hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
1b908ce030 improve printing of DeclStmt, and remove escaped whitespace chars from printed output 2020-10-15 10:43:32 +02:00
Erik Krogh Kristensen
c033ae9b7f add one more case to getAPrimaryQlClass 2020-10-15 10:05:07 +02:00
Erik Krogh Kristensen
ab10c28cc4 change the default sorting order for print children to be location based 2020-10-15 09:53:52 +02:00
Erik Krogh Kristensen
74243d39aa remove location for arguments/parameters print node 2020-10-15 09:48:55 +02:00
Max Schaefer
1c04c07f07 JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction. 2020-10-14 10:03:04 +01:00
Erik Krogh Kristensen
96db3459d0 remove stray todo 2020-10-13 11:48:06 +02:00
CodeQL CI
e2b0c60627 Merge pull request #4449 from max-schaefer/js/api-graphs-type-handling-improvements 
Approved by erik-krogh
 2020-10-12 11:41:21 -07:00
Max Schaefer
9ac70e3044 JavaScript: Clarify the relationship between MkCanonicalName{Def,Use} with an upper-case M and mkCanonicalName{Def,Use} with a lower-case m. 2020-10-12 16:29:11 +01:00
CodeQL CI
8eb84b2599 Merge pull request #4391 from max-schaefer/js/api-graph-reexport 
Approved by asgerf
 2020-10-12 05:26:53 -07:00
Erik Krogh Kristensen
2fb19f0b11 refactor into a single regular expression with two capture groups 2020-10-09 14:50:16 +02:00
Erik Krogh Kristensen
f6f8bbd1d8 Update javascript/ql/src/semmle/javascript/frameworks/ServerLess.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-10-09 14:46:31 +02:00
Erik Krogh Kristensen
3b328baaef changes based on review 2020-10-08 21:54:23 +02:00
Erik Krogh Kristensen
65b90c411c Update javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-10-08 21:28:50 +02:00
Erik Krogh Kristensen
d3e3c11fa6 add printAst query for printing JS/TS/JSON/YAML/HTML 2020-10-08 21:20:28 +02:00
Erik Krogh Kristensen
1ed026fcce add a RemoteFlowSource for serverless handlers 2020-10-06 22:36:21 +02:00
Erik Krogh Kristensen
050ed97d9c add node-serialize as a js/code-injection sink 2020-10-06 22:35:38 +02:00
Max Schaefer
1d8051eee0 JavaScript: Further improve handling of re-exports in API graphs. 2020-10-06 14:22:55 +01:00
Max Schaefer
d054206004 JavaScript: Improve handling of re-exports in API graphs. 2020-10-06 14:22:51 +01:00
Max Schaefer
96bf82e1ca JavaScript: Make new source-node classes in API graphs more general and more useful. 2020-10-06 14:21:36 +01:00
CodeQL CI
4e116ba0db Merge pull request #4419 from erik-krogh/jsxFactory 
Approved by asgerf
 2020-10-06 06:13:21 -07:00
CodeQL CI
0753c8a31b Merge pull request #4247 from erik-krogh/CVE760-reexport 
Approved by asgerf
 2020-10-06 06:10:21 -07:00
CodeQL CI
ef703e72d8 Merge pull request #4401 from asgerf/js/angular-prerequisites 
Approved by erik-krogh
 2020-10-06 06:09:48 -07:00
CodeQL CI
7e6fa7b4be Merge pull request #4392 from erik-krogh/flask 
Approved by asgerf
 2020-10-06 03:41:36 -07:00
Erik Krogh Kristensen
f7f82ffe4e Merge branch 'main' into CVE760-reexport 2020-10-06 12:28:44 +02:00
CodeQL CI
bc1d3de8fe Merge pull request #4376 from erik-krogh/simpParam 
Approved by asgerf
 2020-10-06 03:24:43 -07:00
Erik Krogh Kristensen
99213b94f5 detect uses of jsxFactory and jsxFragmentFactory in js/unused-local-variable 2020-10-06 12:23:15 +02:00
Asger Feldthaus
a962a8a3bd JS: Autoformat 2020-10-06 10:01:36 +01:00
Max Schaefer
0109805ab0 JavaScript: Use new API in NoSQL models. 2020-10-06 09:45:03 +01:00
Max Schaefer
8277d5c08f JavaScript: Introduce convenience predicate for working with typed API-graph nodes. 2020-10-06 09:25:35 +01:00
Max Schaefer
9206549a38 JavaScript: Make integration of TypeScript canonical names with modules in API graphs more consistent. 
Previously, canonical names were direct successors of module definitions/uses, now they are successors of exports/imports.
 2020-10-06 09:25:35 +01:00
Erik Krogh Kristensen
d6dc4bb655 allow flask url_for urls in TargetBlank.ql 2020-10-05 21:40:24 +02:00
Erik Krogh Kristensen
7d8bb339b6 add support for destructuring object exports in getAnExportedValue 2020-10-05 21:38:31 +02:00
CodeQL CI
339c0721c5 Merge pull request #4344 from esbena/js/fixup-cwe-20-to-cwe-020 
Approved by erik-krogh
 2020-10-05 12:30:53 -07:00
CodeQL CI
e95b665556 Merge pull request #4363 from erik-krogh/nosql-api 
Approved by max-schaefer
 2020-10-05 12:01:34 -07:00
Erik Krogh Kristensen
c1b5357e74 remove stray todo 2020-10-05 16:53:05 +02:00
Erik Krogh Kristensen
2753a4f379 Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-10-05 15:11:04 +02:00
CodeQL CI
43b2c90538 Merge pull request #4400 from max-schaefer/js/api-graph-classrefs 
Approved by asgerf
 2020-10-05 03:12:23 -07:00
Asger Feldthaus
8689a9b3b9 JS: Fix a bad join order in barrierGuardBlocksNode 2020-10-05 09:55:22 +01:00
Asger Feldthaus
790d2ba0fc JS: Fix FPs from ParameterFieldAsPropWrite.getPropertyNameExpr 2020-10-05 09:55:22 +01:00
Asger Feldthaus
cad259fb83 JS: Use more types in DOM model 2020-10-05 09:55:22 +01:00
Asger Feldthaus
3dabff6b17 JS: Recognize field types in untyped code 2020-10-05 09:55:22 +01:00
Erik Krogh Kristensen
856ad07694 join-order improvement in NoSQL.qll 2020-10-03 22:07:34 +02:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Erik Krogh Kristensen
6acb199074 improve precision using getAnImmediateUse to check parameter names 2020-10-02 11:09:50 +02:00
Erik Krogh Kristensen
abdbe92720 refactor the NoSQL model to use API graphs 2020-10-02 10:42:49 +02:00
Max Schaefer
98e93a7b9d JavaScript: Improve API-graph support for function-style classes. 2020-10-02 09:25:51 +01:00
Chris Smowton
aa707e9370 Merge pull request #4381 from smowton/smowton/admin/fix-owasp-broken-links 
Fix OWASP broken links
 2020-10-02 08:51:36 +01:00
Aditya Sharad
f7f05476a2 Merge pull request #4375 from adityasharad/javascript/client-side-url-redirect-regexp 
JavaScript: Track taint through RegExp.prototype.exec for URL redirection
 2020-10-01 09:55:19 -07:00