hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
e47575ce5b more precise getChild for matching "../" 2020-04-14 10:24:08 +02:00
Pavel Avgustinov
6737e99d65 Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
Asger Feldthaus
25d5cc78cb JS: Use entry location instead of whole container 2020-04-09 09:18:26 +01:00
Asger Feldthaus
d9f81b082b JS: Autoformat 2020-04-09 07:45:00 +01:00
Asger Feldthaus
47934310ef JS: Hide captured nodes in path explanations 2020-04-08 19:58:36 +01:00
semmle-qlci
404f7225a1 Merge pull request #3196 from asger-semmle/js/unnecessary-source-node-range 
Approved by esbena
 2020-04-08 18:44:02 +01:00
Asger Feldthaus
4ca3ac5ee9 JS: Add another warning 2020-04-08 10:30:45 +01:00
Asger F
4acb9da2cf Update javascript/ql/src/semmle/javascript/frameworks/LazyCache.qll 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-08 10:30:21 +01:00
Asger Feldthaus
1f496d3c6b JS: Add CapturedVariableNode 2020-04-07 19:02:46 +01:00
Henning Makholm
bf579dedd4 Add extractor field in base language QL packs 2020-04-06 18:48:01 +02:00
Asger Feldthaus
7da0345c6a JS: Autoformat 2020-04-06 12:30:04 +01:00
Asger Feldthaus
2c6beadf68 JS: Recognize more forms of scheme checks 2020-04-06 12:30:03 +01:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
semmle-qlci
a8098a2b2d Merge pull request #3197 from erik-krogh/NormalPathSanitizer 
Approved by asgerf
 2020-04-03 16:33:18 +01:00
Erik Krogh Kristensen
9c2053168b writing out the truth table for DotDotSlashPrefixRemovingReplace 2020-04-03 15:46:47 +02:00
semmle-qlci
676da02118 Merge pull request #3192 from asger-semmle/js/missing-await-not-delete 
Approved by esbena
 2020-04-03 13:21:48 +01:00
Erik Krogh Kristensen
94751c1b31 dst can be relative for "../" replace call 2020-04-03 11:08:31 +02:00
semmle-qlci
dc774e0eac Merge pull request #3166 from erik-krogh/DeadLocal 
Approved by asgerf
 2020-04-03 09:36:20 +01:00
Erik Krogh Kristensen
e46cde17a1 add a "../" removing taint-step for js/path-injection 2020-04-03 09:42:05 +02:00
Asger Feldthaus
ffbbdd7779 JS: Autoformat 2020-04-02 23:04:24 +01:00
Asger Feldthaus
93971e9433 JS: Make local flow not depend on SourceNode 2020-04-02 23:03:29 +01:00
Asger Feldthaus
346867f425 JS: Remove Import->SourceNode dependency from AMD 2020-04-02 23:03:29 +01:00
Asger Feldthaus
3804d3fcfd JS: Remove Import->SourceNode dependency from lazy cache 2020-04-02 23:03:20 +01:00
Erik Krogh Kristensen
845020d2ae change getReceiver to getAMethodCall 2020-04-02 20:28:27 +02:00
Erik Krogh Kristensen
2c0bae4937 Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-02 20:28:04 +02:00
Asger Feldthaus
8f930fc3e6 JS: Remove recursive SourceNode from AngularJS 2020-04-02 12:25:33 +01:00
Asger Feldthaus
ee106b1103 JS: Remove tautological SourceNode::Range subclasses 2020-04-02 12:21:17 +01:00
Asger Feldthaus
3a9d047cf5 JS: Ignore delete expressions in js/missing-await 2020-04-02 11:35:09 +01:00
Erik Krogh Kristensen
32b86ab91a autoformat 2020-04-01 20:44:47 +02:00
Erik Krogh Kristensen
957b60f84b split fuzzy read/writes on collections into 2 pseudo-properties 2020-04-01 14:25:41 +02:00
Erik Krogh Kristensen
b1bf7f9f3d introduce pseudoProperty helper predicates 2020-04-01 14:08:56 +02:00
Erik Krogh Kristensen
59840149e8 introduce a PseudoProperty type in Collections.qll 2020-04-01 12:16:09 +02:00
Erik Krogh Kristensen
b2b009cdd9 qldoc adjustment 2020-04-01 11:34:25 +02:00
Erik Krogh Kristensen
1be326a37b add a CopyStep type-tracking step, for loadStoreSteps that loads and stores the same property 2020-04-01 11:21:05 +02:00
Erik Krogh Kristensen
a188c6f804 qldoc changes and renaming 2020-04-01 11:12:54 +02:00
Erik Krogh Kristensen
49a8a48a72 autoformat 2020-03-31 20:27:05 +02:00
Erik Krogh Kristensen
64c813612f autoformat 2020-03-31 13:56:01 +02:00
Erik Krogh Kristensen
8ae55fb1c4 add top level QLDoc to MapAndSet.qll 2020-03-31 13:55:34 +02:00
Erik Krogh Kristensen
45797dc729 autoformat 2020-03-31 13:53:00 +02:00
Erik Krogh Kristensen
3784b180d8 changes based on review 2020-03-31 12:07:55 +02:00
Erik Krogh Kristensen
546431c83d dataflow and typetracking steps for Maps and Sets 2020-03-31 11:21:34 +02:00
Erik Krogh Kristensen
25aea900b6 add more dataflow steps for Arrays 2020-03-31 11:21:25 +02:00
Erik Krogh Kristensen
a02213e745 change LoadStoreStep such that it can store in different property 2020-03-31 11:20:57 +02:00
semmle-qlci
0feb7f87e4 Merge pull request #2761 from erik-krogh/UrlSearch 
Approved by asgerf
 2020-03-31 09:46:48 +01:00
semmle-qlci
73dd4c8686 Merge pull request #3133 from asger-semmle/js/dictionary-taint-step-regression 
Approved by esbena
 2020-03-31 09:28:55 +01:00
Erik Krogh Kristensen
40fd1825e9 autoformat 2020-03-31 09:08:32 +02:00
Erik Krogh Kristensen
7938bc4ed0 improve alert message for js/useless-assignment-to-local 2020-03-30 20:19:50 +02:00
semmle-qlci
fce04f0bd0 Merge pull request #3127 from erik-krogh/PromiseTrack 
Approved by asgerf
 2020-03-30 11:56:33 +01:00
Asger Feldthaus
a317b87b81 JS: Fix perf issue in DictionaryTaintStep 2020-03-30 11:23:47 +01:00
Erik Krogh Kristensen
f55005a0ec more precise warning message for implicit string/number conversions 2020-03-30 11:17:56 +02:00