hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

6736 Commits

Author SHA1 Message Date
Asger F
93440014a0 JS: only propagate through first argument of truncate() 2019-02-25 17:11:55 +00:00
Asger F
d45f670646 JS: remove duplicate modelling of urlDecode/urlEncode 2019-02-25 17:04:56 +00:00
Asger F
29de1411b7 JS: remove restriction on truncate calls 2019-02-25 17:00:47 +00:00
Asger F
50e8f83ad5 JS: use globalVarRef/SourceNode instead 2019-02-25 16:54:45 +00:00
Asger F
8354909d46 JS: add closure library in globalObjectRef 2019-02-25 16:45:47 +00:00
Asger F
d70d0e21cc JS: add format function 2019-02-25 16:30:44 +00:00
Asger F
fab0afd755 JS: model string functions from closure library 2019-02-25 16:08:47 +00:00
Esben Sparre Andreasen
8e01ccd892 JS: fix docstring: s/node1/pred + s/node2/succ 2019-02-25 16:51:30 +01:00
semmle-qlci
58cc8d0ecc Merge pull request #936 from xiemaisi/js/revive-electron-support 
Approved by esben-semmle
 2019-02-25 15:23:20 +00:00
Esben Sparre Andreasen
ab1b1c1431 JS: update docstring 2019-02-25 16:11:35 +01:00
Esben Sparre Andreasen
4dc147d506 JS: rename CapturedSource -> LocalObject (files) 2019-02-25 16:09:07 +01:00
Asger F
050626aca0 JS: remove audit alerts from package.json 2019-02-25 15:04:47 +00:00
Esben Sparre Andreasen
66367987af JS: rename CapturedSource -> LocalObject 2019-02-25 16:04:37 +01:00
Esben Sparre Andreasen
65fb1423b7 JS: format test case (update expected output) 2019-02-25 15:55:44 +01:00
Esben Sparre Andreasen
1150f4c02b JS: add documentation to test case 2019-02-25 15:52:23 +01:00
Esben Sparre Andreasen
0d94fe3f54 JS: analyze assignments in with correctly 2019-02-25 15:32:17 +01:00
Esben Sparre Andreasen
047b69a4c2 JS: address review comments 2019-02-25 15:19:00 +01:00
Esben Sparre Andreasen
46a1c75549 Merge pull request #973 from xiemaisi/js/remove-package-json 
JavaScript: Delete an unused `package.json` in a test.
 2019-02-25 14:05:22 +01:00
Asger F
7d14429dce JS: handle deeper access paths in Closure::moduleImport 2019-02-25 12:31:18 +00:00
Asger F
2f6496f6bd JS: add test with undeclared nested access 2019-02-25 12:27:36 +00:00
semmle-qlci
c31ccbc114 Merge pull request #925 from asger-semmle/closure-reorg 
Approved by xiemaisi
 2019-02-25 12:02:00 +00:00
Esben Sparre Andreasen
b0358d7d11 JS: autoformat 2019-02-25 12:44:55 +01:00
Asger F
707886f259 JS: minor qldoc fixes 2019-02-25 11:31:09 +00:00
Asger F
b31d7d1f5f JS: add test case 2019-02-25 11:31:09 +00:00
Asger F
eab034ccfd JS: add ModuleImportNode::Range 2019-02-25 11:31:08 +00:00
Asger F
e9bc728919 JS: fixes in qldoc 2019-02-25 11:26:12 +00:00
Esben Sparre Andreasen
97edfc5524 JS: address review comments 2019-02-25 12:17:56 +01:00
Esben Sparre Andreasen
80a716f3b3 JS: fixup visibility of DataFlow::HtmlAttributeNode 2019-02-25 12:17:56 +01:00
Esben Sparre Andreasen
4ce7ec1661 JS: add XSS vector for Vue's v-html 2019-02-25 12:17:56 +01:00
Esben Sparre Andreasen
4c5e48fbbc JS: introduce DataFlow::HtmlAttributeNode 2019-02-25 12:17:56 +01:00
Esben Sparre Andreasen
da1ffcfd1b JS: introduce Vue Template Element 2019-02-25 12:17:33 +01:00
Esben Sparre Andreasen
9f4f945975 JS: introduce Vue::InstanceHeapStep 2019-02-25 12:17:33 +01:00
Asger F
614ba92fac JS: add ClassContainsTwo.expected 2019-02-25 09:51:40 +00:00
Asger F
86153be64b JS: fix qldoc 2019-02-25 09:51:31 +00:00
semmle-qlci
014d4b9ed0 Merge pull request #934 from asger-semmle/module-import 
Approved by xiemaisi
 2019-02-25 09:46:52 +00:00
Max Schaefer
d4dbe3bfb6 JavaScript: Back out parsing of qualified XML identifiers. 
Their syntax conflicts with the proposed function-bind operator, which is more important to support.
 2019-02-24 21:30:59 +00:00
Max Schaefer
6a90459d6a JavaScript: Add upgrade script. 2019-02-24 21:06:29 +00:00
Max Schaefer
7491b5ea53 JavaScript: Add a comment. 2019-02-24 21:02:12 +00:00
Max Schaefer
f726125b71 JavaScript: Restrict E4X processing instruction disambiguation to the <?xml ...?> case. 2019-02-24 20:56:43 +00:00
Max Schaefer
cc216ad250 JavaScript: Buffer recoverable syntax errors during speculative parsing. 
Analogous to how we buffer tokens, we need to delay reporting these errors until we have committed to a parse.
 2019-02-24 20:45:41 +00:00
Max Schaefer
c7e428eb27 JavaScript: Handle E4X/Flow lexical ambiguity. 2019-02-24 20:45:41 +00:00
Max Schaefer
d6deefed86 JavaScript: Accept CDATA in E4X content. 2019-02-24 20:45:41 +00:00
Max Schaefer
81b86d9a0f JavaScript: Skip XML processing instructions in E4X content. 2019-02-24 20:45:41 +00:00
Max Schaefer
be67d5129a JavaScript: Add QL library support for E4X. 2019-02-24 20:45:41 +00:00
Max Schaefer
5a89024507 JavaScript: Be more lenient about keywords used as identifiers. 2019-02-24 20:45:41 +00:00
Max Schaefer
dbbb961b48 JavaScript: Accept let expressions with an object literal as their body. 2019-02-24 20:45:41 +00:00
Max Schaefer
63ed569724 JavaScript: Recover from missing initializers in const/destructuring declarations. 2019-02-24 20:45:41 +00:00
Max Schaefer
fbf2774bb3 JavaScript: Accept expression-bodied function declarations in experimental mode. 2019-02-24 20:45:41 +00:00
Max Schaefer
a42bec7f44 JavaScript: Accept comments in E4X XML literals (but not in JSX HTML literals). 2019-02-24 20:45:41 +00:00
Max Schaefer
b2366c7a68 JavaScript: Refactor parsing of JSX element content. 2019-02-24 20:45:41 +00:00