hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 1,671 Branches 157 Tags
cs/assembly-prefix
Commit Graph

1713 Commits

Author SHA1 Message Date
Max Schaefer
18c23ecfd4 JavaScript: Introduce shared library for modelling XSS-relevant concepts. 
As its first application, this library makes it possible for `StoredXss` to reuse the `Source` classes of `DomBasedXss` and `ReflectedXss` without having to pull in their libraries (which contain their `Configuration` classes, causing `StoredXss` to recompute all flow information for the other two queries).
 2019-02-08 09:53:51 +00:00
Max Schaefer
3e26bc6446 JavaScript: Improve alert location and message for IncompleteSanitization. 
We now highlight the `replace` call (instead of the regular expression), and the alert message for the case of missing backslash escapes clarifies that it is talking about failure to escape backslashes in the input, not in the replacement text.
 2019-02-08 09:13:40 +00:00
Max Schaefer
aebc5bc6c3 JavaScript: Update qhelp example for CleartextStorage. 2019-02-08 08:43:22 +00:00
Max Schaefer
0be81dacdc JavaScript: Add classification of sensitive expressions. 
We now classify sensitive expressions into four categories (secret, id, password, certificate). This allows queries more fine-grained control over what kinds of sensitive data they want to deal with: for clear-text storage, for instance, user ids aren't so much of a problem.
 2019-02-08 08:43:22 +00:00
Max Schaefer
326b93bf84 JavaScript: Clean up classification of sensitive strings. 2019-02-08 08:43:22 +00:00
Asger F
6cc30fe732 JS: add stats for new relations 2019-02-07 12:00:53 +00:00
Asger F
e4b230ba60 Revert "Merge pull request #897 from Semmle/revert-817-closure-modules" 
This reverts commit 95185345fd, reversing
changes made to b8be66ec48.
 2019-02-07 11:58:38 +00:00
Esben Sparre Andreasen
5ad83360be JS: move default parameter values to the DefUse graph 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
f956e570cb JS: support default destructuring values in the dataflow graph 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
687b7f0a7f JS: exclude direct flow from the RHS in a destructuring assignment 2019-02-07 11:41:36 +01:00
Max Schaefer
447a1db616 JavaScript: Assign FileAccessToHttp and HttpToFileAccess a precision. 
They will now be run on LGTM, but their results won't be displayed by default.
 2019-02-07 09:48:05 +00:00
semmle-qlci
b4b37b3a7b Merge pull request #880 from esben-semmle/js/better-alert-message-1 
Approved by xiemaisi
 2019-02-07 08:01:21 +00:00
Max Schaefer
812cba0fe3 Merge pull request #828 from esben-semmle/js/vue-support-1 
JS: basic Vue support
 2019-02-07 08:00:17 +00:00
Asger F
e46e2b2515 Revert "JS: Add support for Closure modules" 2019-02-06 17:30:45 +00:00
semmle-qlci
b8be66ec48 Merge pull request #887 from asger-semmle/jsdoc-accessors 
Approved by xiemaisi
 2019-02-06 16:30:48 +00:00
semmle-qlci
b13c11017c Merge pull request #885 from asger-semmle/async-waterfall 
Approved by xiemaisi
 2019-02-06 16:30:17 +00:00
Esben Sparre Andreasen
235625d03a Merge branch 'master' into js/vue-support-1 2019-02-06 16:57:16 +01:00
semmle-qlci
09825f28ed Merge pull request #817 from asger-semmle/closure-modules 
Approved by esben-semmle, xiemaisi
 2019-02-06 15:51:53 +00:00
semmle-qlci
a2691b32b5 Merge pull request #851 from xiemaisi/js/post-message-star 
