hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

5030 Commits

Author SHA1 Message Date
semmle-qlci
86e31a584e Merge pull request #447 from esben-semmle/js/indirect-sanitization 
Approved by asger-semmle
 2018-11-13 09:14:28 +00:00
Esben Sparre Andreasen
5666deac14 JS: rename js/useless-defensive-code to js/unneeded-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
8b71b25a2a JS: annotate test file with expected results 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
358e6188d9 JS: downgrade other alerts to js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
e29c57a58e JS: add whitelist to js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
b073fcfca2 JS: add query: js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
ce0dd241f6 JS: add models of $.ajax, $.getJSON and XMLHttpRequst 2018-11-13 08:14:51 +01:00
Max Schaefer
663bdd60a0 Merge pull request #396 from esben-semmle/js/unconditional-property-override 
JS: add query: js/unconditional-property-override
 2018-11-12 17:10:32 +00:00
Jonas Jensen
1500237009 Merge remote-tracking branch 'upstream/master' into mergeback-20181112 2018-11-12 13:24:27 +01:00
Esben Sparre Andreasen
eaad84bb4f JS: add support for dis- and conjunctions in SanitizingFunction 2018-11-12 10:23:52 +01:00
Esben Sparre Andreasen
ffc3d6ba49 JS: simplify test (move alerts four lines up) 2018-11-12 10:21:41 +01:00
Esben Sparre Andreasen
6d0c93b6a8 JS: introduce TaintTracking::AdditionalSanitizingCall 2018-11-12 10:21:39 +01:00
Tom Hvitved
40def8d364 Merge pull request #418 from dave-bartolomeo/dave/FormatConfig 
Allow mixed whitespace in certain test and external directories
 2018-11-12 09:43:39 +01:00
Aditya Sharad
761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Max Schaefer
bdfe938d02 JavaScript: Improve StackTraceExposure query. 
It now also flags exposure of the entire exception object (not just the `stack` property).
 2018-11-09 09:42:09 +00:00
Dave Bartolomeo
55f4839abf Allow mixed whitespace in JavaScript test sources 2018-11-08 11:06:42 -08:00
Esben Sparre Andreasen
bd2fc33621 JS: annotate tests with expectations 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
33a297c829 JS: add query: js/useless-assignment-to-property 2018-11-08 13:23:19 +01:00
Asger F
e0d5557ef4 JS: add email HTML body as XSS sink 2018-11-07 11:31:40 +00:00
Max Schaefer
b058854964 JavaScript: Teach type inference about AMD imports. 2018-11-07 09:18:21 +00:00
semmle-qlci
4225e0bb44 Merge pull request #356 from asger-semmle/parameter-node 
Approved by xiemaisi
 2018-11-07 08:31:05 +00:00
semmle-qlci
2457eb98df Merge pull request #166 from asger-semmle/documentable-self-assign 
Approved by esben-semmle, xiemaisi
 2018-11-07 08:30:17 +00:00
semmle-qlci
c20e24d549 Merge pull request #385 from asger-semmle/async-model 
Approved by xiemaisi
 2018-11-07 08:28:37 +00:00
semmle-qlci
282d1e2096 Merge pull request #404 from asger-semmle/useless-conditional2 
Approved by xiemaisi
 2018-11-07 08:28:01 +00:00
Max Schaefer
212a78b5fc Merge pull request #323 from esben-semmle/js/always-return-type-inference 
JS: additional return type inference
 2018-11-07 08:25:28 +00:00
Esben Sparre Andreasen
a07c094437 JS: introduce TypeInferredCalleeWithAnalyzedReturnFlow 2018-11-06 16:04:46 +01:00
Asger F
dcf6218d1d JS: update test expectations 2018-11-06 12:22:05 +00:00
Asger F
b40fa3845f JS: add model of async package 2018-11-06 12:12:43 +00:00
Aditya Sharad
553c2f5d34 Merge master into next. 
As of 2846d80f1c.
 2018-11-06 11:52:51 +00:00
Asger F
87e0027974 JS: address comments 2018-11-06 10:29:04 +00:00
Asger F
56707fc79a JS: recognize more conditionals in useless-conditional 2018-11-06 10:28:05 +00:00
Esben Sparre Andreasen
651f32514b JS: use 'Util::describeExpression' in js/trivial-conditional 2018-11-05 13:00:07 +01:00
Esben Sparre Andreasen
4e54af3b41 JS: introduce 'Util::describeExpression' 2018-11-05 12:58:12 +01:00
Asger F
4f4ad2b942 JavaScript: ignore self-assignments with a JSDoc comment 2018-11-05 11:31:02 +00:00
semmle-qlci
b743ee4179 Merge pull request #314 from esben-semmle/js/json-stringify-as-command-line-injection-source-heuristic 
Approved by xiemaisi
 2018-11-05 07:37:36 +00:00
Esben Sparre Andreasen
8f3497a7bf JS: improve tests for interprocedural type inference 2018-11-01 13:51:38 +01:00
semmle-qlci
08833465a0 Merge pull request #386 from xiemaisi/js/lodash_partial 
Approved by esben-semmle
 2018-11-01 09:44:14 +00:00
semmle-qlci
a22aa3524e Merge pull request #388 from asger-semmle/revert-useless-conditional 
Approved by esben-semmle
 2018-11-01 09:23:19 +00:00
Aditya Sharad
b896899f4c Merge master into next. 
master as of dc3c5a684c
Version numbers resolved in favour of `next`.
C++ expected output file updated to accept test output.
 2018-10-31 10:47:31 +00:00
semmle-qlci
f00863fb58 Merge pull request #383 from esben-semmle/js/unused-eval-variable 
Approved by xiemaisi
 2018-10-31 10:42:55 +00:00
Asger F
2c11844c5b Revert "Merge pull request #380 from asger-semmle/generalize-useless-conditional" 
This reverts commit 28f3b686a7, reversing
changes made to dc3c5a684c.
 2018-10-31 10:38:38 +00:00
Max Schaefer
c75d785684 JavaScript: Fix modelling of _.partial. 
Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array;
cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial.
 2018-10-31 06:31:59 -04:00
Asger F
f07aa5bb2c JS: ensure parameters always have a dataflow node 2018-10-31 10:28:31 +00:00
Asger F
44d10cb74c JS: add test cases 2018-10-30 14:24:33 +00:00
Asger F
7e5e5aea11 JS: use guard nodes instead of synactic isConditional check 2018-10-30 14:22:31 +00:00
Esben Sparre Andreasen
74642b9b81 JS: whitelist js/unused-local-variable near direct eval calls 2018-10-30 13:08:24 +01:00
Esben Sparre Andreasen
ce3b4a6400 JS: add additional js/unused-local-variable tests 2018-10-30 13:07:23 +01:00
semmle-qlci
8b866ade0e Merge pull request #373 from asger-semmle/jsx-factory-import 
Approved by xiemaisi
 2018-10-30 10:35:49 +00:00
semmle-qlci
1509752df6 Merge pull request #345 from esben-semmle/js/intro-getUnderlying 
Approved by xiemaisi
 2018-10-30 10:34:00 +00:00
Esben Sparre Andreasen
90c77134af JS: make use of getUnderlyingValue in js/useless-assignment-to-local 2018-10-29 09:22:53 +01:00