8	JS: add test case	2018-12-11 10:17:25 +01:00
Esben Sparre Andreasen	73aa223b08	JS: handle additional multi-license file patterns	2018-12-11 09:55:38 +01:00
Max Schaefer	4d186e0edc	JavaScript: Teach `Unused{Variable,Parameter}` to ignore variables with leading underscore.	2018-12-11 08:50:50 +00:00
Esben Sparre Andreasen	edbef289a7	JS: improve whitespace handling for multi-license file recognition	2018-12-11 09:30:10 +01:00
Esben Sparre Andreasen	e016098f86	JS: support purs classification	2018-12-11 09:17:01 +01:00
Esben Sparre Andreasen	3879e57f18	JS: support <meta name="generator"/> classification	2018-12-11 09:12:39 +01:00
Esben Sparre Andreasen	a295dfd2c5	JS: support AutoRest classification	2018-12-11 08:54:19 +01:00
Esben Sparre Andreasen	ab519d4abf	JS: rename query "Incomplete URL regular expression" -> "Incomplete regular expression for hostnames".	2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen	7c6e28d917	JS: introduce near-empty RegularExpressions.qll	2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen	994fe1bea5	JS: address non-semantic review comments	2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen	d4e4bc6a0b	JS: sharpen js/incomplete-url-regexp by not matching `.*` or `.+`	2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen	52ca696ff4	JS: add query js/incomplete-url-regexp	2018-12-10 22:20:29 +01:00
Esben Sparre Andreasen	6d6379fc09	JS: address review comments	2018-12-10 22:03:52 +01:00
semmle-qlci	57de628ab8	Merge pull request #650 from xiemaisi/js/nomagic-isDOMProperty Approved by asger-semmle	2018-12-10 13:52:47 +00:00
Max Schaefer	e7df9b8b01	JavaScript: Avoid unhelpful magic.	2018-12-10 10:40:37 +00:00
semmle-qlci	1ca27e2c18	Merge pull request #647 from xiemaisi/js/fix-msita-perf Approved by esben-semmle	2018-12-09 21:32:31 +00:00
Max Schaefer	74e70615ed	JavaScript: Fix performance regression in `MixedStaticInstanceThisAccess`.	2018-12-07 13:17:36 +00:00
Aditya Sharad	fcfab26267	Merge rc/1.19 into next.	2018-12-07 12:31:51 +00:00
semmle-qlci	9e73ed71b9	Merge pull request #623 from esben-semmle/js/incomplete-url-sanitization Approved by mc-semmle	2018-12-06 20:46:37 +00:00
Esben Sparre Andreasen	4f53411397	JS: recognize HTTP URLs in js/incomplete-url-sanitization	2018-12-06 15:53:20 +01:00
Esben Sparre Andreasen	229eea00dc	JS: add query js/incomplete-url-substring-sanitization	2018-12-06 15:53:20 +01:00
semmle-qlci	3397533045	Merge pull request #628 from xiemaisi/js/setUnsafeHTML Approved by esben-semmle	2018-12-06 13:58:52 +00:00
Esben Sparre Andreasen	45b207c21b	JS: introduce models of three cookie libraries	2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen	28b4a78430	JS: introduce DOM::PersistentWebStorage	2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen	7fb752784a	JS: introduce persistent read/write pairs as a taint step	2018-12-06 10:36:10 +01:00
Max Schaefer	ef347b3870	JavaScript: Teach Xss query about WinJS HTML injection functions.	2018-12-06 09:13:21 +00:00
semmle-qlci	bc91e0f53b	Merge pull request #624 from Semmle/xiemaisi-patch-2 Approved by esben-semmle	2018-12-06 08:04:37 +00:00
Sam Lanning	2ea148016c	JS: Fix syntax error in js/react/inconsistent-state-update example	2018-12-05 16:44:40 -08:00
Max Schaefer	13a9903c21	JavaScript: Remove redundant conjunct in `MixedStaticInstanceThisAccess`. Minor cleanup, but might as well go into the release.	2018-12-05 15:11:32 +00:00
Max Schaefer	a1f210df67	JavaScript: Address review comments.	2018-12-05 14:10:06 +00:00
Max Schaefer	22502e7a10	JavaScript: Add query help for `FileAccessToHttp` query.	2018-12-05 13:12:52 +00:00

... 223 224 225 226 227 ...

11940 Commits