hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,531 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.7
Commit Graph

11940 Commits

Author SHA1 Message Date
semmle-qlci
2f0e693b38 Merge pull request #450 from xiemaisi/js/improve-externs-extractor-options 
Approved by esben-semmle
 2018-11-12 20:32:35 +00:00
Max Schaefer
663bdd60a0 Merge pull request #396 from esben-semmle/js/unconditional-property-override 
JS: add query: js/unconditional-property-override
 2018-11-12 17:10:32 +00:00
Aditya Sharad
271628c280 Version: Bump to 1.18.3 dev. 2018-11-12 14:55:26 +00:00
Max Schaefer
2c1a37c652 JavaScript: Add WebRTC externs. 2018-11-12 12:25:32 +00:00
Jonas Jensen
1500237009 Merge remote-tracking branch 'upstream/master' into mergeback-20181112 2018-11-12 13:24:27 +01:00
Esben Sparre Andreasen
eaad84bb4f JS: add support for dis- and conjunctions in SanitizingFunction 2018-11-12 10:23:52 +01:00
Esben Sparre Andreasen
ffc3d6ba49 JS: simplify test (move alerts four lines up) 2018-11-12 10:21:41 +01:00
Esben Sparre Andreasen
6d0c93b6a8 JS: introduce TaintTracking::AdditionalSanitizingCall 2018-11-12 10:21:39 +01:00
Esben Sparre Andreasen
2033bf81cc JS: address docstring review comments 2018-11-12 10:03:08 +01:00
Tom Hvitved
40def8d364 Merge pull request #418 from dave-bartolomeo/dave/FormatConfig 
Allow mixed whitespace in certain test and external directories
 2018-11-12 09:43:39 +01:00
semmle-qlci
c9d77a2d6d Merge pull request #443 from xiemaisi/js/improve-stack-trace-exposure 
Approved by asger-semmle
 2018-11-12 08:40:26 +00:00
Max Schaefer
01b43dff72 JavaScript: Make in-dist trap cache read-only. 2018-11-12 08:33:11 +00:00
Max Schaefer
032ed12242 JavaScript: Use in-dist trap cache when extracting externs. 2018-11-12 08:28:08 +00:00
Max Schaefer
f26d47aacb JavaScript: Bump extractor version. 
This is not so much because extractor output has changed (it hasn't, except for corner cases) but to disable trap caching so as to help us to flush out bugs.
 2018-11-12 08:19:17 +00:00
Max Schaefer
f06cef5d40 JavaScript: Port JSDoc parser to Java. 2018-11-12 08:18:53 +00:00
Max Schaefer
c14ebac455 JavaScript: Port regular expression parser to Java. 2018-11-12 08:18:53 +00:00
Aditya Sharad
761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Max Schaefer
63933cdecd JavaScript: Don't extract extens with --experimental turned on. 
There isn't any particularly compelling reason for doing so.
 2018-11-09 16:22:55 +00:00
Max Schaefer
f7d693d06f JavaScript: Make default extractor options more sensible. 
We now use module auto-detection and no TypeScript mode.

This only affects extern extraction in `AutoBuild`, everything else sets these options explicitly.
We currently do not have any ES2015 modules or TypeScript code in our externs, so in practice this is behaviour-preserving.
 2018-11-09 16:21:35 +00:00
Max Schaefer
fa8736adbc JavaScript: Introduce aliases for compatibility with other language libraries. 2018-11-09 11:27:14 +00:00
Max Schaefer
bdfe938d02 JavaScript: Improve StackTraceExposure query. 
It now also flags exposure of the entire exception object (not just the `stack` property).
 2018-11-09 09:42:09 +00:00
semmle-qlci
a7290e5aeb Merge pull request #434 from esben-semmle/js/type-confusion-with-taint-kinds 
Approved by asger-semmle
 2018-11-09 08:25:55 +00:00
semmle-qlci
c19747803b Merge pull request #425 from xiemaisi/js/lodash-recognition-extensible 
Approved by esben-semmle
 2018-11-09 08:08:40 +00:00
Dave Bartolomeo
2977395c32 Ignore whitespace errors in everything under lib 2018-11-08 11:06:42 -08:00
Dave Bartolomeo
d521502ded Allow mixed whitespace in parser tests 2018-11-08 11:06:42 -08:00
Dave Bartolomeo
55f4839abf Allow mixed whitespace in JavaScript test sources 2018-11-08 11:06:42 -08:00
Esben Sparre Andreasen
bd2fc33621 JS: annotate tests with expectations 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
ca215391b4 JS: substitute Assignment for DataFlow::PropWrite 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
b7f424df41 JS: introduce DataFlow::PropWrite::getWriteNode 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
d813a7cad2 JS: push negation 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
470c241c82 JS: use range instead of ad hoc LT/GT 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
1389009388 JS: naming and doc cleanups 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
33a297c829 JS: add query: js/useless-assignment-to-property 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
6ee47c437e JS: generalize and move DeadStoreOfLocal.qhelp to DeadStore.qhelp 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
cacb8fdee0 JS: move DeadStoreOfLocal::isDefaultInit to separate module 2018-11-08 13:23:19 +01:00
semmle-qlci
3c49bc6e67 Merge pull request #407 from asger-semmle/email-xss 
Approved by xiemaisi
 2018-11-08 10:53:10 +00:00
semmle-qlci
29cabc0e09 Merge pull request #424 from esben-semmle/js/syntactic-nullOrUndefined 
Approved by asger-semmle
 2018-11-08 10:52:44 +00:00
semmle-qlci
990c7e057f Merge pull request #419 from xiemaisi/js/fix-mixed-whitespace 
Approved by esben-semmle
 2018-11-07 23:47:48 +00:00
Aditya Sharad
ed49c623f1 Version: Bump to 1.18.2 release. 2018-11-07 14:36:40 +00:00
Esben Sparre Andreasen
0afbea968c Merge pull request #421 from xiemaisi/js/open-source-extractor 
JavaScript: Open-source extractor
 2018-11-07 15:13:27 +01:00
Asger F
e0d5557ef4 JS: add email HTML body as XSS sink 2018-11-07 11:31:40 +00:00
Esben Sparre Andreasen
f0343d0678 JS: use isUserControlledObject in js/type-confusion-through-parameter-tampering 2018-11-07 12:18:46 +01:00
Esben Sparre Andreasen
a2df4f9bfe JS: mark Koa params as user-controlled objects 2018-11-07 12:18:46 +01:00
Aditya Sharad
194042348a Eclipse plugins: Remove plugin metadata. 
This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.
 2018-11-07 11:01:05 +00:00
Max Schaefer
b058854964 JavaScript: Teach type inference about AMD imports. 2018-11-07 09:18:21 +00:00
Max Schaefer
22640f891e JavaScript: Make lodash/underscore recognition extensible. 2018-11-07 09:02:17 +00:00
Esben Sparre Andreasen
e6a190c06e JS: replace .stripParens query uses w. .getUnderlyingReference 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
f04293f73c JS: replace .stripParens library uses w. .getUnderlyingReference 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
43e215c7af JS: replace .stripParens query uses w. .getUnderlyingValue 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
030d9202de JS: replace .stripParens library uses w. .getUnderlyingValue 2018-11-07 09:32:02 +01:00