hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

6874 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
4cde48cfb8 change comma to dot in qldoc 2020-09-21 10:23:21 +02:00
Erik Krogh Kristensen
edebbd640e revert change to return-type 2020-09-21 10:18:22 +02:00
Erik Krogh Kristensen
6c050d3160 revert change of return-type 2020-09-20 22:21:42 +02:00
Erik Krogh Kristensen
ae228cb5b2 move new predicates to a more fitting location 2020-09-20 22:15:03 +02:00
Erik Krogh Kristensen
5fd4c7a422 use PartialInvokeNode 2020-09-20 22:06:48 +02:00
Erik Krogh Kristensen
bef09254ee rename forwardingCall to isAForwardingRouteHandlerCall 2020-09-20 21:59:33 +02:00
Erik Krogh Kristensen
62332121b2 remove getNumParameter constraint 2020-09-20 21:57:55 +02:00
Erik Krogh Kristensen
3aaa2d11a7 rename decoratedRouteHandler to isDecoratedCall 2020-09-20 21:54:56 +02:00
Erik Krogh Kristensen
0b16f81f8b improve performance by using RouteHandlerCandidate 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
b4e75bf567 update expected output 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
1f95311342 further loosen the RouteHandlerCandidate heuristic 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
3eaa56ed60 support containers with decorated route handlers 2020-09-18 09:29:08 +02:00
Erik Krogh Kristensen
c087e94d47 add additional indirect route-handler steps 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
02c1d689e4 support indirect route-handlers for NodeJS 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
dafcd59148 add another indirect route-handler test 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
43e5c0212c add basic support for indirect route handlers 2020-09-18 09:26:33 +02:00
CodeQL CI
c2175b678c Merge pull request #4263 from erik-krogh/importScripts 
Approved by esbena
 2020-09-16 06:01:35 -07:00
CodeQL CI
951e3093d2 Merge pull request #4231 from erik-krogh/CVE767 
Approved by asgerf
 2020-09-15 03:47:40 -07:00
Erik Krogh Kristensen
2de94abe9f Merge pull request #4244 from erik-krogh/badJQueryJoin 
JS: Fix Bad join orders in UnsafeJQueryPlugin
 2020-09-15 12:29:25 +02:00
Erik Krogh Kristensen
fa255f3534 add test for self.importScripts(..) 2020-09-15 12:23:48 +02:00
Asger Feldthaus
d728c3948c JS: Log the amount of memory passed to TypeScript process 2020-09-15 09:17:42 +01:00
Erik Krogh Kristensen
c5b5a4fd55 improve performance of NodeJS::NodeModule::exports 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
c1cb19abd7 add level PreCallGrapSteps to the callgraph 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
f2ecb63e5a add a direct Export step as a PreCallGraphStep 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
29457c52dc add reexported test to PackageExports test 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
61f6580d1e add API in PackageExports.qll for getting a value exported under a name 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
d3653b3030 add support for re-exports using the spread operator for NodeJS exports 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
03a3c4f4b2 update expected output 2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
f4f96ce04d use new source in client-side-url-redirect test 2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
cb7de2714a add onmessage handlers registered using global property as PostMessageEventHandler 2020-09-14 16:50:45 +02:00
Asger F
c106b6777c Merge pull request #4254 from asgerf/js/bump-extractor-version-string 
JS: Bump extractor version string
 2020-09-14 15:17:29 +01:00
Erik Krogh Kristensen
6e84ac8e6c add test for importScripts 2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen
2e3df74dce add importScripts as a sink for js/client-side-unvalidated-url-redirection 2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen
6fb534f178 fix catastrophic join order in UnsafeJQueryPlugin 2020-09-14 09:59:48 +02:00
Erik Krogh Kristensen
9502869e3c improve join-order for aliasPropertyPresenceStep 2020-09-14 09:59:22 +02:00
Asger Feldthaus
1d92cbb655 JS: Bump extractor version string 2020-09-12 09:22:12 +01:00
CodeQL CI
903bc007b8 Merge pull request #4082 from max-schaefer/js/api-graph 
Approved by asgerf
 2020-09-11 04:41:38 -07:00
Max Schaefer
b71a8e2ad0 JavaScript: Expose an API-graph predicate that is useful for flow summaries. 2020-09-10 08:44:06 +01:00
CodeQL CI
a1cec12377 Merge pull request #4220 from erik-krogh/colonCmd 
Approved by esbena
 2020-09-09 10:13:14 +01:00
Erik Krogh Kristensen
cffe573d06 add taint-steps for underscore methods 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
eb80705e99 add a taint-step for require("bluebird").mapSeries() 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
b97c09a319 use tuples to simplify arrayFunctionTaintStep 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
bb97829e1d add a model for the ClientRequest new require("net").Socket() 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
d5097d820d support direct callbacks to require("net").createServer 2020-09-09 09:46:17 +02:00
Erik Krogh Kristensen
4515d27ad2 Merge branch 'main' of https://github.com/github/codeql into pr/erik-krogh/4220 2020-09-08 14:10:15 +00:00
Jonas Jensen
0935d1e155 JS: Deprecate the Block class alias 2020-09-08 08:40:20 +02:00
Max Schaefer
b8a492473b JavaScript: Stop tracking canonical function names in API graphs. 
This blows up on the TypeScript compiler, and is likely to be much less useful than tracking type names and namespaces, which we still do.
 2020-09-07 16:47:45 +01:00
Asger F
d3f19721e6 Merge pull request #4153 from erik-krogh/snake_case_pr 
JS: rename dbscheme predicates to consistently use snake_case in dbscheme
 2020-09-07 16:21:32 +01:00
Max Schaefer
423d87b812 JavaScript: Rename TNode to TApiNode. 
This prevents spurious recomputation of a cached stage.
 2020-09-07 14:02:37 +01:00
Erik Krogh Kristensen
55b79f445c recognize commands with slash and underscore 2020-09-07 14:28:28 +02:00