codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	6d0c93b6a8	JS: introduce TaintTracking::AdditionalSanitizingCall	2018-11-12 10:21:39 +01:00
Esben Sparre Andreasen	2033bf81cc	JS: address docstring review comments	2018-11-12 10:03:08 +01:00
semmle-qlci	c9d77a2d6d	Merge pull request #443 from xiemaisi/js/improve-stack-trace-exposure Approved by asger-semmle	2018-11-12 08:40:26 +00:00
Aditya Sharad	761e5efd60	Merge master into next. JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum. C++ conflicts fixed by accepting Qltest output.	2018-11-09 18:49:35 +00:00
Max Schaefer	fa8736adbc	JavaScript: Introduce aliases for compatibility with other language libraries.	2018-11-09 11:27:14 +00:00
Max Schaefer	bdfe938d02	JavaScript: Improve `StackTraceExposure` query. It now also flags exposure of the entire exception object (not just the `stack` property).	2018-11-09 09:42:09 +00:00
semmle-qlci	a7290e5aeb	Merge pull request #434 from esben-semmle/js/type-confusion-with-taint-kinds Approved by asger-semmle	2018-11-09 08:25:55 +00:00
semmle-qlci	c19747803b	Merge pull request #425 from xiemaisi/js/lodash-recognition-extensible Approved by esben-semmle	2018-11-09 08:08:40 +00:00
Esben Sparre Andreasen	ca215391b4	JS: substitute Assignment for DataFlow::PropWrite	2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen	b7f424df41	JS: introduce DataFlow::PropWrite::getWriteNode	2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen	d813a7cad2	JS: push negation	2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen	470c241c82	JS: use range instead of ad hoc LT/GT	2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen	1389009388	JS: naming and doc cleanups	2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen	33a297c829	JS: add query: js/useless-assignment-to-property	2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen	6ee47c437e	JS: generalize and move DeadStoreOfLocal.qhelp to DeadStore.qhelp	2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen	cacb8fdee0	JS: move DeadStoreOfLocal::isDefaultInit to separate module	2018-11-08 13:23:19 +01:00
semmle-qlci	3c49bc6e67	Merge pull request #407 from asger-semmle/email-xss Approved by xiemaisi	2018-11-08 10:53:10 +00:00
semmle-qlci	29cabc0e09	Merge pull request #424 from esben-semmle/js/syntactic-nullOrUndefined Approved by asger-semmle	2018-11-08 10:52:44 +00:00
semmle-qlci	990c7e057f	Merge pull request #419 from xiemaisi/js/fix-mixed-whitespace Approved by esben-semmle	2018-11-07 23:47:48 +00:00
Aditya Sharad	ed49c623f1	Version: Bump to 1.18.2 release.	2018-11-07 14:36:40 +00:00
Asger F	e0d5557ef4	JS: add email HTML body as XSS sink	2018-11-07 11:31:40 +00:00
Esben Sparre Andreasen	f0343d0678	JS: use `isUserControlledObject` in js/type-confusion-through-parameter-tampering	2018-11-07 12:18:46 +01:00
Esben Sparre Andreasen	a2df4f9bfe	JS: mark Koa params as user-controlled objects	2018-11-07 12:18:46 +01:00
Aditya Sharad	194042348a	Eclipse plugins: Remove plugin metadata. This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.	2018-11-07 11:01:05 +00:00
Max Schaefer	b058854964	JavaScript: Teach type inference about AMD imports.	2018-11-07 09:18:21 +00:00
Max Schaefer	22640f891e	JavaScript: Make lodash/underscore recognition extensible.	2018-11-07 09:02:17 +00:00
Esben Sparre Andreasen	e6a190c06e	JS: replace .stripParens query uses w. .getUnderlyingReference	2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen	f04293f73c	JS: replace .stripParens library uses w. .getUnderlyingReference	2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen	43e215c7af	JS: replace .stripParens query uses w. .getUnderlyingValue	2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen	030d9202de	JS: replace .stripParens library uses w. .getUnderlyingValue	2018-11-07 09:32:02 +01:00
semmle-qlci	4225e0bb44	Merge pull request #356 from asger-semmle/parameter-node Approved by xiemaisi	2018-11-07 08:31:05 +00:00
semmle-qlci	2457eb98df	Merge pull request #166 from asger-semmle/documentable-self-assign Approved by esben-semmle, xiemaisi	2018-11-07 08:30:17 +00:00
semmle-qlci	c20e24d549	Merge pull request #385 from asger-semmle/async-model Approved by xiemaisi	2018-11-07 08:28:37 +00:00
semmle-qlci	282d1e2096	Merge pull request #404 from asger-semmle/useless-conditional2 Approved by xiemaisi	2018-11-07 08:28:01 +00:00
Max Schaefer	212a78b5fc	Merge pull request #323 from esben-semmle/js/always-return-type-inference JS: additional return type inference	2018-11-07 08:25:28 +00:00
Max Schaefer	5ffe45a80b	JavaScript: Fix mixed tabs/spaces in qhelp.	2018-11-07 07:40:51 +00:00
Esben Sparre Andreasen	a79a6a07b8	JS: stop tracking properties of object literals	2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen	a07c094437	JS: introduce TypeInferredCalleeWithAnalyzedReturnFlow	2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen	fef3573152	JS: use global layer in AnalyzedNode::getABooleanValue and -getAType	2018-11-06 16:04:46 +01:00
Asger F	1252cde7f3	JS: remove a comma	2018-11-06 12:24:34 +00:00
Asger F	c991d67fcb	JS: fix typos	2018-11-06 12:12:43 +00:00
Asger F	460521616c	JS: rename getIteratee to getIteratorCallback	2018-11-06 12:12:43 +00:00
Asger F	97d65fb82f	JS: fix bad join ordering	2018-11-06 12:12:43 +00:00
Asger F	b40fa3845f	JS: add model of async package	2018-11-06 12:12:43 +00:00
Aditya Sharad	553c2f5d34	Merge master into next. As of `2846d80f1c`.	2018-11-06 11:52:51 +00:00
semmle-qlci	76475fef3b	Merge pull request #406 from xiemaisi/js/configuration-fiddling Approved by asger-semmle	2018-11-06 11:51:12 +00:00
Asger F	87e0027974	JS: address comments	2018-11-06 10:29:04 +00:00
Asger F	56707fc79a	JS: recognize more conditionals in useless-conditional	2018-11-06 10:28:05 +00:00
Esben Sparre Andreasen	651f32514b	JS: use 'Util::describeExpression' in js/trivial-conditional	2018-11-05 13:00:07 +01:00
Esben Sparre Andreasen	4e54af3b41	JS: introduce 'Util::describeExpression'	2018-11-05 12:58:12 +01:00

... 92 93 94 95 96 ...

5056 Commits