hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
bbdf6b0f1d JS: mark PrintfStyleCall as a taint step 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen
c058b91587 JS: extract PrintfStyleCall out of TaintedFormatString 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen
be8a32bb18 JS: add sanitizer support for ~whitelist.indexOf(x) 2018-08-20 20:32:57 +02:00
semmle-qlci
e1f3637b66 Merge pull request #75 from asger-semmle/server-side-url-redirect-performance 
Approved by xiemaisi
 2018-08-20 14:53:16 +01:00
semmle-qlci
0adeef73ff Merge pull request #74 from xiemaisi/js/multi-step-export-from 
Approved by asger-semmle
 2018-08-20 12:36:26 +01:00
Max Schaefer
b2e304951e Merge branch 'master' into ts-typescript2.9 2018-08-20 08:14:58 +01:00
Max Schaefer
a9f1e21363 JavaScript: Fix exported name of default re-exports. 
A default re-export (not part of the standard yet) looks like this:

```
export f from 'mod';
```

What this means is that the default export of `mod` is re-exported under the name `f`.

Default re-export specifiers (like `f` in this example) are modelled as a kind of default export specifier in our library, but unlike normal default export specifiers they do not export the name `default`.

This was previously not modelled correctly, leading to surprising errors down the line, for example in type inference where we suddenly would no longer be able to resolve an import that otherwise looked resolvable.
 2018-08-20 08:02:15 +01:00
semmle-qlci
44e4b25f42 Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen
0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Esben Sparre Andreasen
b4952e7bfd JS: improve and expose SensitiveActions::HeuristicNames 2018-08-20 08:27:42 +02:00
Esben Sparre Andreasen
804c06bd59 JS: add models of logging frameworks 2018-08-20 08:27:42 +02:00
Robert Marsh
4da9d6d795 JavaScript: add support for Electron http client 2018-08-17 10:16:51 -07:00
Asger F
c902a4e880 TypeScript: add classes for "import" types 2018-08-17 14:26:32 +01:00
Asger F
875b6d0155 TypeScript: add "import" types to dbscheme 2018-08-17 14:26:32 +01:00
Asger F
4dc1462b6b JavaScript: fix performance issue in ServerSideUrlRedirect.qll 2018-08-17 14:02:19 +01:00
semmle-qlci
6132b2c419 Merge pull request #34 from esben-semmle/js/twitter_text-library 
Approved by xiemaisi
 2018-08-15 14:45:52 +01:00
semmle-qlci
8e5059f43a Merge pull request #58 from xiemaisi/js/demote-heterogeneous-comparison 
Approved by asger-semmle
 2018-08-15 09:01:24 +01:00
Max Schaefer
105b6c9d84 Merge pull request #59 from tibbes/js/fix-qhelp-typo 
JS: fix typo in qhelp (parameter type confusion)
 2018-08-15 08:36:25 +01:00
Esben Sparre Andreasen
a025dafcf5 JS: classify twitter-text library instances 2018-08-15 08:51:31 +02:00
Max Schaefer
303b0a0027 JavaScript: Demote HeterogenousComparison to warning level. 2018-08-14 15:54:07 +01:00
Julian Tibble
5456ffb64c JS: fix typo in qhelp (parameter type confusion) 2018-08-14 13:07:20 +01:00
Max Schaefer
886329689f JavaScript: Teach globalVarRef about top-level this and the global npm package. 2018-08-14 09:15:15 +01:00
Asger F
66dcd7d4c7 JavaScript: add taint step from return value of 'map' callback 2018-08-13 12:15:24 +01:00
Asger F
0c124d2f8c JavaScript: add taint step through 'join' 2018-08-13 12:12:25 +01:00
semmle-qlci
c0fe0a1d24 Merge pull request #46 from asger-semmle/html-sanitizers 
