6736 Commits

Author	SHA1	Message	Date
Rasmus Lerchedahl Petersen	77c329fb0f	Python/JS: Make much more private	2021-07-02 12:13:52 +02:00
Asger Feldthaus	c3b7d85341	JS: Update test output after rebasing	2021-07-02 11:57:45 +02:00
Asger Feldthaus	7249d2892a	JS: Add comment to VueTemplateSink class	2021-07-02 11:55:56 +02:00
Asger Feldthaus	0105b829c4	JS: Update test output	2021-07-02 11:55:56 +02:00
Asger Feldthaus	6d9b96f6e8	JS: Dont use getALocalSource() when marking Vue template sinks	2021-07-02 11:55:56 +02:00
Asger Feldthaus	472b41f5e1	JS: Update React to handle string literals being SourceNodes	2021-07-02 11:55:56 +02:00
Asger Feldthaus	39c204ac39	JS: Treat string literals as source nodes	2021-07-02 11:55:56 +02:00
Asger Feldthaus	8177b5747a	JS: Bump TypeScript version to 4.3.5	2021-07-02 10:57:27 +02:00
CodeQL CI	61ee193dc0	Merge pull request #6197 from asgerf/js/recompose ... Approved by esbena	2021-07-02 00:58:06 -07:00
Esben Sparre Andreasen	0cf9c95981	Merge pull request #6193 from esbena/esbena/mootools-xss ... JS: add Mootools XSS sinks	2021-07-02 09:24:56 +02:00
Rasmus Lerchedahl Petersen	eee56e0156	Python/JS: Make most of the new library private	2021-07-01 15:34:06 +02:00
Asger Feldthaus	993cc29275	JS: Autoformat	2021-07-01 14:22:44 +02:00
Esben Sparre Andreasen	85b9003af4	JS: add Mootools XSS sinks	2021-07-01 09:17:27 +02:00
Asger Feldthaus	376efaa46c	JS: Change note	2021-06-30 15:10:52 +02:00
Asger Feldthaus	780453008a	JS: Drive-by fixes in ComposedFunctions.qll	2021-06-30 15:07:59 +02:00
Asger Feldthaus	7e2871bfdf	JS: Propagate React components through recompose HOCs	2021-06-30 15:05:28 +02:00
Rasmus Lerchedahl Petersen	d2eeaff441	JS: Refactor ReDoS to make files sharable ... the extra ordering conditions in ReDoSUtil will be needed for the Python implementation.	2021-06-28 17:04:48 +02:00
Aditya Sharad	61e6dcb56d	Ensure only one query per language is tagged lines-of-code ... Some languages have multiple `summary` queries for lines of code, representing different forms of counting (user written, total, etc). When Code Scanning sees results from multiple such summary queries in a single run, it will need to choose one as the primary LoC count to display in the UI. By ensuring only one query per language has the `lines-of-code` tag, in future we can teach Code Scanning to look for this particular tag to identify the primary LoC count. If a "lines of user code" query is available, use that. Otherwise use the total "lines of code". (It is completely fine for multiple queries to be tagged with `summary`.)	2021-06-25 16:45:37 -07:00
CodeQL CI	28c060e758	Merge pull request #6113 from erik-krogh/promise ... Approved by esbena	2021-06-24 13:25:42 -07:00
CodeQL CI	c02c96369d	Merge pull request #6139 from erik-krogh/colors ... Approved by esbena	2021-06-23 14:02:17 -07:00
Erik Krogh Kristensen	dbc8b9cf6a	autoformat	2021-06-23 14:21:15 +02:00
CodeQL CI	a86f50e091	Merge pull request #6135 from erik-krogh/chokidar ... Approved by esbena	2021-06-23 05:16:06 -07:00
CodeQL CI	b66f4cb965	Merge pull request #6134 from erik-krogh/templates ... Approved by asgerf, esbena	2021-06-23 05:09:23 -07:00
Erik Krogh Kristensen	6cf275bb36	update change-note ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-06-23 10:42:26 +02:00
Erik Krogh Kristensen	700dfcc3a7	add comment about why colors/safe is not safe ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-06-23 10:39:56 +02:00
Erik Krogh Kristensen	8b5c285ac8	add support for the chokidar library	2021-06-23 09:59:34 +02:00
Erik Krogh Kristensen	fa02651542	add taint step through the strip-ansi library	2021-06-23 09:13:03 +02:00
Erik Krogh Kristensen	fe76341820	add taint step through the chalk library	2021-06-23 09:12:48 +02:00
Erik Krogh Kristensen	053d9b5564	add taint step through the kleur library	2021-06-23 09:12:25 +02:00
CodeQL CI	37b66f9045	Merge pull request #6117 from asgerf/js/sharpen-match-calls ... Approved by esbena	2021-06-22 22:52:37 -07:00
Erik Krogh Kristensen	6e2b92468f	add taint step through the slice-ansi library	2021-06-22 23:14:14 +02:00
Erik Krogh Kristensen	35c513d38a	add taint step through the cli-color library	2021-06-22 23:10:40 +02:00
Erik Krogh Kristensen	ec9c885908	add taint step through the cli-highlight library	2021-06-22 23:06:50 +02:00
Erik Krogh Kristensen	d114cdc6e5	add taint step through the colorette library	2021-06-22 23:02:01 +02:00
Erik Krogh Kristensen	e4427bb34a	add taint step through the wrap-ansi library	2021-06-22 22:59:03 +02:00
Erik Krogh Kristensen	626a653401	add taint step through the colors library	2021-06-22 22:55:15 +02:00
Erik Krogh Kristensen	a21ebbbe8f	add taint step through the ansi-colors library	2021-06-22 22:47:58 +02:00
CodeQL CI	d719a1e627	Merge pull request #6114 from erik-krogh/promisify ... Approved by esbena	2021-06-22 12:19:38 -07:00
Erik Krogh Kristensen	2ba2642c7a	add more template sinks for the js/code-injection query	2021-06-22 20:24:42 +02:00
CodeQL CI	bde1bb4030	Merge pull request #6126 from erik-krogh/dates ... Approved by esbena	2021-06-22 10:35:51 -07:00
Erik Krogh Kristensen	062502fecc	add back support for util-promisifyall	2021-06-22 15:34:51 +02:00
Asger Feldthaus	16e3681fd3	JS: Update RegExpInjection test case	2021-06-22 12:00:04 +02:00
Erik Krogh Kristensen	4360e5dcbc	add model of the thenify library	2021-06-22 11:55:58 +02:00
Erik Krogh Kristensen	61cc415a32	add model of the util.promisify library	2021-06-22 11:55:58 +02:00
Erik Krogh Kristensen	2f3ea4412f	add model of the pify library	2021-06-22 11:55:54 +02:00
Erik Krogh Kristensen	c736606695	add support for moment/dayjs/luxon instances returned by @date-io adapters	2021-06-22 10:42:24 +02:00
Erik Krogh Kristensen	f2ca2134d1	refactor promisify models into a module	2021-06-22 10:40:22 +02:00
Erik Krogh Kristensen	f53955fb5e	add support for the promise.allsettled library	2021-06-22 10:30:33 +02:00
Erik Krogh Kristensen	95a7b16315	add support for the lie polyfill	2021-06-22 10:30:33 +02:00
Erik Krogh Kristensen	085efe5d20	add support for the any-promise polyfill	2021-06-22 10:30:33 +02:00