hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 1,671 Branches 157 Tags
cs/assembly-prefix
Commit Graph

1713 Commits

Author SHA1 Message Date
Max Schaefer
1bf7bcf010 Merge pull request #1356 from asger-semmle/tainted-path-cherry-picked 
JS: Refactor LabelledBarrierGuard
 2019-05-23 12:26:35 +01:00
Asger F
6bb011a4cc JS: Stop using data/taint as flow labels in TaintedPath 2019-05-23 10:16:41 +01:00
Asger F
0823f6c935 JS: fix use of dataOrTaint() 2019-05-23 10:16:41 +01:00
Asger F
37fa2446d4 JS: review comments 2019-05-23 10:16:31 +01:00
Asger F
07d508d1bf JS: Track taint through .replace() 2019-05-23 09:23:48 +01:00
Asger F
1ec3475457 JS: All of TaintedPath 2019-05-23 09:23:47 +01:00
semmle-qlci
fac620d6f3 Merge pull request #1357 from asger-semmle/jump-to-namespace 
Approved by xiemaisi
 2019-05-23 09:00:24 +01:00
Asger F
2fc0ab5595 JS: Stop using the AST-based isDocumentURL internally 2019-05-23 08:55:21 +01:00
Asger F
8b7dbf8b0f JS: Align DOM::locationRef with isDocumentURL 2019-05-23 08:45:08 +01:00
Asger F
8590042a7e JS: customizable window, document, DOM value 2019-05-22 15:49:56 +01:00
Asger F
153e778f7f JS: Remove jump-to-namespace 2019-05-22 14:42:48 +01:00
Asger F
deb217326d JS: Update our own queries 2019-05-22 13:13:08 +01:00
Asger F
61ef73b0f7 JS: Add change note and deprecation member 2019-05-22 12:23:29 +01:00
Asger F
6246eb2fe3 JS: Refactor LabeledSantizerGuard 2019-05-22 12:08:03 +01:00
semmle-qlci
dc8123db8e Merge pull request #1355 from xiemaisi/js/data-flow-api-fiddling 
Approved by asger-semmle
 2019-05-22 10:40:32 +01:00
semmle-qlci
c100c70a65 Merge pull request #1348 from xiemaisi/js/add-external-link-cwe 
Approved by esben-semmle
 2019-05-22 08:12:51 +01:00
semmle-qlci
114ba0e722 Merge pull request #1349 from EdoDodo/js-performance 
Approved by xiemaisi
 2019-05-21 17:50:01 +01:00
Asger F
de2f323172 JS: Mark unused parameter nodes as incomplete 2019-05-21 16:53:39 +01:00
Asger F
69dbbcf1c8 JS: Mark destructuring nodes as incomplete 2019-05-21 16:52:35 +01:00
Asger F
faa47029d5 JS: Mark exceptional nodes as incomplete 2019-05-21 13:51:59 +01:00
Edoardo Pirovano
9d2580f778 JS: Fix performance regression of query. 2019-05-21 12:26:11 +01:00
semmle-qlci
8cd3cb501a Merge pull request #1346 from xiemaisi/js/revert-1078 
Approved by esben-semmle
 2019-05-21 12:19:57 +01:00
Max Schaefer
cf22761ccc JavaScript: Add CWE-1022 to TargetBlank. 2019-05-21 12:16:32 +01:00
semmle-qlci
fe920ecfaa Merge pull request #1331 from asger-semmle/destructuring-assignment-fix 
Approved by xiemaisi
 2019-05-21 11:32:36 +01:00
semmle-qlci
2b5b8751ea Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps 
Approved by esben-semmle, xiemaisi
 2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen
3af3c5413b Merge pull request #1318 from asger-semmle/prototype-pollution-query2 
Move prototype pollution query into suite
 2019-05-21 12:23:41 +02:00
Max Schaefer
924664afcf JavaScript: Manually revert #1078. 
In its present form, `getAnUndefinedReturn` does not handle `finally`
blocks correctly. For example, in this snippet

```
try {
  return 42;
} finally {
  cleanup();
}
```

the call to `cleanup` is erroneously considered an undefined return.

We currently don't use the predicate anywhere, so it seems best to back
it out for the time being.
 2019-05-21 08:26:58 +01:00
Asger F
ba69e19e95 JS: Address doc review 2019-05-20 16:46:27 +01:00
Max Schaefer
7b7f92c19e JavaScript: Introduce SSA::definition and SSA::variable. 2019-05-20 16:22:01 +01:00
Max Schaefer
fb744a6c53 JavaScript: Introduce Parameter.getVariable(). 2019-05-20 16:01:12 +01:00
Max Schaefer
2cb33f6088 JavaScript: Introduce DataFlow::ExprNode and exprNode for consistency with other languages. 2019-05-20 15:55:03 +01:00
Asger F
87e0831872 JS: Fix flow for nested destructurings 2019-05-20 09:22:02 +01:00
Esben Sparre Andreasen
8256f2e736 Merge pull request #1308 from asger-semmle/exceptional-flow 
JS: Add flow through exceptions
 2019-05-17 08:33:44 +02:00
Asger F
65cbd47a2d Merge pull request #1314 from xiemaisi/js/fix-hardcoded-pw-fps 
JavaScript: Further broaden the whitelist in `PasswordInConfigurationFile`.
 2019-05-16 14:42:09 +01:00
Asger F
9293010e4c JS: Fix some FPs in IncorrectSuffixCheck 2019-05-16 10:56:17 +01:00
Asger F
8fe2319a23 JS: Fix lurking cartesian product in Express 2019-05-15 18:07:24 +01:00
Asger F
682f2790cd JS: Address comments 2019-05-15 10:09:56 +01:00
Asger F
778244878a JS: Normalize whitespace 2019-05-14 10:31:28 +01:00
Asger F
fd9765b99f JS: Add qhelp 2019-05-13 17:31:12 +01:00
Asger F
0c715f7540 JS: Lower precision to medium 2019-05-13 15:20:40 +01:00
Asger F
aaf503837d JS: Move prototype pollution into real query 2019-05-13 15:20:25 +01:00
Asger F
4db7aa6ed2 JS: Relax type inference to account for overriding 2019-05-13 10:18:19 +01:00
Max Schaefer
b478c0ddaa JavaScript: Further broaden the whitelist in PasswordInConfigurationFile. 2019-05-09 17:07:59 +01:00
semmle-qlci
9653fbd4f7 Merge pull request #1311 from emarteca/unreachableThrows 
Approved by xiemaisi
 2019-05-09 10:37:41 +01:00
Ellen Arteca
a12d12d59a JavaScript: Update UnreachableStmt query so unreachable throws no longer gives an alert 2019-05-08 16:25:54 +01:00
Asger F
27e8ea85f7 JS: Fix bug from sorting lines 2019-05-08 10:42:14 +01:00
Max Schaefer
c16e9a77f3 JavaScript: Fix a few false positives in PasswordInConfigurationFile. 2019-05-08 08:26:05 +01:00
Asger F
86885f4ff0 JS: Address comments 2019-05-07 18:00:36 +01:00
Asger F
7c9d20ae81 JS: Implement for TrackedNode to maintain consistency 2019-05-07 17:38:43 +01:00
Asger F
a3cf07af7e JS: Add flow steps through iteration callback 2019-05-07 13:52:31 +01:00