hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 1,671 Branches 157 Tags
cs/assembly-prefix
Commit Graph

1713 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
a5eeba3c3a JS: prepare DefensiveProgramming.qll for additions 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
c2fb14640e JS: move isDefensiveInit to DefensiveProgramming.qll 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
ce0dd241f6 JS: add models of $.ajax, $.getJSON and XMLHttpRequst 2018-11-13 08:14:51 +01:00
Max Schaefer
663bdd60a0 Merge pull request #396 from esben-semmle/js/unconditional-property-override 
JS: add query: js/unconditional-property-override
 2018-11-12 17:10:32 +00:00
Aditya Sharad
271628c280 Version: Bump to 1.18.3 dev. 2018-11-12 14:55:26 +00:00
Jonas Jensen
1500237009 Merge remote-tracking branch 'upstream/master' into mergeback-20181112 2018-11-12 13:24:27 +01:00
Esben Sparre Andreasen
eaad84bb4f JS: add support for dis- and conjunctions in SanitizingFunction 2018-11-12 10:23:52 +01:00
Esben Sparre Andreasen
6d0c93b6a8 JS: introduce TaintTracking::AdditionalSanitizingCall 2018-11-12 10:21:39 +01:00
Esben Sparre Andreasen
2033bf81cc JS: address docstring review comments 2018-11-12 10:03:08 +01:00
semmle-qlci
c9d77a2d6d Merge pull request #443 from xiemaisi/js/improve-stack-trace-exposure 
Approved by asger-semmle
 2018-11-12 08:40:26 +00:00
Aditya Sharad
761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Max Schaefer
fa8736adbc JavaScript: Introduce aliases for compatibility with other language libraries. 2018-11-09 11:27:14 +00:00
Max Schaefer
bdfe938d02 JavaScript: Improve StackTraceExposure query. 
It now also flags exposure of the entire exception object (not just the `stack` property).
 2018-11-09 09:42:09 +00:00
semmle-qlci
a7290e5aeb Merge pull request #434 from esben-semmle/js/type-confusion-with-taint-kinds 
Approved by asger-semmle
 2018-11-09 08:25:55 +00:00
semmle-qlci
c19747803b Merge pull request #425 from xiemaisi/js/lodash-recognition-extensible 
Approved by esben-semmle
 2018-11-09 08:08:40 +00:00
Esben Sparre Andreasen
ca215391b4 JS: substitute Assignment for DataFlow::PropWrite 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
b7f424df41 JS: introduce DataFlow::PropWrite::getWriteNode 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
d813a7cad2 JS: push negation 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
470c241c82 JS: use range instead of ad hoc LT/GT 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
1389009388 JS: naming and doc cleanups 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
33a297c829 JS: add query: js/useless-assignment-to-property 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
6ee47c437e JS: generalize and move DeadStoreOfLocal.qhelp to DeadStore.qhelp 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
cacb8fdee0 JS: move DeadStoreOfLocal::isDefaultInit to separate module 2018-11-08 13:23:19 +01:00
semmle-qlci
3c49bc6e67 Merge pull request #407 from asger-semmle/email-xss 
Approved by xiemaisi
 2018-11-08 10:53:10 +00:00
semmle-qlci
29cabc0e09 Merge pull request #424 from esben-semmle/js/syntactic-nullOrUndefined 
Approved by asger-semmle
 2018-11-08 10:52:44 +00:00
semmle-qlci
990c7e057f Merge pull request #419 from xiemaisi/js/fix-mixed-whitespace 
Approved by esben-semmle
 2018-11-07 23:47:48 +00:00
Aditya Sharad
ed49c623f1 Version: Bump to 1.18.2 release. 2018-11-07 14:36:40 +00:00
Asger F
e0d5557ef4 JS: add email HTML body as XSS sink 2018-11-07 11:31:40 +00:00
Esben Sparre Andreasen
f0343d0678 JS: use isUserControlledObject in js/type-confusion-through-parameter-tampering 2018-11-07 12:18:46 +01:00
Esben Sparre Andreasen
a2df4f9bfe JS: mark Koa params as user-controlled objects 2018-11-07 12:18:46 +01:00
Aditya Sharad
194042348a Eclipse plugins: Remove plugin metadata. 
This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.
 2018-11-07 11:01:05 +00:00
Max Schaefer
b058854964 JavaScript: Teach type inference about AMD imports. 2018-11-07 09:18:21 +00:00
Max Schaefer
22640f891e JavaScript: Make lodash/underscore recognition extensible. 2018-11-07 09:02:17 +00:00
Esben Sparre Andreasen
e6a190c06e JS: replace .stripParens query uses w. .getUnderlyingReference 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
f04293f73c JS: replace .stripParens library uses w. .getUnderlyingReference 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
43e215c7af JS: replace .stripParens query uses w. .getUnderlyingValue 2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen
030d9202de JS: replace .stripParens library uses w. .getUnderlyingValue 2018-11-07 09:32:02 +01:00
semmle-qlci
4225e0bb44 Merge pull request #356 from asger-semmle/parameter-node 
Approved by xiemaisi
 2018-11-07 08:31:05 +00:00
semmle-qlci
2457eb98df Merge pull request #166 from asger-semmle/documentable-self-assign 
Approved by esben-semmle, xiemaisi
 2018-11-07 08:30:17 +00:00
semmle-qlci
c20e24d549 Merge pull request #385 from asger-semmle/async-model 
Approved by xiemaisi
 2018-11-07 08:28:37 +00:00
semmle-qlci
282d1e2096 Merge pull request #404 from asger-semmle/useless-conditional2 
Approved by xiemaisi
 2018-11-07 08:28:01 +00:00
Max Schaefer
212a78b5fc Merge pull request #323 from esben-semmle/js/always-return-type-inference 
JS: additional return type inference
 2018-11-07 08:25:28 +00:00
Max Schaefer
5ffe45a80b JavaScript: Fix mixed tabs/spaces in qhelp. 2018-11-07 07:40:51 +00:00
Esben Sparre Andreasen
a79a6a07b8 JS: stop tracking properties of object literals 2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen
a07c094437 JS: introduce TypeInferredCalleeWithAnalyzedReturnFlow 2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen
fef3573152 JS: use global layer in AnalyzedNode::getABooleanValue and -getAType 2018-11-06 16:04:46 +01:00
Asger F
1252cde7f3 JS: remove a comma 2018-11-06 12:24:34 +00:00
Asger F
c991d67fcb JS: fix typos 2018-11-06 12:12:43 +00:00
Asger F
460521616c JS: rename getIteratee to getIteratorCallback 2018-11-06 12:12:43 +00:00
Asger F
97d65fb82f JS: fix bad join ordering 2018-11-06 12:12:43 +00:00