hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

3047 Commits

Author SHA1 Message Date
semmle-qlci
bd15994bb4 Merge pull request #1367 from xiemaisi/js/configuration-api-consistency 
Approved by esben-semmle
 2019-05-28 12:26:58 +01:00
Asger F
ef1ad0d3b7 JS: Summary expected output (not taint-tracking config anymore) 2019-05-28 12:05:51 +01:00
Asger F
9f1617a6a8 JS: Update TaintedPath.expected (4x paths) 2019-05-28 11:22:08 +01:00
Asger F
6617747185 JS: Update DataFlowTracking output for booleanOps.js 2019-05-28 11:19:23 +01:00
Max Schaefer
86e96c6dc3 JavaScript: Introduce is{Barrier,Sanitizer}Edge predicate. 
This name is more intuitive than the previous binary
`is{Barrier,Sanitizer}` predicates, and is consistent with the other
languages.
 2019-05-28 08:08:14 +01:00
Max Schaefer
d9b3e461ba Merge pull request #1351 from asger-semmle/js-incomplete-nodes 
JS: Mark some more nodes as incomplete
 2019-05-28 07:59:23 +01:00
Max Schaefer
bad5465aad Merge pull request #1360 from asger-semmle/customize-window-document 
JS: Make some DOM concepts customizable
 2019-05-28 07:58:44 +01:00
Esben Sparre Andreasen
eb13ab52cf JS: sharpen js/prototype-pollution with version analysis 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
0660db37f6 JS: introduce SemVer matching library 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
1cea29d89f JS: improve prototype pollution tests 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
af3f0b1d04 JS: add test for missing support for package-lock.json 2019-05-27 22:32:32 +02:00
Max Schaefer
1bf7bcf010 Merge pull request #1356 from asger-semmle/tainted-path-cherry-picked 
JS: Refactor LabelledBarrierGuard
 2019-05-23 12:26:35 +01:00
Asger F
37fa2446d4 JS: review comments 2019-05-23 10:16:31 +01:00
Asger F
07d508d1bf JS: Track taint through .replace() 2019-05-23 09:23:48 +01:00
Asger F
1ec3475457 JS: All of TaintedPath 2019-05-23 09:23:47 +01:00
semmle-qlci
fac620d6f3 Merge pull request #1357 from asger-semmle/jump-to-namespace 
Approved by xiemaisi
 2019-05-23 09:00:24 +01:00
Asger F
9046fd15f7 JS: Update expected output of XSS query (benign) 2019-05-23 08:56:01 +01:00
Asger F
8b7dbf8b0f JS: Align DOM::locationRef with isDocumentURL 2019-05-23 08:45:08 +01:00
Asger F
8590042a7e JS: customizable window, document, DOM value 2019-05-22 15:49:56 +01:00
Asger F
153e778f7f JS: Remove jump-to-namespace 2019-05-22 14:42:48 +01:00
Asger F
6246eb2fe3 JS: Refactor LabeledSantizerGuard 2019-05-22 12:08:03 +01:00
Asger F
180b5443ba JS: Update output of incomplete.ql 2019-05-21 17:02:43 +01:00
Asger F
de2f323172 JS: Mark unused parameter nodes as incomplete 2019-05-21 16:53:39 +01:00
Asger F
69dbbcf1c8 JS: Mark destructuring nodes as incomplete 2019-05-21 16:52:35 +01:00
Asger F
faa47029d5 JS: Mark exceptional nodes as incomplete 2019-05-21 13:51:59 +01:00
Asger F
68ae409947 JS: Test for mismatch between taint and type inference 2019-05-21 13:26:02 +01:00
semmle-qlci
8cd3cb501a Merge pull request #1346 from xiemaisi/js/revert-1078 
Approved by esben-semmle
 2019-05-21 12:19:57 +01:00
semmle-qlci
fe920ecfaa Merge pull request #1331 from asger-semmle/destructuring-assignment-fix 
Approved by xiemaisi
 2019-05-21 11:32:36 +01:00
semmle-qlci
2b5b8751ea Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps 
Approved by esben-semmle, xiemaisi
 2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen
3af3c5413b Merge pull request #1318 from asger-semmle/prototype-pollution-query2 
Move prototype pollution query into suite
 2019-05-21 12:23:41 +02:00
Max Schaefer
924664afcf JavaScript: Manually revert #1078. 
In its present form, `getAnUndefinedReturn` does not handle `finally`
blocks correctly. For example, in this snippet

```
try {
  return 42;
} finally {
  cleanup();
}
```

the call to `cleanup` is erroneously considered an undefined return.

We currently don't use the predicate anywhere, so it seems best to back
it out for the time being.
 2019-05-21 08:26:58 +01:00
Asger F
d4880540e8 JS: Update .expected after rebasing 2019-05-20 11:21:50 +01:00
Asger F
9989fcee21 JS: Add DataFlow::Configuration test 2019-05-20 09:22:02 +01:00
Asger F
87e0831872 JS: Fix flow for nested destructurings 2019-05-20 09:22:02 +01:00
Esben Sparre Andreasen
8256f2e736 Merge pull request #1308 from asger-semmle/exceptional-flow 
JS: Add flow through exceptions
 2019-05-17 08:33:44 +02:00
Asger F
65cbd47a2d Merge pull request #1314 from xiemaisi/js/fix-hardcoded-pw-fps 
JavaScript: Further broaden the whitelist in `PasswordInConfigurationFile`.
 2019-05-16 14:42:09 +01:00
Asger F
9293010e4c JS: Fix some FPs in IncorrectSuffixCheck 2019-05-16 10:56:17 +01:00
Asger F
aaf503837d JS: Move prototype pollution into real query 2019-05-13 15:20:25 +01:00
Max Schaefer
b478c0ddaa JavaScript: Further broaden the whitelist in PasswordInConfigurationFile. 2019-05-09 17:07:59 +01:00
semmle-qlci
9653fbd4f7 Merge pull request #1311 from emarteca/unreachableThrows 
Approved by xiemaisi
 2019-05-09 10:37:41 +01:00
Ellen Arteca
a12d12d59a JavaScript: Update UnreachableStmt query so unreachable throws no longer gives an alert 2019-05-08 16:25:54 +01:00
Max Schaefer
c16e9a77f3 JavaScript: Fix a few false positives in PasswordInConfigurationFile. 2019-05-08 08:26:05 +01:00
Asger F
a3cf07af7e JS: Add flow steps through iteration callback 2019-05-07 13:52:31 +01:00
Asger F
e7bf485807 JS: Add another interprocedural flow test case 2019-05-07 10:33:01 +01:00
Asger F
3cbd6d3786 JS: Test case for nested statements 2019-05-07 10:26:30 +01:00
Asger F
f3a4acf0b2 JS: Add async functions to test 2019-05-07 10:11:42 +01:00
Asger F
1f897b4b63 JS: step through Error constructor and accept the potential FP 2019-05-07 10:11:41 +01:00
Asger F
b0090c2fe6 JS: Add test case for flow through new Error() 2019-05-07 10:11:41 +01:00
Asger F
36cefd8fc6 JS: Track taint through exceptions 2019-05-07 10:11:41 +01:00
Asger F
5c8dd7eedd TS: Add workaround for 'globalThis' getProperties() crash 2019-04-30 12:44:58 +01:00