hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 1,672 Branches 157 Tags
cs/assembly-prefix
Commit Graph

1713 Commits

Author SHA1 Message Date
Asger F
1f897b4b63 JS: step through Error constructor and accept the potential FP 2019-05-07 10:11:41 +01:00
Asger F
36cefd8fc6 JS: Track taint through exceptions 2019-05-07 10:11:41 +01:00
semmle-qlci
3f70d91a11 Merge pull request #1288 from xiemaisi/js/fix-end-node-labels 
Approved by asger-semmle
 2019-04-30 07:32:29 +01:00
Max Schaefer
7ca5cc22d8 Merge pull request #1257 from asger-semmle/jsdoc 
JS: Add common interface between TypeExpr and JSDocTypeExpr
 2019-04-29 16:20:17 +01:00
Max Schaefer
8a34ea8b71 Merge pull request #1284 from esben-semmle/js/fix-azure-performance 
JS: fix azure performance
 2019-04-29 13:15:16 +01:00
semmle-qlci
52d6626547 Merge pull request #1242 from esben-semmle/js/whitelist-trailing-newline-removal 
Approved by xiemaisi
 2019-04-29 07:35:15 +01:00
Asger F
3e7bac465b JS: fix join ordering in SimpleParameter.getJSDocTag 2019-04-26 16:56:04 +01:00
Asger F
db3060d336 JS: Add missing override 2019-04-26 16:56:04 +01:00
Asger F
a17756c3d5 JS: Fix formatting 2019-04-26 16:56:04 +01:00
Asger F
9086dfdc6f JS: TypeAnnotation.getType() for backwards compatibility 2019-04-26 16:56:04 +01:00
Asger F
e9fcb670ff JS: Provide source locations for JSDocTypeExpr 2019-04-26 16:56:04 +01:00
Asger F
cf8c327a10 JS: make TypeAnnotation extend Locatable 2019-04-26 16:56:04 +01:00
Max Schaefer
c44f99a204 Update javascript/ql/src/semmle/javascript/Variables.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-04-26 16:56:04 +01:00
Asger F
6eb8c692b1 JS: Add partial backwards compatibility with ASTNode 2019-04-26 16:56:04 +01:00
Asger F
c9c9a32a37 JS: hasQualifiedName 2019-04-26 16:56:04 +01:00
Asger F
454fff1398 JS: Implement getAnUnderlyingType(). 2019-04-26 16:56:04 +01:00
Asger F
8458a64642 JS: implement isXXX methods in JSDocTypeExpr classes 2019-04-26 16:56:04 +01:00
Asger F
c92a6b72b5 JS: Update getTypeAnnotation() to return TypeAnnotations 2019-04-26 16:56:04 +01:00
Asger F
be5d90d4e7 JS: Make use of JSDocParamTag 2019-04-26 16:56:04 +01:00
Asger F
967752c6c1 JS: Add TypeAnnotations class 2019-04-26 16:56:04 +01:00
Max Schaefer
e2666a9203 Update javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll 
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com>
 2019-04-26 11:58:40 +02:00
Esben Sparre Andreasen
27f88c38ac JS: help the optimizer with NPMPackage/File relations 2019-04-26 11:49:07 +02:00
semmle-qlci
3231b60e6b Merge pull request #1272 from asger-semmle/access-path-capture 
Approved by xiemaisi
 2019-04-25 11:32:54 +01:00
Asger F
47ba7d3004 Merge pull request #1278 from xiemaisi/js/symbolic-constants 
JavaScript: Generalise `ConstantComparison` sanitisers.
 2019-04-25 11:17:22 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
semmle-qlci
a504ad4261 Merge pull request #1270 from xiemaisi/odasa/7904 
Approved by esben-semmle
 2019-04-24 21:50:07 +01:00
Asger F
a16753c125 JS: Add documentation 2019-04-24 10:12:55 +01:00
Max Schaefer
465be47574 JavaScript: Only follow level flow steps when summarising functions. 