Approved by xiemaisi
 2018-08-13 10:16:15 +01:00
semmle-qlci
3d0748c542 Merge pull request #48 from xiemaisi/js/webview-sinks 
Approved by asger-semmle
 2018-08-13 09:37:33 +01:00
Max Schaefer
199990feea JavaScript: Add WebView-related taint sinks for CodeInjection, DomBasedXss and ServerSideUrlRedirect. 2018-08-10 15:59:27 +01:00
Max Schaefer
3ce82aff02 JavaScript: Add basic modelling of React Native WebViews. 2018-08-10 15:59:27 +01:00
semmle-qlci
945413a791 Merge pull request #42 from tibbes/qhelp/fix-links 
Approved by jbj, xiemaisi
 2018-08-10 13:00:17 +01:00
semmle-qlci
2478c6e150 Merge pull request #43 from xiemaisi/js/odasa-7275 
Approved by
 2018-08-10 12:52:05 +01:00
Asger F
1add8b0766 JavaScript: add doc comment 2018-08-10 12:27:39 +01:00
Asger Feldthaus
2b5684d1b9 JavaScript: Add library for HTML sanitizers 2018-08-10 12:27:39 +01:00
Julian Tibble
98e866e967 C++, JS: fix broken links in query help 2018-08-10 08:40:22 +01:00
Asger F
b00938e9b3 Make NodeJSLib use moduleMember for ES6-compatibility 2018-08-09 15:10:21 +01:00
Max Schaefer
e32dc08cd0 Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization 
JS: change alert location for js/incomplete-object-initialization
 2018-08-09 13:58:11 +01:00
Max Schaefer
41da997651 JavaScript: Teach IncompleteSanitization to recognize incomplete URL {en,de}coding. 2018-08-09 12:44:16 +01:00
Max Schaefer
badb167962 Merge pull request #35 from esben-semmle/js/classify-application-insight 
JS: classify the ApplicationInsights library instance
 2018-08-09 08:12:12 +01:00
Max Schaefer
0de9eed71c Merge pull request #32 from asger-semmle/export-import-flow 
TypeScript: bugfixes for import-assign statement
 2018-08-08 16:35:43 +01:00
Esben Sparre Andreasen
2589cf70c9 JS: classify the ApplicationInsights library instance 2018-08-08 15:39:22 +02:00
Max Schaefer
355302eac4 Merge pull request #29 from esben-semmle/js/fixup-angularjs-filter-argument-index 
JS: fix an off-by-one error in the AngularJS expression AST
 2018-08-08 14:03:55 +01:00
Max Schaefer
854dc0cbeb Merge pull request #28 from esben-semmle/js/whitelist-empty-functions 
JS: permit some calls with spurious arguments to empty functions
 2018-08-08 14:03:18 +01:00
Asger F
94bac1253d TypeScript: bugfixes for import-assign statement 2018-08-08 12:02:28 +01:00
Esben Sparre Andreasen
8ee943f264 JS: restrict alert location to a single line 2018-08-08 10:50:42 +02:00
Esben Sparre Andreasen
e1947f04df JS: change alert location for js/incomplete-object-initialization 2018-08-08 10:43:52 +02:00
Esben Sparre Andreasen
4e98ce21b4 JS: permit some calls with spurious arguments to empty functions 2018-08-08 10:13:02 +02:00
Max Schaefer
1a5585c83c Merge pull request #21 from esben-semmle/js/urilibraries-members 
JS: refactor UriLibraries.qll models to use `DataFlow::moduleMember`
 2018-08-08 09:08:04 +01:00
Esben Sparre Andreasen
343b922c29 JS: fix an off-by-one error in the AngularJS expression AST 2018-08-08 09:58:57 +02:00
semmle-qlci
4d97570a1a Merge pull request #17 from xiemaisi/js/rename-unused-var 
Approved by esben-semmle
 2018-08-07 15:01:37 +01:00
Esben Sparre Andreasen
3b00b9b8da JS: refactor UriLibraries.qll models to use DataFlow::moduleMember 2018-08-07 12:58:09 +02:00
semmle-qlci
6533ddfeaf Merge pull request #20 from esben-semmle/js/more-auth-calls-and-rate-limiters 
Approved by xiemaisi
 2018-08-07 09:42:07 +01:00