hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

1348 Commits

Author SHA1 Message Date
CodeQL CI
0753c8a31b Merge pull request #4247 from erik-krogh/CVE760-reexport 
Approved by asgerf
 2020-10-06 06:10:21 -07:00
CodeQL CI
ef703e72d8 Merge pull request #4401 from asgerf/js/angular-prerequisites 
Approved by erik-krogh
 2020-10-06 06:09:48 -07:00
Erik Krogh Kristensen
f7f82ffe4e Merge branch 'main' into CVE760-reexport 2020-10-06 12:28:44 +02:00
CodeQL CI
bc1d3de8fe Merge pull request #4376 from erik-krogh/simpParam 
Approved by asgerf
 2020-10-06 03:24:43 -07:00
Asger Feldthaus
c31cdaacb2 JS: Add test for getFieldTypeAnnotation 2020-10-06 10:01:04 +01:00
Erik Krogh Kristensen
7d8bb339b6 add support for destructuring object exports in getAnExportedValue 2020-10-05 21:38:31 +02:00
CodeQL CI
36450a8998 Merge pull request #4338 from erik-krogh/nodejs-server-request-data 
Approved by asgerf
 2020-10-01 06:00:17 -07:00
Erik Krogh Kristensen
18f7f2b559 autoformat 2020-10-01 13:49:31 +02:00
Erik Krogh Kristensen
4dec2171da add http request server data as a RemoteFlowSource 2020-10-01 13:21:56 +02:00
Erik Krogh Kristensen
75b9237b81 use Parameter instead of SimpleParameter in the AngularJS model 2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen
c675d72629 use Parameter instead of SimpleParameter in remaining route-handler models 2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen
f65ba11485 use Parameter instead of SimpleParameter in AMD.qll 2020-10-01 10:44:05 +02:00
Erik Krogh Kristensen
d316cb512e deprecate exports and replace uses with the new getAnExportedValue 2020-09-30 13:46:28 +02:00
Erik Krogh Kristensen
adc05022f3 update comment in test case 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-29 18:21:41 +02:00
Erik Krogh Kristensen
3857331657 avoid .getReturn().getAUse().(DataFlow::InvokeNode) in the SQL model 2020-09-29 17:08:09 +02:00
Erik Krogh Kristensen
6b9aea82ca model method calls in the needle library 2020-09-25 14:13:31 +02:00
Erik Krogh Kristensen
a22ddb145b model calls to needle 2020-09-25 13:53:22 +02:00
CodeQL CI
9a306866c5 Merge pull request #4282 from erik-krogh/es2021 
Approved by esbena
 2020-09-22 05:34:35 -07:00
Erik Krogh Kristensen
4bc91c4439 add support for Promise.any 2020-09-21 10:50:06 +02:00
Erik Krogh Kristensen
b09015380a add support for String.prototype.replaceAll 2020-09-21 10:50:04 +02:00
Erik Krogh Kristensen
b4e75bf567 update expected output 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
1f95311342 further loosen the RouteHandlerCandidate heuristic 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
3eaa56ed60 support containers with decorated route handlers 2020-09-18 09:29:08 +02:00
Erik Krogh Kristensen
c087e94d47 add additional indirect route-handler steps 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
02c1d689e4 support indirect route-handlers for NodeJS 2020-09-18 09:26:33 +02:00
CodeQL CI
951e3093d2 Merge pull request #4231 from erik-krogh/CVE767 
Approved by asgerf
 2020-09-15 03:47:40 -07:00
Erik Krogh Kristensen
c1cb19abd7 add level PreCallGrapSteps to the callgraph 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
f2ecb63e5a add a direct Export step as a PreCallGraphStep 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
29457c52dc add reexported test to PackageExports test 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
61f6580d1e add API in PackageExports.qll for getting a value exported under a name 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
d3653b3030 add support for re-exports using the spread operator for NodeJS exports 2020-09-14 23:28:35 +02:00
CodeQL CI
903bc007b8 Merge pull request #4082 from max-schaefer/js/api-graph 
Approved by asgerf
 2020-09-11 04:41:38 -07:00
Erik Krogh Kristensen
cffe573d06 add taint-steps for underscore methods 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
eb80705e99 add a taint-step for require("bluebird").mapSeries() 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
bb97829e1d add a model for the ClientRequest new require("net").Socket() 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
d5097d820d support direct callbacks to require("net").createServer 2020-09-09 09:46:17 +02:00
Max Schaefer
252902d245 JavaScript: Restructure API-graph tests. 
With the old test runner we cannot have `VerifyAssertions.qlref`s for each individual test that reference a shared `VerifyAssertions.ql` in the parent directory, since it doesn't like nested tests.

Instead, we have to turn `VerifyAssertions.ql` into `VerifyAssertions.qll`, and each `VerifyAsssertions.qlref` into a `VerifyAssertions.ql` that imports it.

But then that doesn't work with our old directory structure, since the import path would have to contain the invalid identifier `library-tests`. As a workaround, I have moved the API graph tests into a directory without dashes in its path.
 2020-09-04 08:43:15 +01:00
Max Schaefer
cb433a0c0f JavaScript: Add test for custom API-graph entry points. 2020-09-03 22:28:09 +01:00
Max Schaefer
f3173ca968 JavaScript: Add a few unit tests for API graphs. 2020-09-03 22:28:09 +01:00
Asger Feldthaus
393db73d0a JS: Update test 2020-09-03 14:01:40 +01:00
Asger Feldthaus
bfcc434a61 JS: Use both local and global names in hasQualifiedName 2020-09-03 14:01:13 +01:00
Max Schaefer
6d68036d85 JavaScript: Add test demonstrating more SQL flow. 2020-09-02 17:35:47 +01:00
Asger F
2c0e9f0c86 Merge pull request #4186 from github/rc/1.25 
Mergeback: 1.25 -> main
 2020-09-02 15:12:25 +01:00
CodeQL CI
c017308505 Merge pull request #4134 from erik-krogh/genCalls 
Approved by asgerf
 2020-09-02 14:23:39 +01:00
CodeQL CI
48a1ee6233 Merge pull request #4130 from erik-krogh/bbFix 
Approved by asgerf
 2020-09-02 10:38:50 +01:00
Erik Krogh Kristensen
038cca814a Merge branch 'main' into ts4 2020-08-28 10:27:49 +02:00
Erik Krogh Kristensen
e6bfffaed3 update basic-block on ExceptionalFunctionReturnNode and FunctionReturnNode 2020-08-25 20:09:41 +02:00
Erik Krogh Kristensen
840f30f7bc add basic-block test to dataflow tests 2020-08-25 20:09:36 +02:00
Erik Krogh Kristensen
90422fe705 add support for delegating yield 2020-08-25 20:05:53 +02:00
Erik Krogh Kristensen
6a07e1e82b add more passing tests 2020-08-25 20:04:35 +02:00