hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

199 Commits

Author SHA1 Message Date
Asger Feldthaus
7c94dd94e9 JS: Add type-tracking steps through callback args 2021-09-08 13:08:05 +02:00
CodeQL CI
5b229e9392 Merge pull request #6574 from asgerf/js/vue-api-graphs 
Approved by erik-krogh
 2021-09-07 05:53:30 -07:00
Erik Krogh Kristensen
85e1c87d14 use the new non-extending-subtypes syntax 2021-09-06 11:19:50 +02:00
Erik Krogh Kristensen
8d4af3ad81 convert field based range pattern to casting based range pattern 2021-09-06 11:05:23 +02:00
Asger Feldthaus
7149ad8ac4 JS: Also mark uses of the exports object as an export in PackageExports 2021-09-03 13:35:30 +02:00
CodeQL CI
b4963c7538 Merge pull request #6558 from erik-krogh/redosCasing 
Approved by esbena, yoff
 2021-09-02 12:20:08 +01:00
Erik Krogh Kristensen
1ad204d89e make after and TState private in ReDoSUtil 2021-09-02 09:15:43 +02:00
Asger Feldthaus
cc838326e1 JS: Remove old bulk export access getAnExportedModule 2021-09-01 13:28:54 +02:00
Asger Feldthaus
7daa6481e3 JS: Check property name in NodeJSModule.getABulkExportedNode 2021-09-01 13:25:14 +02:00
Asger Feldthaus
4b1f918feb JS: Extend getABulkExportedNode and use it in PackageExports 2021-09-01 13:24:23 +02:00
Asger Feldthaus
cce3c0256e JS: Update some comments in Vue 2021-09-01 13:04:40 +02:00
Erik Krogh Kristensen
537450606e use a consistent comment about the ignore case flag 2021-09-01 12:46:50 +02:00
Erik Krogh Kristensen
ff74fe1e03 rename hasChildThatMatchesIgnoringCasing to hasChildThatMatchesIgnoringCasingFlags 2021-09-01 12:45:20 +02:00
Erik Krogh Kristensen
75a3f34e86 use if-else in ReDoSUtil::getCanonicalizationFlags 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-09-01 12:44:02 +02:00
Erik Krogh Kristensen
f8d46677b9 add RequestExpr as an alias to NodeJSLib::RequestExpr in Connect.qll 2021-09-01 10:11:05 +02:00
Erik Krogh Kristensen
98d018ce26 remove redundant extends clause 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-09-01 10:09:40 +02:00
Erik Krogh Kristensen
28dce6e95a fix non-monotonic recursion in js/missing-rate-limiting 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
cecb6c7bdd add model for live-server 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
c6399dbdf4 simplify the connect model by reusing NodeJSLib::RouteHandler 2021-08-31 14:23:23 +02:00
Asger Feldthaus
27f10123c7 JS: Autoformat 2021-08-31 11:19:11 +02:00
Asger Feldthaus
8833ff7854 JS: Use Vue model in Vuex model 2021-08-31 11:19:10 +02:00
Asger Feldthaus
ebf17e10d6 JS: Fixup in getComponentRef() 2021-08-31 11:19:09 +02:00
Asger Feldthaus
607f2d66b8 JS: Rename getASelfRef to getAnInstanceRef 2021-08-31 11:19:08 +02:00
Asger Feldthaus
999f22f548 JS: Fix getOwnOptionsObject 2021-08-31 11:19:08 +02:00
Asger Feldthaus
9f02ae29ec JS: Autoformat 2021-08-31 11:19:07 +02:00
Asger Feldthaus
7dd65d8ac6 JS: Clean up taint step definitions 
These are Unit types and so should be kept private as you can't
use them for anything other than getting all taint steps of a certain
type.

Also factors out accesses to 'this'.
 2021-08-31 11:19:06 +02:00
Asger Feldthaus
5b0e26c814 JS: Use API graphs a few more places 2021-08-31 11:19:06 +02:00
Asger Feldthaus
4ff135e827 JS: Port class-based components to API graphs 2021-08-31 11:19:05 +02:00
Asger Feldthaus
5cd0996d92 JS: Deprecate getOwnOptionsObject() 2021-08-31 11:19:04 +02:00
Asger Feldthaus
7be4b76abb JS: Simplify getABoundFunction 2021-08-31 11:19:04 +02:00
Asger Feldthaus
0ee1e8bd97 JS: Rename ExtendedVue to ComponentExtension 2021-08-31 11:19:03 +02:00
Asger Feldthaus
881951368d JS: Merge VueInstance and ExtendedInstance into one case 2021-08-31 11:19:03 +02:00
Asger Feldthaus
ecda79834d JS: Remove getOption(name) override subsumed by new implementation 2021-08-31 11:19:02 +02:00
Asger Feldthaus
e4901eda91 JS: Handle .extend called on any component 2021-08-31 11:19:01 +02:00
Asger Feldthaus
4d4443c3cf JS: Use API graphs in getOption(s) 2021-08-31 11:19:00 +02:00
Asger Feldthaus
f450476b27 JS: Improve handling of default exports in Vue 2021-08-31 11:19:00 +02:00
Asger Feldthaus
cd6a60dc70 JS: Treat default-export from .vue file as entry point 2021-08-31 11:18:59 +02:00
Asger Feldthaus
b223049682 JS: Add getComponentRef() 2021-08-31 11:18:58 +02:00
Asger Feldthaus
b9d1b5584e JS: Add API-node version of getOwnOptions 2021-08-31 11:18:58 +02:00
Asger Feldthaus
63b7c6a8d9 JS: Use API:: classes for clarity (no semantic change) 2021-08-31 11:18:57 +02:00
Asger Feldthaus
f7f69dc3ab JS: Make MkExtendedInstance handle cross-module flow 2021-08-31 11:18:56 +02:00
Asger Feldthaus
76c38a564d JS: Port vue() to API graphs 2021-08-31 11:18:56 +02:00
Erik Krogh Kristensen
486b283c20 support the "module" field in package.json files 2021-08-30 11:05:32 +02:00
Erik Krogh Kristensen
f5a1a12435 support case insensitive regexps in the ReDoS queries 2021-08-30 09:59:33 +02:00
Erik Krogh Kristensen
1b6e1dbd13 include property writes in super-classes when reading a property in a sub-class 2021-08-27 10:04:39 +02:00
Erik Krogh Kristensen
285c659541 add src as a potential unsafe DOM property name for js/xss-through-dom 2021-08-27 10:04:39 +02:00
Edoardo Pirovano
29e75aed75 JS: Release new version of library and upgrade pack 2021-08-26 15:54:54 +01:00
Erik Krogh Kristensen
0cc19d914e use toUnicode in ReDoSUtil.qll 2021-08-25 22:21:43 +02:00
Andrew Eisenberg
45d1fa7f01 Packaging: Rafactor Javascript core libraries 
Extract the external facing `qll` files into the codeql/javascript-all
query pack.
 2021-08-25 12:15:56 -07:00