hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,531 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.7
Commit Graph

11940 Commits

Author SHA1 Message Date
Max Schaefer
6f6b3b0d5e JavaScript: Add a convenience method to SourceNode and use it in a few places. 2018-11-14 11:58:45 +00:00
Esben Sparre Andreasen
7585e61af6 JS: rename query file in suite 2018-11-14 12:55:53 +01:00
Max Schaefer
a441bfb751 JavaScript: Add a convenience method to AMDModuleDefinition. 2018-11-14 11:36:40 +00:00
Max Schaefer
3fcd02ab0e JavaScript: Rename hasPathFlow to hasFlowPath for consistency with other languages. 2018-11-14 11:23:17 +00:00
Aditya Sharad
f0715b09e1 Merge master into next. 2018-11-14 10:06:27 +00:00
Max Schaefer
d6198fcc2a JavaScript: Introduce two more short-circuiting conjuncts. 2018-11-14 09:33:09 +00:00
Max Schaefer
9221b62ded JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates. 2018-11-14 09:32:31 +00:00
Max Schaefer
d57b5d9628 JavaScript: Remove ReflectdXssPath.ql, which is now spurious. 2018-11-14 09:16:40 +00:00
Max Schaefer
52ae757279 JavaScript: Select Nodes (instead of PathNodes) everywhere. 2018-11-14 09:16:40 +00:00
Max Schaefer
e365b722ee JavaScript: Select source and sink in all path queries. 2018-11-14 09:16:40 +00:00
Max Schaefer
d5af008e31 JavaScript: Adjust ConditionalBypass query. 2018-11-14 09:16:40 +00:00
Max Schaefer
11d6259dbf JavaScript: Move from Node to PathNode. 2018-11-14 09:16:40 +00:00
Max Schaefer
8d87f556e1 JavaScript: Add import DataFlow::PathGraph. 2018-11-14 09:16:40 +00:00
Max Schaefer
4860364d91 JavaScript: Add explicit nodes query predicate in PathGraph. 
This is needed to correctly handle the case where `edges` is empty.
 2018-11-14 09:16:40 +00:00
Max Schaefer
60a1357092 JavaScript: Make all taint-based security queries have @kind path-problem. 2018-11-14 09:16:40 +00:00
Max Schaefer
65bcf0f526 JavaScript: Refactor security queries for uniformity. 2018-11-14 09:16:40 +00:00
Max Schaefer
9b4ae9e4d3 JavaScript: Refactor HostHeaderPoisoningInEmailGeneration query. 2018-11-14 09:16:40 +00:00
Max Schaefer
c51cd50133 JavaScript: Remove a few unnecessary imports. 2018-11-14 09:16:40 +00:00
semmle-qlci
d83381918d Merge pull request #458 from xiemaisi/js/more-externs 
Approved by asger-semmle
 2018-11-14 08:31:15 +00:00
Arthur Baars
969c2796a0 Merge pull request #457 from adityasharad/merge/1.18-master-131118 
Merge rc/1.18 into master.
 2018-11-13 22:25:03 +01:00
Max Schaefer
a499009f59 Merge pull request #395 from esben-semmle/js/useless-defensive-code 
JS: add query: js/useless-defensive-code
 2018-11-13 16:55:59 +00:00
Max Schaefer
4fdfbb77cc Merge pull request #444 from esben-semmle/js/browser-based-client-requests 
JS: add models of $.ajax, $.getJSON and XMLHttpRequst
 2018-11-13 16:53:52 +00:00
Max Schaefer
96989a1fd6 Merge pull request #427 from adityasharad/eclipse/remove-plugin-metadata 
Eclipse plugins: Remove plugin metadata.
 2018-11-13 13:12:49 +00:00
Aditya Sharad
bc06831d01 Merge rc/1.18 into master. 2018-11-13 10:55:08 +00:00
Esben Sparre Andreasen
daed0653cb JS: support property tracking of custom abstract values 2018-11-13 11:42:09 +01:00
Esben Sparre Andreasen
1d87c580b3 JS: introduce DefinedCustomAbstractValue 2018-11-13 11:40:31 +01:00
semmle-qlci
86e31a584e Merge pull request #447 from esben-semmle/js/indirect-sanitization 
Approved by asger-semmle
 2018-11-13 09:14:28 +00:00
Max Schaefer
851e71c7d0 JavaScript: Warn about externs trap cache absence/miss. 2018-11-13 08:41:53 +00:00
Max Schaefer
d9d4051184 JavaScript: Extract auxiliary method. 2018-11-13 08:41:38 +00:00
Max Schaefer
79a6cfdf38 JavaScript: Add generic externs for BDD/TDD-style testing frameworks. 2018-11-13 08:30:35 +00:00
Esben Sparre Andreasen
5666deac14 JS: rename js/useless-defensive-code to js/unneeded-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
1db2e6ca55 JS: add source code examples to docstrings 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
3aae1d17db JS: avoid two uses of getChildExpr(0) 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
15123da0b7 JS: minor fixup: only traverse LogNotExprs 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
8ea9fd4cca JS: address review comments 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
8b71b25a2a JS: annotate test file with expected results 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
7d4cf49545 JS: fixup double reporting of alerts 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
f440c9221a JS: replace some Expr.stripParens with Expr.getUnderlyingValue 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
358e6188d9 JS: downgrade other alerts to js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
e29c57a58e JS: add whitelist to js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
b073fcfca2 JS: add query: js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
7b215ecb2b JS: recognize defensive programming patterns using typeof 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
c403416fef JS: recognize defensive expressions that prevents exceptions 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
6e77489a3b JS: add utilities for expression guards to DefensiveProgramming.qll 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
a2ecf40878 JS: recognize defensive expressions for null/undefined 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
2b6ef24bc2 JS: add utilities to DefensiveProgramming.qll 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
8086e88587 JS: add utilities to DefensiveProgramming.qll 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
a5eeba3c3a JS: prepare DefensiveProgramming.qll for additions 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
c2fb14640e JS: move isDefensiveInit to DefensiveProgramming.qll 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
ce0dd241f6 JS: add models of $.ajax, $.getJSON and XMLHttpRequst 2018-11-13 08:14:51 +01:00