hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

1348 Commits

Author SHA1 Message Date
Max Schaefer
8e340922cb JavaScript: Simplify some imports. 2019-03-01 14:44:58 +00:00
Max Schaefer
75c76619d8 JavaScript: Autoformat rearranged tests. 2019-03-01 14:42:01 +00:00
Max Schaefer
83e0f3bc8d Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 
JS: Captured Nodes, type inference + a query
 2019-03-01 10:48:52 +00:00
semmle-qlci
6cafe222c4 Merge pull request #1013 from asger-semmle/closure-string-ops 
Approved by esben-semmle
 2019-03-01 10:31:27 +00:00
Max Schaefer
d4d9d61216 JavaScript: Consolidate Express tests. 
Instead of having many small independent tests, we now just have a single test that pulls in all the individual tests and runs them together.

Concretely, each `.ql` file has been turned into a `.qll` file with a query predicate corresponding to the original `select` clause and named after the original `.ql` file, plus a prefix `test_`.

The newly added `tests.ql` imports all these `.qll`s.

The individual `.expected` files have been concatenated together into `tests.expected`, each prefixed with the name of the corresponding query predicate. (This is the format that qltest produces for tests with multiple query predicates.)
 2019-03-01 09:39:31 +00:00
Max Schaefer
b265ff7cdf JavaScript: Delete stray .expected file. 2019-03-01 09:39:31 +00:00
Asger F
8dfec58428 JS: Update test 2019-02-28 16:49:35 +00:00
Asger F
47b5f34870 JS: shift line numbers in test output 2019-02-28 16:48:47 +00:00
semmle-qlci
edba24129d Merge pull request #1003 from xiemaisi/js/fix-test 
Approved by esben-semmle
 2019-02-28 12:05:44 +00:00
Max Schaefer
c8a37297f3 Merge pull request #997 from asger-semmle/closure-promise 
JS: model of closure Promises
 2019-02-28 10:05:12 +00:00
Max Schaefer
1b5887014b Merge pull request #988 from asger-semmle/spread-taint-step 
JS: add taint step through object/array spread operators
 2019-02-28 09:58:23 +00:00
Max Schaefer
02dff4e9d9 JavaScript: Update expected test output. 2019-02-28 08:21:06 +00:00
semmle-qlci
6602b4dbda Merge pull request #992 from xiemaisi/js/socket.io 
Approved by asger-semmle
 2019-02-27 18:43:40 +00:00
Asger F
9497199cbd JS: add localFieldStep 2019-02-27 14:20:47 +00:00
Asger F
3d400cc57f JS: basic model of closure Promises 2019-02-27 11:58:51 +00:00
semmle-qlci
999e0c8b95 Merge pull request #947 from asger-semmle/string-ops-concat 
Approved by xiemaisi
 2019-02-27 09:54:46 +00:00
Max Schaefer
cd9ccd4c8d Merge pull request #983 from asger-semmle/closure-global-ref 
JS: add closure library in globalObjectRef
 2019-02-26 16:55:58 +00:00
Max Schaefer
db5fbe29a3 Merge pull request #941 from esben-semmle/js/vue-support-2 
JS: Vue security improvements
 2019-02-26 16:49:38 +00:00
Max Schaefer
739705865b JavaScript: Add basic model of socket.io. 2019-02-26 15:53:29 +00:00
Asger F
29d2d620e4 JS: add taint step through object/array spread operators 2019-02-26 11:43:59 +00:00
semmle-qlci
681ff0f39c Merge pull request #977 from asger-semmle/extend-test-version 
Approved by xiemaisi
 2019-02-26 09:55:41 +00:00
semmle-qlci
74a4103857 Merge pull request #976 from asger-semmle/closure-import-deep 
Approved by esben-semmle
 2019-02-26 09:34:04 +00:00
semmle-qlci
00d490e84d Merge pull request #945 from asger-semmle/extensible-module-import 
Approved by xiemaisi
 2019-02-26 09:26:28 +00:00
Max Schaefer
c2a5350bf2 Merge pull request #982 from asger-semmle/closure-string-lib 
JS: model string functions from closure library
 2019-02-26 08:26:14 +00:00
Asger F
93440014a0 JS: only propagate through first argument of truncate() 2019-02-25 17:11:55 +00:00
Asger F
8354909d46 JS: add closure library in globalObjectRef 2019-02-25 16:45:47 +00:00
Asger F
fab0afd755 JS: model string functions from closure library 2019-02-25 16:08:47 +00:00
semmle-qlci
58cc8d0ecc Merge pull request #936 from xiemaisi/js/revive-electron-support 
Approved by esben-semmle
 2019-02-25 15:23:20 +00:00
Esben Sparre Andreasen
4dc147d506 JS: rename CapturedSource -> LocalObject (files) 2019-02-25 16:09:07 +01:00
Asger F
050626aca0 JS: remove audit alerts from package.json 2019-02-25 15:04:47 +00:00
Esben Sparre Andreasen
66367987af JS: rename CapturedSource -> LocalObject 2019-02-25 16:04:37 +01:00
Esben Sparre Andreasen
65fb1423b7 JS: format test case (update expected output) 2019-02-25 15:55:44 +01:00
Esben Sparre Andreasen
1150f4c02b JS: add documentation to test case 2019-02-25 15:52:23 +01:00
Asger F
7d14429dce JS: handle deeper access paths in Closure::moduleImport 2019-02-25 12:31:18 +00:00
Asger F
2f6496f6bd JS: add test with undeclared nested access 2019-02-25 12:27:36 +00:00
Asger F
b31d7d1f5f JS: add test case 2019-02-25 11:31:09 +00:00
Esben Sparre Andreasen
4ce7ec1661 JS: add XSS vector for Vue's v-html 2019-02-25 12:17:56 +01:00
Esben Sparre Andreasen
da1ffcfd1b JS: introduce Vue Template Element 2019-02-25 12:17:33 +01:00
Esben Sparre Andreasen
9f4f945975 JS: introduce Vue::InstanceHeapStep 2019-02-25 12:17:33 +01:00
Asger F
614ba92fac JS: add ClassContainsTwo.expected 2019-02-25 09:51:40 +00:00
semmle-qlci
014d4b9ed0 Merge pull request #934 from asger-semmle/module-import 
Approved by xiemaisi
 2019-02-25 09:46:52 +00:00
Max Schaefer
e7c95bae49 JavaScript: Add flow steps modelling Electron IPC. 2019-02-23 21:43:13 +00:00
Max Schaefer
a4e4957f31 JavaScript: Model webContents property. 2019-02-23 21:43:13 +00:00
Max Schaefer
ff83e600dc JavaScript: Track Electron browser objects inter-procedurally. 2019-02-23 21:43:13 +00:00
Max Schaefer
d59c12e6eb JavaScript: Recognise Electron browser objects based on TypeScript types when available. 2019-02-23 21:43:13 +00:00
Esben Sparre Andreasen
6c1b29e4b6 JS: add missing flowstep for unused parameter field initializers 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
6766716867 JS: add PropWrite tests for parameter field initializers 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
bdd8691e65 JS: add type inference for the return value of captured method calls 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
0cf2eaec5e JS: introduce CapturedSource 2019-02-21 21:44:28 +01:00
Asger F
e7e29101e4 JS: add StringOps::Concatenation 2019-02-15 16:57:26 +00:00