Approved by esben-semmle
 2019-02-06 09:57:04 +00:00
Esben Sparre Andreasen
f15af70c02 JS: use HTML::ScriptElement::getScript in Vue 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
5e2b1c026a JS: introduce HTML::ScriptElement::getScript() 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
a78dd422b6 JS: add query js/vue/arrow-method-on-vue-instance 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
ea175b2a9f JS: introduce Vue XSS sinks 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
a6cfee5f26 JS: prevent inlining of three auxiliary Vue methods 2019-02-06 09:37:23 +01:00
Esben Sparre Andreasen
ddf9ca2505 JS: introduce base Vue model 2019-02-06 09:37:23 +01:00
Asger F
46b996a936 JS: autoformat ¯\_(ツ)_/¯ 2019-02-05 16:52:06 +00:00
Asger F
cad5a064cd JS: recognize a-sync-waterfall package 2019-02-05 16:38:47 +00:00
Esben Sparre Andreasen
b72441f9c2 JS: use StringOps:: in js/incomplete-url-substring-sanitization 2019-02-05 15:17:55 +01:00
Asger F
51360d8772 JS: add Parameter.getJSDocTag 2019-02-05 11:35:16 +00:00
Asger F
8f3b0f584a JS: Extract predicates for ES2015/closure modules 2019-02-04 14:21:34 +00:00
Asger F
51fe31d049 JS: fix FPs in DeadStoreOfLocal 2019-02-04 14:21:34 +00:00
Asger F
6a451a6b53 JS: Fix InvalidExport.ql 2019-02-04 14:21:34 +00:00
Asger F
df88534b36 JS: use PropWrite in exports() predicate 2019-02-04 14:21:34 +00:00
Asger F
c707935841 JS: add Closure::moduleImport and Closure::moduleMember 2019-02-04 14:21:34 +00:00
Asger F
82c0756248 JS: autoformat 2019-02-04 14:21:34 +00:00
Asger F
2ae926462c JS: Move closure code into a module 2019-02-04 14:21:34 +00:00
Asger F
6bcae5e7c2 JS: address comments 2019-02-04 14:21:34 +00:00
Asger F
6a63c3f149 JS: raise precision of global accesses 2019-02-04 14:21:34 +00:00
Asger F
9589ccd40d JS: support imports/exports for closure library code 2019-02-04 14:21:34 +00:00
semmle-qlci
e195ac996e Merge pull request #868 from xiemaisi/js/discard-tokens-early 
Approved by esben-semmle
 2019-02-04 11:32:03 +00:00
Max Schaefer
9bfde9553d Merge pull request #839 from asger-semmle/field-propwrite 
JS: add PropWrites cases for instance fields initialization
 2019-02-01 10:56:25 +00:00
semmle-qlci
222738072d Merge pull request #840 from esben-semmle/js/propagate-sound-avalue 
Approved by xiemaisi
 2019-02-01 09:23:43 +00:00
Max Schaefer
b87abc9602 JavaScript: Extend suspiciousCredentials predicate to recognise authKey and similar. 2019-01-31 09:03:23 +00:00
Max Schaefer
87e62f0bd5 JavaScript: Teach PostMessageStar to reason about partially tainted objects. 2019-01-31 08:59:47 +00:00
Max Schaefer
aeb8cc62b2 JavaScript: Reclassify PostMessageStar as CWE-201. 2019-01-31 08:08:52 +00:00
Asger F
720f442ea5 JS: Rename to StaticClassMemberAsPropWrite 2019-01-30 15:49:21 +00:00
semmle-qlci
fc5b9dd55e Merge pull request #837 from asger-semmle/hardcoded-empty-string 
Approved by esben-semmle
 2019-01-30 13:40:39 +00:00
semmle-qlci
24c8a47bb1 Merge pull request #841 from asger-semmle/private-higher-order-call 
Approved by esben-semmle
 2019-01-30 13:34:04 +00:00
Felicity Chapman
54242f4009 Merge pull request #849 from jf205/locations 
Update links to QL help topics in GH repo files (SD-2999)
 2019-01-30 11:06:22 +00:00
Max Schaefer
769e407c24 JavaScript: Add new query PostMessageStar. 2019-01-30 10:26:43 +00:00