It is not only wasteful to consider paths with unmatched calls/returns,
but also wrong; see test case in next commit.
 2019-04-23 13:16:30 +01:00
Max Schaefer
455dbccd05 JavaScript: Fix definitions of SourcePathNode and SinkPathNode. 
Their charpreds previously only ensured that they were on a path from a
source to a sink, not that they actually were the source and sink,
respectively. See two commits further for a test case.
 2019-04-23 13:15:47 +01:00
Asger F
08bc29cddb TS: fix analysis of export= statements 2019-04-23 13:09:40 +01:00
Esben Sparre Andreasen
ac0913c878 JS: add newline removal whitelist for js/incomplete-sanitization 2019-04-23 08:38:23 +02:00
Asger F
f3c80c738e JS: Unify access paths for captured variables 2019-04-18 11:27:15 +01:00
Max Schaefer
76e01f0055 JavaScript: Update TypeTracker to align with TypeBackTracker. 
It now also has `step` and `smallstep` predicates. In the usual case,
however, I think I prefer the `SourceNode::track` API, so I left the
recommended style in the qldoc alone (and adjusted the one for
`TypeBackTracker` to match).
 2019-04-18 09:08:09 +01:00
Max Schaefer
a61ca489f1 Merge pull request #1258 from asger-semmle/prototype-pollution 
JS: prototype pollution query template
 2019-04-17 12:58:05 +01:00
semmle-qlci
f36eafce3f Merge pull request #1246 from xiemaisi/js/hardcoded-password 
Approved by asger-semmle
 2019-04-17 08:54:09 +01:00
Asger F
48ca4ae0d8 JS: prototype pollution query template 2019-04-16 17:40:41 +01:00
semmle-qlci
ff25a3ee5a Merge pull request #1243 from asger-semmle/access-path-refinements 
Approved by xiemaisi
 2019-04-16 09:57:51 +01:00
Max Schaefer
65e508ae3b Merge pull request #1252 from esben-semmle/mb/1.20-master 
Mergeback: rc/1.20 into Semmle/master
 2019-04-16 09:27:50 +01:00
Max Schaefer
7af4baf57f Merge pull request #1220 from esben-semmle/js/another-getAPropertyAttribut-performance-fix 
JS: inline CallToObjectDefineProperty::getAPropertyAttribute
 2019-04-16 07:55:53 +01:00
Esben Sparre Andreasen
c80ee3df01 Mergeback: rc/1.20 into Semmle/master 2019-04-16 08:46:15 +02:00
Max Schaefer
4c9edafef3 Merge pull request #1211 from esben-semmle/js/type-tracking-for-incomplete-hostname-regexp 
JS: type tracking for js/incomplete-hostname-regexp
 2019-04-15 12:19:46 +01:00
Max Schaefer
1d5bb97121 JavaScript: Refine PasswordInConfigurationFile to avoid FPs. 
We now exclude passwords that look like they might be filled in via
templating or shell substitution.
 2019-04-15 12:10:21 +01:00
Max Schaefer
ce53a7d575 Merge pull request #1175 from psygnisfive/NullSensitiveContext 
[JS] Null Sensitive Context (new library)
 2019-04-15 08:50:14 +01:00
Rebecca Valentine
d4f2172bdc void exprs are also ok 2019-04-12 10:39:20 -07:00
Asger F
b36075ca46 JS: step through refinements in AccessPaths 2019-04-12 11:12:50 +01:00
Esben Sparre Andreasen
9c65277b53 JS: reformulate js/incomplete-hostname-regexp with type tracking 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
5a7101481c JS: make message for js/incomplete-hostname-regexp more informative 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
cf7d0a7ea5 JS: fixup qhelp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
74144b0271 JS: make RegExpPatterns::commonTLD more robust 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
9eb039038e JS: update docstring example for TypeBackTracker 2019-04-12 08:51:28 +02:00