hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
semmle-qlci
d2f3574427 Merge pull request #2165 from erik-krogh/dosHigh 
Approved by asger-semmle
 2019-10-25 16:28:07 +01:00
Erik Krogh Kristensen
5b26d03f1c introduce backtracking, and also marking join/slice calls 2019-10-25 16:50:09 +02:00
Max Schaefer
89f68f47a0 JavaScript: Improve type inference for captured variables. 2019-10-25 14:22:24 +01:00
Max Schaefer
6269dd99ab JavaScript: Improve type inference for destructuring assignments. 2019-10-25 14:22:24 +01:00
Asger F
7ed31baeea JS: Rename to upward navigation 2019-10-25 13:07:07 +01:00
Asger F
39e2d1480e JS: Default to imprecision zero by default 2019-10-25 12:20:16 +01:00
Asger F
ad645d3d50 JS: Restrict sendfile sink 2019-10-25 09:57:10 +01:00
Erik Krogh Kristensen
5489a80372 add query for detecting ignored calls to Array.prototype.concat 2019-10-24 16:17:19 +02:00
Erik Krogh Kristensen
5c07750286 simplify the heuristic for Deferred promises 2019-10-24 15:51:36 +02:00
Erik Krogh Kristensen
834b572f45 add initial support for expressions in TypeScript 2019-10-24 10:17:00 +02:00
Pavel Avgustinov
325dbfe9c0 Merge pull request #2172 from hmakholm/qlpack.yml 
qlpack files are now YAML rather than JSON
 2019-10-22 17:19:52 +01:00
semmle-qlci
cbfa1cd058 Merge pull request #2168 from xiemaisi/js/remove-duplicate-configuration 
Approved by erik-krogh
 2019-10-22 17:02:26 +01:00
Henning Makholm
347d97c14c qlpack.json is now qlpack.yml 2019-10-22 17:36:35 +02:00
Henning Makholm
fd768a1af6 Add some new-style suite definitions 2019-10-22 15:51:00 +02:00
semmle-qlci
cb3a05c6de Merge pull request #2166 from xiemaisi/js/fix-typo 
Approved by esben-semmle
 2019-10-22 12:38:10 +01:00
Max Schaefer
1c23615742 JavaScript: Fix typo in doc comment. 2019-10-22 10:44:25 +01:00
Erik Krogh Kristensen
ad3185c558 simplify lastStatementHasNoEffect and use the control-flow to determine which statement is the last 2019-10-22 10:33:05 +02:00
Erik Krogh Kristensen
db22916850 fix the alwaysHasNoEffect predicate, and rename it to lastStatementHasNoEffect 2019-10-22 09:37:19 +02:00
semmle-qlci
1c79ec550e Merge pull request #2092 from esben-semmle/js/brittle-system-reflection-command 
Approved by mchammer01, xiemaisi
 2019-10-22 08:36:44 +01:00
Erik Krogh Kristensen
1ae8e25603 change precision of js/loop-bound-injection and fix a false positive 2019-10-22 09:21:19 +02:00
semmle-qlci
eb9d90dff6 Merge pull request #2143 from esben-semmle/js/fix-all-sanitisers 
Approved by xiemaisi
 2019-10-22 07:16:27 +01:00
semmle-qlci
0dcb189e67 Merge pull request #2162 from xiemaisi/js/remove-deprecated-queries 
Approved by esben-semmle
 2019-10-22 07:15:58 +01:00
Esben Sparre Andreasen
5a983cb535 JS: add query js/shell-command-injection-from-environment 2019-10-21 23:31:55 +02:00
Erik Krogh Kristensen
2e0244cda6 address review feedback 2019-10-21 20:32:45 +02:00
Max Schaefer
b9203377c7 JavaScript: Remove a duplicate Configuration class. 2019-10-21 17:32:02 +01:00
Max Schaefer
55fb86d618 JavaScript: Remove deprecated queries. 
