hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

1348 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
a3bd072590 JS: add Hapi::RouteHandlerCandidate 2018-12-03 09:22:21 +01:00
Jonas Jensen
9babb4366b Merge remote-tracking branch 'upstream/master' into mergeback-20181130 2018-11-30 10:13:33 +01:00
Asger F
959776b775 JS: add test case 2018-11-29 11:22:15 +00:00
Asger F
d69e584cc2 JS: fix bug in foldedComparisonEdge 2018-11-29 11:22:15 +00:00
Asger F
43df9538bf JS: be conservative in presence of NaN comments 2018-11-29 11:22:14 +00:00
Asger F
6c53ad80c7 JS: add constant constraints in range analysis 2018-11-29 11:22:13 +00:00
Asger F
064b1099eb JS: range analysis through phi nodes 2018-11-29 11:22:13 +00:00
Asger F
09ca6652fb JS: Support return value of x++ 2018-11-29 11:22:13 +00:00
Asger F
a374540c55 JS: Range analysis library 2018-11-29 11:22:13 +00:00
Max Schaefer
94a5722c2a JavaScript: Model taint propagation through new Buffer and Buffer.from. 2018-11-29 09:52:31 +00:00
Max Schaefer
4091cf410d JavaScript: Improve detection of require calls. 2018-11-29 09:52:31 +00:00
Max Schaefer
fb78e14db1 JavaScript: Add support for sanitising dynamic property accesses. 
This generalises our previous handling of sanitisers operating on property accesses to support dynamic property accesses where the property name is an SSA variable by representing them as access paths.
 2018-11-28 12:37:53 +00:00
Esben Sparre Andreasen
2d7f09d321 JS(ql): support nullish coalescing operators 2018-11-26 10:31:19 +01:00
Aditya Sharad
c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
Esben Sparre Andreasen
72c4ef4d90 JS: fixup optional chaining on CallWithNonLocalAnalyzedReturnFlow 2018-11-21 14:18:14 +01:00
Esben Sparre Andreasen
41b45352aa JS(ql): support optional chaining 2018-11-21 08:57:10 +01:00
semmle-qlci
8333f72030 Merge pull request #470 from esben-semmle/custom-abstract-values-only 
Approved by xiemaisi
 2018-11-20 12:59:35 +00:00
Esben Sparre Andreasen
ee7a6af7c7 JS: address review comments 2018-11-20 08:37:23 +01:00
semmle-qlci
0647743333 Merge pull request #467 from xiemaisi/js/amd-imports 
Approved by asger-semmle
 2018-11-16 09:31:50 +00:00
semmle-qlci
4a14bef507 Merge pull request #466 from xiemaisi/js/more-data-flow-predicates 
Approved by asger-semmle
 2018-11-14 16:07:59 +00:00
Max Schaefer
6f6b3b0d5e JavaScript: Add a convenience method to SourceNode and use it in a few places. 2018-11-14 11:58:45 +00:00
Max Schaefer
a441bfb751 JavaScript: Add a convenience method to AMDModuleDefinition. 2018-11-14 11:36:40 +00:00
Max Schaefer
4fdfbb77cc Merge pull request #444 from esben-semmle/js/browser-based-client-requests 
JS: add models of $.ajax, $.getJSON and XMLHttpRequst
 2018-11-13 16:53:52 +00:00
Esben Sparre Andreasen
daed0653cb JS: support property tracking of custom abstract values 2018-11-13 11:42:09 +01:00
Esben Sparre Andreasen
1d87c580b3 JS: introduce DefinedCustomAbstractValue 2018-11-13 11:40:31 +01:00
semmle-qlci
86e31a584e Merge pull request #447 from esben-semmle/js/indirect-sanitization 
Approved by asger-semmle
 2018-11-13 09:14:28 +00:00
Esben Sparre Andreasen
ce0dd241f6 JS: add models of $.ajax, $.getJSON and XMLHttpRequst 2018-11-13 08:14:51 +01:00
Esben Sparre Andreasen
eaad84bb4f JS: add support for dis- and conjunctions in SanitizingFunction 2018-11-12 10:23:52 +01:00
Esben Sparre Andreasen
6d0c93b6a8 JS: introduce TaintTracking::AdditionalSanitizingCall 2018-11-12 10:21:39 +01:00
Max Schaefer
b058854964 JavaScript: Teach type inference about AMD imports. 2018-11-07 09:18:21 +00:00
semmle-qlci
4225e0bb44 Merge pull request #356 from asger-semmle/parameter-node 
Approved by xiemaisi
 2018-11-07 08:31:05 +00:00
semmle-qlci
c20e24d549 Merge pull request #385 from asger-semmle/async-model 
Approved by xiemaisi
 2018-11-07 08:28:37 +00:00
Max Schaefer
212a78b5fc Merge pull request #323 from esben-semmle/js/always-return-type-inference 
JS: additional return type inference
 2018-11-07 08:25:28 +00:00
Esben Sparre Andreasen
a07c094437 JS: introduce TypeInferredCalleeWithAnalyzedReturnFlow 2018-11-06 16:04:46 +01:00
Asger F
dcf6218d1d JS: update test expectations 2018-11-06 12:22:05 +00:00
Asger F
b40fa3845f JS: add model of async package 2018-11-06 12:12:43 +00:00
Esben Sparre Andreasen
4e54af3b41 JS: introduce 'Util::describeExpression' 2018-11-05 12:58:12 +01:00
semmle-qlci
b743ee4179 Merge pull request #314 from esben-semmle/js/json-stringify-as-command-line-injection-source-heuristic 
Approved by xiemaisi
 2018-11-05 07:37:36 +00:00
Esben Sparre Andreasen
8f3497a7bf JS: improve tests for interprocedural type inference 2018-11-01 13:51:38 +01:00
Max Schaefer
c75d785684 JavaScript: Fix modelling of _.partial. 
Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array;
cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial.
 2018-10-31 06:31:59 -04:00
Asger F
f07aa5bb2c JS: ensure parameters always have a dataflow node 2018-10-31 10:28:31 +00:00
semmle-qlci
1509752df6 Merge pull request #345 from esben-semmle/js/intro-getUnderlying 
Approved by xiemaisi
 2018-10-30 10:34:00 +00:00
Esben Sparre Andreasen
ec1722c4db JS: add utility SyntacticConstants::isNullOrUndefined 2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen
244d8d5778 JS: introduce truncate utility 2018-10-26 15:20:58 +02:00
Max Schaefer
394d7b7a9b JavaScript: Update expected output of CFG test. 2018-10-25 15:31:46 +01:00
Max Schaefer
d2993b9e04 JavaScript: Model data flow of destructuring assignments more precisely. 2018-10-25 15:31:46 +01:00
Aditya Sharad
292189c1e0 Merge pull request #347 from xiemaisi/rc/1.18-master-merge 
Mergeback rc/1.18 to master
 2018-10-24 16:03:30 +01:00
Max Schaefer
9a856935db Merge remote-tracking branch 'upstream/rc/1.18' into rc/1.18-master-merge 2018-10-24 10:43:37 +01:00
Max Schaefer
f103b1a371 JavaScript: Copy over a test left in internal repo. 
This test seems to have been accidentally committed into the old location in the internal repo.
 2018-10-24 08:40:54 +01:00
Asger F
f9634040b0 TypeScript: add test case with mixed rescanned tokens 
(cherry picked from commit 057af7c865)
 2018-10-19 08:30:03 +01:00