hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 1,671 Branches 157 Tags
cs/assembly-prefix
Commit Graph

1713 Commits

Author SHA1 Message Date
Max Schaefer
7e7899faba JavaScript: Add predicate DataFlow::Node.getTopLevel(). 2019-01-09 09:05:11 +00:00
Max Schaefer
3e56e9eaf9 JavaScript: Add predicate AbstractCallable.getDefinition. 2019-01-09 09:05:09 +00:00
Asger F
45a5d0ee3a JS: autoformat 2019-01-08 12:30:07 +00:00
Asger F
6816f33a3d JS: Handle case-insensitive lodash imports 2019-01-08 12:29:28 +00:00
Max Schaefer
8951eaead3 JavaScript: Improve caching of getACallee and related predicates. 2019-01-08 09:42:44 +00:00
Max Schaefer
627583fffa JavaScript: Refactor UselessConditional for performance. 2019-01-08 09:40:49 +00:00
Max Schaefer
de429752d1 JavaScript: Restructure implementation of DataFlow::SourceNode. 
It now uses a facade pattern similar to `InvokeNode`: the range of the class is defined by an abstract class `DataFlow::SourceNode::Range`, while the actual behaviour is defined by the (no longer abstract) `SourceNode` class itself.

Clients that want to add new source nodes need to extend `DataFlow::SourceNode::Range`, those that want to refine the behaviour of existing source nodes should extend `DataFlow::SourceNode` itself.

While this is technically a breaking API change, I think separating the two aspects in this way is cleaner and makes it easier to use, and improves performance as well.
 2019-01-08 08:01:20 +00:00
Max Schaefer
31bb39a810 JavaScript: Autoformat all QL files. 2019-01-07 10:15:45 +00:00
Max Schaefer
b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
semmle-qlci
8174fb51ae Merge pull request #705 from asger-semmle/loop-index-concurrent-modification 
Approved by mc-semmle, xiemaisi
 2019-01-03 17:06:12 +00:00
semmle-qlci
6c768263d2 Merge pull request #716 from xiemaisi/js/cosmetics 
Approved by esben-semmle
 2019-01-03 16:11:50 +00:00
Asger F
f24313a215 JS: address doc review 2019-01-03 10:49:36 +00:00
Max Schaefer
0a2df6c00d JavaScript: Highlight id attribute (not entire element) in AmbiguousIdAttribute. 2019-01-02 11:44:02 +00:00
Asger F
9f22da4557 JS: rename query to "Loop iteration skipped due to shifting" 2019-01-02 11:34:06 +00:00
Asger F
8c3b44a525 JS: address comments 2019-01-02 11:12:52 +00:00
Max Schaefer
a9844b2eda JavaScript: Fix performance regression in IncorrectSuffixCheck. 2019-01-02 10:23:16 +00:00
Esben Sparre Andreasen
c57f8a6d6e Merge pull request #691 from asger-semmle/sendfile-root 
JS: Recognize 'root' option in Express res.sendFile
 2018-12-19 16:06:15 +01:00
semmle-qlci
495a1fcf3b Merge pull request #698 from asger-semmle/remove-cookie-as-source 
Approved by esben-semmle
 2018-12-19 15:05:44 +00:00
semmle-qlci
b11b714152 Merge pull request #696 from esben-semmle/js/host-request-forgery 
Approved by asger-semmle
 2018-12-19 15:04:08 +00:00
Asger F
78334af354 JS: remove cookie source; rely on persistent flow steps instead 2018-12-19 11:23:51 +00:00
Asger F
0e40717358 JS: recognize res.sendfile root option 2018-12-19 10:25:15 +00:00
Asger F
f9d7f8ba11 JS: fix links in qhelp 2018-12-19 10:10:56 +00:00
Asger F
f57454951b JS: move <ul> outside of <p> element 2018-12-18 14:15:12 +00:00
Asger F
02978c97f1 JS: whitelist $(location) in simple cases 2018-12-18 13:11:42 +00:00
Asger F
280382e91e JS: whitelist if array access at another index is seen 2018-12-17 15:19:26 +00:00
Asger F
5040d3e26c JS: add query for loop index bug 2018-12-17 13:35:44 +00:00
Jonas Jensen
5ac5aa0c2a Merge remote-tracking branch 'upstream/master' into mergeback-20181217 2018-12-17 13:42:45 +01:00
Esben Sparre Andreasen
4a631b42d4 JS: use .lastIndexOf in js/incomplete-url-substring-sanitization 2018-12-17 13:22:31 +01:00
Asger F
7adf1d9958 Merge pull request #631 from esben-semmle/js/bad-url-regexing 
JS: add query: js/incomplete-url-regexp
 2018-12-17 11:53:22 +00:00
Esben Sparre Andreasen
c6b4e29b93 JS: add "host" as a sink for js/request-forgery 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
60fe0176ed JS: add ClientRequest::getHost 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
3a5962aa34 JS: minor fixups in ClientRequests.qll 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
487b8c52c6 JS: fix <p></p> issue 2018-12-14 13:04:10 +01:00
Max Schaefer
5ccad6ffc2 JavaScript: Minor improvements. 2018-12-14 11:56:59 +00:00
Aditya Sharad
7bc729a7dc Merge master into next. 2018-12-14 10:16:47 +00:00
Esben Sparre Andreasen
bb3e3a541d JS: address doc review comments 2018-12-14 10:24:30 +01:00
semmle-qlci
936094d0b6 Merge pull request #671 from xiemaisi/js/more-unhelpful-magic 
Approved by asger-semmle
 2018-12-14 08:44:45 +00:00
Max Schaefer
f9106b3bfe Merge pull request #685 from asger-semmle/useless-conditional-as-value 
JS: fix FPs in UselessConditional
 2018-12-14 08:44:10 +00:00
semmle-qlci
7f21f145e2 Merge pull request #678 from asger-semmle/function-receiver 
Approved by xiemaisi
 2018-12-14 08:39:04 +00:00
Aditya Sharad
f71e5ac338 Merge master into next. 2018-12-13 17:57:31 +00:00
Asger F
f737830f18 JS: fix typo 2018-12-13 15:56:00 +00:00
Asger F
ae4b55de9a JS: fix FPs in UselessConditional 2018-12-13 15:41:41 +00:00
Asger F
cb349348e7 JS: rename getThisParameter to getReceiver 2018-12-13 10:19:44 +00:00
Max Schaefer
e194021c3b Merge pull request #629 from esben-semmle/js/persistent-read-taint 
JS: add persistent storage taint steps
 2018-12-13 08:24:42 +00:00
Max Schaefer
969fe6e4f1 Merge pull request #657 from esben-semmle/js/classify-more-files 
JS: classify additional files
 2018-12-13 08:20:33 +00:00
Max Schaefer
e8c8360ad1 Merge pull request #659 from esben-semmle/js/more-constant-string-usage 
JS: replace StringLiteral with ConstantString in two queries
 2018-12-13 08:19:22 +00:00
Max Schaefer
54bb9d185f Merge pull request #632 from asger-semmle/pseudo-random-bytes 
JS: add crypto.pseudoRandomBytes as source in InsecureRandomness.ql
 2018-12-13 08:14:40 +00:00
Max Schaefer
df42707050 Merge pull request #675 from asger-semmle/window.name 
JS: Add window.name as remote flow source
 2018-12-13 08:13:15 +00:00
Aditya Sharad
f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
Asger F
635a3cb1ec JS: add FunctionNode.getThisParameter 2018-12-12 16:26:02 +00:00