hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
5acd1ca26d JS: improve alert location of js/angular/duplicate-dependency 2018-12-11 21:47:08 +01:00
Asger F
a01a9dc5cc JS: add crypto.pseudoRandomBytes as source in InsecureRandomness.ql 2018-12-11 16:06:22 +00:00
Aditya Sharad
dde42a5723 Merge rc/1.19 into next. 2018-12-11 14:38:58 +00:00
Esben Sparre Andreasen
376ed7a4d2 JS: generalize js/command-line-injection to handle ConstantString 2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen
a1d92bfa50 JS: generalize js/incomplete-sanitization to handle ConstantString 2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen
1bc73ab592 JS: address review comments 2018-12-11 13:03:17 +01:00
Esben Sparre Andreasen
73aa223b08 JS: handle additional multi-license file patterns 2018-12-11 09:55:38 +01:00
Max Schaefer
4d186e0edc JavaScript: Teach Unused{Variable,Parameter} to ignore variables with leading underscore. 2018-12-11 08:50:50 +00:00
Esben Sparre Andreasen
edbef289a7 JS: improve whitespace handling for multi-license file recognition 2018-12-11 09:30:10 +01:00
Esben Sparre Andreasen
e016098f86 JS: support purs classification 2018-12-11 09:17:01 +01:00
Esben Sparre Andreasen
3879e57f18 JS: support <meta name="generator"/> classification 2018-12-11 09:12:39 +01:00
Esben Sparre Andreasen
a295dfd2c5 JS: support AutoRest classification 2018-12-11 08:54:19 +01:00
Esben Sparre Andreasen
ab519d4abf JS: rename query 
"Incomplete URL regular expression" -> "Incomplete regular expression for hostnames".
 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
7c6e28d917 JS: introduce near-empty RegularExpressions.qll 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
994fe1bea5 JS: address non-semantic review comments 2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen
d4e4bc6a0b JS: sharpen js/incomplete-url-regexp by not matching .* or .+ 2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen
52ca696ff4 JS: add query js/incomplete-url-regexp 2018-12-10 22:20:29 +01:00
Esben Sparre Andreasen
6d6379fc09 JS: address review comments 2018-12-10 22:03:52 +01:00
semmle-qlci
57de628ab8 Merge pull request #650 from xiemaisi/js/nomagic-isDOMProperty 
Approved by asger-semmle
 2018-12-10 13:52:47 +00:00
Max Schaefer
e7df9b8b01 JavaScript: Avoid unhelpful magic. 2018-12-10 10:40:37 +00:00
semmle-qlci
1ca27e2c18 Merge pull request #647 from xiemaisi/js/fix-msita-perf 
Approved by esben-semmle
 2018-12-09 21:32:31 +00:00
Max Schaefer
74e70615ed JavaScript: Fix performance regression in MixedStaticInstanceThisAccess. 2018-12-07 13:17:36 +00:00
Aditya Sharad
fcfab26267 Merge rc/1.19 into next. 2018-12-07 12:31:51 +00:00
semmle-qlci
9e73ed71b9 Merge pull request #623 from esben-semmle/js/incomplete-url-sanitization 
Approved by mc-semmle
 2018-12-06 20:46:37 +00:00
Esben Sparre Andreasen
4f53411397 JS: recognize HTTP URLs in js/incomplete-url-sanitization 2018-12-06 15:53:20 +01:00
Esben Sparre Andreasen
229eea00dc JS: add query js/incomplete-url-substring-sanitization 2018-12-06 15:53:20 +01:00
semmle-qlci
3397533045 Merge pull request #628 from xiemaisi/js/setUnsafeHTML 
Approved by esben-semmle
 2018-12-06 13:58:52 +00:00
Esben Sparre Andreasen
45b207c21b JS: introduce models of three cookie libraries 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
28b4a78430 JS: introduce DOM::PersistentWebStorage 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
7fb752784a JS: introduce persistent read/write pairs as a taint step 2018-12-06 10:36:10 +01:00
Max Schaefer
ef347b3870 JavaScript: Teach Xss query about WinJS HTML injection functions. 2018-12-06 09:13:21 +00:00
semmle-qlci
bc91e0f53b Merge pull request #624 from Semmle/xiemaisi-patch-2 
Approved by esben-semmle
 2018-12-06 08:04:37 +00:00
Sam Lanning
2ea148016c JS: Fix syntax error in js/react/inconsistent-state-update example 2018-12-05 16:44:40 -08:00
Max Schaefer
13a9903c21 JavaScript: Remove redundant conjunct in MixedStaticInstanceThisAccess. 
Minor cleanup, but might as well go into the release.
 2018-12-05 15:11:32 +00:00
Max Schaefer
a1f210df67 JavaScript: Address review comments. 2018-12-05 14:10:06 +00:00
Max Schaefer
22502e7a10 JavaScript: Add query help for FileAccessToHttp query. 2018-12-05 13:12:52 +00:00
Max Schaefer
92c1e655dd JavaScript: Add query help for HttpToFileAccess query. 2018-12-05 12:58:38 +00:00
Max Schaefer
3c00d4be6d Merge pull request #607 from esben-semmle/js/more-react-methods 
JS: model additional React component methods
 2018-12-05 08:00:16 +00:00
semmle-qlci
d05b11f00d Merge pull request #587 from asger-semmle/incorrect-suffix-check 
Approved by mc-semmle, xiemaisi
 2018-12-04 16:18:42 +00:00
Aditya Sharad
3caf4e52a7 Merge rc/1.19 into next. 2018-12-04 12:39:41 +00:00
Asger F
7121a18eba JS: address comments 2018-12-04 10:40:43 +00:00
Esben Sparre Andreasen
679db191f5 JS: move shared conjunct up 2018-12-04 10:55:24 +01:00
Esben Sparre Andreasen
a342fa36c6 JS: support React getSnapshotBeforeUpdate 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
67b1487384 JS: support React shouldComponentUpdate 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
417dac7ad6 JS: support React getDerivedStateFromProps 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
9ff3d2ef1f JS: introduce ReactComponent::getStaticMethod 2018-12-04 10:48:35 +01:00
semmle-qlci
3d058a2895 Merge pull request #603 from xiemaisi/js/fix-inconsistent-new 
Approved by asger-semmle, esben-semmle
 2018-12-03 16:48:55 +00:00
semmle-qlci
b58c263fd0 Merge pull request #602 from esben-semmle/js/additional-route-handlers-from-context 
Approved by xiemaisi
 2018-12-03 14:31:10 +00:00
Max Schaefer
8627ddbe4b JavaScript: Adjust alert message. 2018-12-03 12:38:00 +00:00
Asger F
1130d0c6f9 JS: add comment about arrays 2018-12-03 11:23:02 +00:00