These queries have all been deprecated since 1.17 (released in July 2018). I think it's time to say goodbye.
 2019-10-21 14:42:02 +01:00
Erik Krogh Kristensen
9eda120de4 implement a new query to detect unreachable overloaded methods in TypeScript 2019-10-21 13:34:42 +02:00
Asger F
0ad9067b7d JS: pragma[noopt] -> pragma[noinline] 2019-10-21 11:32:22 +01:00
Asger F
96b6c83eba JS: Tests and fixes for PartialInvokeNode 2019-10-21 11:32:22 +01:00
Asger F
3dcb134e6b JS: Improve documentation 2019-10-18 17:00:38 +01:00
Esben Sparre Andreasen
80a32aebc1 JS: add SystemCommandExecution::isShellInterpreted 2019-10-17 13:29:24 +02:00
Max Schaefer
a4bffe35fd JavaScript: Add support for globalThis. 2019-10-17 12:04:01 +01:00
Esben Sparre Andreasen
93b1e59d62 JS: fix spelling: sanitisers -> sanitizers 2019-10-17 09:05:03 +02:00
semmle-qlci
280a62ed30 Merge pull request #2138 from Semmle/xiemaisi-patch-1 
Approved by erik-krogh
 2019-10-16 15:14:29 +01:00
Pavel Avgustinov
7fa6c54731 Merge pull request #2119 from hmakholm/pr/qlpacks 
Add qlpack.json files
 2019-10-16 14:27:10 +01:00
Max Schaefer
f963ebcddc JavaScript: Remove stray comma from @tags. 2019-10-16 12:42:33 +01:00
Esben Sparre Andreasen
e1d7434be4 JS: add query js/useless-regexp-character-escape 2019-10-16 00:15:54 +02:00
Max Schaefer
dca808126f Merge pull request #2032 from erik-krogh/lessSpaces 
JS: remove false positive in js/missing-space-in-concatenation
 2019-10-14 14:25:40 +01:00
Erik Krogh Kristensen
28056791a5 add .getALocalSource() when testing for lodash-members 2019-10-14 14:14:26 +02:00
Henning Makholm
29167bbff8 Add qlpack.json files 
Eventually these files will subsume the current `queries.xml` files
at the top of query-containing and library directories. For now they're
just here to support internal testing of the tooling support for them
we're writing on.

Format and contents is a work in progress. If you're not in Semmle,
don't depend on anything here making sense (or staying stable) until
you see the version tags increase to something nonzero.
 2019-10-12 17:38:01 +02:00
Erik Krogh Kristensen
592cb18bf4 add array callbacks to useOfReturnlessFunction query 2019-10-11 16:26:27 +02:00
Erik Krogh Kristensen
31009d979d add type tracking to detect instances 2019-10-11 12:04:34 +02:00
Erik Krogh Kristensen
0a6b343820 add "class Deferred{...}" as potential Deferred implementation to fix the tests 2019-10-10 11:50:34 +02:00
Erik Krogh Kristensen
4ec825b5b6 made model of Deferred more precise 2019-10-09 16:18:04 +02:00
Esben Sparre Andreasen
0e79d3db46 Merge pull request #2065 from erik-krogh/noReturn 
JS: use of returnless function
 2019-10-09 13:44:39 +02:00
Asger F
cf24fa22c8 JS: Dont use deprecated class 2019-10-09 12:16:12 +01:00
Asger F
ddf0d5379d JS: Angular: replace getAnInitialUse with parameterNode 2019-10-09 12:16:11 +01:00
Asger F
07df479b94 JS: IllegalInvocation: be more convservative 2019-10-09 12:16:11 +01:00
Asger F
d3f587c12a JS: Restrict class values flowing through globals 2019-10-09 12:16:11 +01:00
Asger F
bdc409ccb6 JS: Move getACallee into CallGraphs module 2019-10-09 12:16:11 +01:00