hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

1348 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
b8834ffcad add support for private fields in classes 2020-01-29 13:10:45 +01:00
Erik Krogh Kristensen
cb16116b4d adjust type-tracking on custom EventEmitters 2020-01-28 14:00:26 +01:00
Asger Feldthaus
b306571d52 JS: Type-track react component factories 2020-01-28 10:22:04 +00:00
Erik Krogh Kristensen
b526a2ea0f implement a model of WebSocket and ws based on the EventEmitter model 2020-01-22 14:46:53 +01:00
semmle-qlci
007b0795ec Merge pull request #2636 from erik-krogh/NewSocketIO 
Approved by esbena
 2020-01-22 13:46:11 +00:00
Erik Krogh Kristensen
5063e3820d update expected output 2020-01-22 11:18:47 +01:00
Erik Krogh Kristensen
8370699344 add support for creating a promise with another resolved promise, e.g: Promise.resolve(otherPromise) 2020-01-21 20:11:27 +01:00
Erik Krogh Kristensen
fe0b6a86d7 add data-flow steps for when Promise handlers return other promises 2020-01-21 16:15:18 +01:00
Erik Krogh Kristensen
d8b25ef5a2 add data-flow steps for resolved promises using pseudo-properties 2020-01-21 15:52:50 +01:00
Erik Krogh Kristensen
6648e2751f remove use of .getAlocalSource() i custom load/store test 2020-01-21 15:49:42 +01:00
Erik Krogh Kristensen
569ee8fc8d add support for subclasses of EventEmitter 2020-01-21 12:08:50 +01:00
Erik Krogh Kristensen
026092559c changes based on review 2020-01-20 15:53:58 +01:00
Erik Krogh Kristensen
ad813ef86c add flowsTo to the use of isAdditionalLoadStep 2020-01-20 14:16:29 +01:00
Erik Krogh Kristensen
ffbd0f6632 update expected test output 2020-01-20 09:56:40 +01:00
Erik Krogh Kristensen
b3b132c66d Merge remote-tracking branch 'upstream/master' into ExceptionalPromise 2020-01-20 09:20:09 +01:00
Erik Krogh Kristensen
6ad62e32e0 copyPropertyStep works interprocedurally 2020-01-17 12:24:29 +01:00
Erik Krogh Kristensen
06e898f53b only use .getALocalSource in copyPropertyStep 2020-01-16 16:04:45 +01:00
Erik Krogh Kristensen
4e880e2f96 implement SocketIO on top of the EventEmitter model 2020-01-16 11:02:36 +01:00
Erik Krogh Kristensen
a76ab39a39 no longer need for .getALocalSource() in custom load/store 2020-01-15 16:00:57 +01:00
Erik Krogh Kristensen
830100d2ed support interprocedural flow with custom load/store steps 2020-01-15 14:23:17 +01:00
Erik Krogh Kristensen
d09bce5cd7 custom load/store steps to implement promise flow 2020-01-14 21:37:55 +01:00
Erik Krogh Kristensen
c50de3a7e8 update expected output of tests 2020-01-10 17:49:24 +01:00
Erik Krogh Kristensen
ec5896abba add additional data-flow edges to data-flow related to promises 2020-01-10 14:12:53 +01:00
Erik Krogh Kristensen
af8b36b750 Merge remote-tracking branch 'upstream/master' into EventEmitter 2020-01-09 15:09:43 +01:00
Max Schaefer
9160fbf106 Merge pull request #2435 from asger-semmle/phi-edge-barrier-guards 
JS: Phi edge barrier guards
 2020-01-06 14:14:18 +00:00
semmle-qlci
f48e4bc2a0 Merge pull request #2580 from asger-semmle/typescript-unbounded-recursion 
Approved by max-schaefer
 2020-01-06 14:00:55 +00:00
semmle-qlci
0c0073fb02 Merge pull request #2582 from asger-semmle/spurious-css-import 
Approved by max-schaefer
 2020-01-06 14:00:08 +00:00
Asger F
4d25bfc038 JS: Fix copy pasta 2020-01-06 11:37:21 +00:00
Asger F
142c83f38f JS: Add negative dominance test 2020-01-06 11:37:21 +00:00
Asger F
aa6572b5c8 JS: Sanitize phi edges from barrier guards 2020-01-06 11:37:21 +00:00
Asger F
0b04f0d8f7 JS: Add test case for phi input 2020-01-06 11:37:20 +00:00
Asger F
4772798d7b JS: do not resolve arbitrary extensions to JavaScript files 2020-01-03 11:37:51 +00:00
Asger F
c5f73cb868 JS: Add test showing spurious .css import 2020-01-03 10:59:10 +00:00
Asger F
f31d47c66e TS: explain test case 2020-01-03 10:48:15 +00:00
Asger F
202746e92d TS: Guard getTypeAtLocation with try/catch 2020-01-02 16:31:23 +00:00
Asger F
0388e9ca0c TS: Add regression test 2020-01-02 16:28:49 +00:00
Asger F
2ca0e7d232 TS: Disable output from tracing 2020-01-02 15:38:10 +00:00
Asger F
8f478f7caf TS: Add test with traceResolution: true 2020-01-02 15:04:30 +00:00
Erik Krogh Kristensen
4fdfa51e44 add support for import.meta expressions in JavaScript 2019-12-18 10:45:54 +01:00
semmle-qlci
cb8e5fa3fc Merge pull request #2411 from asger-semmle/regexp-sanitizer-guards 
Approved by esbena, max-schaefer
 2019-12-11 12:00:21 +00:00
Erik Krogh Kristensen
59bafab6c3 update test to not use private class 2019-12-10 10:39:01 +01:00
Erik Krogh Kristensen
72cf14989a update expected output of test 2019-12-10 10:33:37 +01:00
Erik Krogh Kristensen
110302678c add model for EventEmitter in NodeJS, and base the Electron::IPC model on top of the new EventEmitter model 2019-12-09 14:27:35 +01:00
Henning Makholm
66b3c7cf07 JS tests: add queries.xml 
The `queries.xml` file defines which extractor the `codeql test` runner will use
to extract databases for the tests. In the future one will be able to write this
information in `qlpack.yml`, but we can't do that immediately because the
_existing_ CodeQL tooling would refuse to parse a `qlpack.yml` that has the new
field in it.

Adding a queries.xml file means that the normalization of file names in the test
output changes even with the old QLTest, so there are a number of consequential
updates of expected output files.
 2019-12-07 02:38:02 +01:00
Asger F
b407de01f8 JS: Update TaintBarriers test 2019-12-06 11:49:59 +00:00
semmle-qlci
cfcd18b411 Merge pull request #2429 from erik-krogh/typeAheadSink 
Approved by esbena
 2019-12-03 08:07:25 +00:00
Asger F
f162749044 Merge pull request #2418 from max-schaefer/js/file-locatable 
JavaScript: Make `File` not extend `Locatable` anymore.
 2019-12-02 16:15:14 +00:00
Max Schaefer
ec2ba735de JavaScript: Update Dependencies library to not rely on Files being Locatable. 
Previously, we would consider an HTML file to be a dependent of all scripts embedded in it. Now we instead consider each JavaScript toplevel inside the HTML file to be a dependent, which is more sensible anyway.
 2019-12-02 12:40:49 +00:00
Erik Krogh Kristensen
34e44e89fd Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-27 15:19:06 +01:00
semmle-qlci
a2827e9503 Merge pull request #2362 from erik-krogh/promiseAll 
Approved by max-schaefer
 2019-11-27 12:35:04 +00:00