codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Asger F	0e4c34bd81	JS: Add deprecated predicate alias	2019-09-04 16:14:51 +01:00
Asger F	27567e41c5	JS: Add angular.fromJson as JSON parser	2019-09-04 16:14:51 +01:00
Asger F	5aa948cd17	JS: Add angular.merge sink to prototype pollution query	2019-09-04 16:14:51 +01:00
Asger F	744f0b1aa3	JS: Use type info to recognize routers	2019-09-04 11:43:21 +01:00
Asger F	c06fd451d6	JS: Handle router chaining in type tracking predicate	2019-09-04 11:43:21 +01:00
Asger F	f3aea0706a	JS: Use type info in Express Request/Response	2019-09-04 11:43:21 +01:00
semmle-qlci	6778f28424	Merge pull request #1854 from asger-semmle/prototype-pollution-precision Approved by esben-semmle, xiemaisi	2019-09-03 10:50:24 +01:00
Asger F	7790d4b667	JS: Make getALocalValue overriders include super	2019-09-02 16:45:06 +01:00
Asger F	2006826101	JS: Avoid breaking local object analysis	2019-09-02 16:45:06 +01:00
Asger F	9f2f10fa15	JS: Make type inference flow go through ssa definition node	2019-09-02 16:45:06 +01:00
Asger F	54d47f60da	JS: Include base types in TypeName	2019-09-02 14:18:48 +01:00
Asger F	a41a23fdba	JS: Raise precision of prototype-pollution query	2019-09-02 11:00:24 +01:00
semmle-qlci	6d55d1f7c0	Merge pull request #1707 from asger-semmle/canonical-name-call-graph Approved by xiemaisi	2019-09-02 09:45:24 +01:00
Asger F	89b91af6db	JS: Make getDocumentation handle chain assignments	2019-08-30 18:20:54 +01:00
Asger F	3926436bd4	JS: Explain use of t.call()	2019-08-30 18:19:19 +01:00
Asger F	d6578e10c8	JS: Handle constructor calls to avoid regression	2019-08-30 18:19:19 +01:00
Asger F	a13fb8e2ba	JS: Handle RHS in more cases	2019-08-30 18:19:19 +01:00
Asger F	bd6768e2c8	JS: Fix closure namespace prefix and update tests	2019-08-30 18:19:19 +01:00
Asger F	b1f9db9145	JS: Make getAFunctionValue follow global access paths	2019-08-30 18:19:19 +01:00
Asger F	8d59df229a	JS: Allow calls to externs	2019-08-30 18:19:19 +01:00
Asger F	cfa2ec1084	JS: Remove fake JSONType from es5.js externs	2019-08-30 18:19:19 +01:00
Asger F	e7166c2a1c	JS: Workaround for JSON externs	2019-08-30 18:19:19 +01:00
Asger F	221d94961a	JS: Resolve simple calls based on qualified name	2019-08-30 18:19:19 +01:00
Asger F	ca71d3117e	JS: Use access paths from Closure module	2019-08-30 18:19:19 +01:00
Asger F	8c5b6b256b	JS: Remove globalFlowPred()	2019-08-30 18:19:18 +01:00
Asger F	96d9e66ced	JS: cache things	2019-08-30 18:19:18 +01:00
Asger F	313579c258	JS: Restrict flow to access paths assigned in a unique file	2019-08-30 18:19:18 +01:00
Asger F	7315a2baee	JS: Make type tracking work through access paths	2019-08-30 18:19:18 +01:00
Asger F	2105e0bdee	JS: use JSDoc types in class tracking	2019-08-30 18:19:18 +01:00
Asger F	6b05aa129c	JS: Use global access paths to recognize .prototype	2019-08-30 18:19:18 +01:00
Asger F	5874c14a9c	JS: Avoid materializing JSONValue.getFile()	2019-08-30 16:02:42 +01:00
Asger F	6c0f9be6df	JS: Avoid materializing HTML::Element.getFile()	2019-08-30 16:02:42 +01:00
Asger F	33267067e0	JS: Deprecate and remove path resolution for reference comments	2019-08-30 16:02:42 +01:00
Asger F	fa3532ca8c	TS: Handle locally defined packages	2019-08-30 16:02:42 +01:00
Asger F	ec81e368da	JS: Use type info in Firebase model	2019-08-30 16:02:41 +01:00
Asger F	efa7e1112b	JS: Add Node.hasUnderlyingType	2019-08-30 16:02:41 +01:00
Max Schaefer	b6220998d1	JavaScript: Restrict `setAttribute` sink to potentially dangerous attribute names.	2019-08-30 11:57:29 +01:00
Max Schaefer	78ce290de3	JavaScript: Fix `DomMethodCallExpr.interpretsArgumentsAsHTML`.	2019-08-28 11:22:03 +01:00
semmle-qlci	fc59dd6819	Merge pull request #1788 from asger-semmle/additional-type-tracking-step Approved by xiemaisi	2019-08-24 11:55:16 +01:00
semmle-qlci	af469fdeb8	Merge pull request #1773 from xiemaisi/js/undocumented-parameter-precision Approved by esben-semmle	2019-08-23 21:29:10 +01:00
semmle-qlci	cf24c9ff4a	Merge pull request #1804 from asger-semmle/template-literal-tag Approved by esben-semmle	2019-08-23 09:37:38 +01:00
Asger F	45d4b83fc8	TS: Extract type args to tagged template exprs	2019-08-22 18:07:29 +01:00
Asger F	fd7cfedf4b	JS: Add AdditionalTypeTrackingStep	2019-08-21 13:44:03 +01:00
Max Schaefer	d105de81a3	JavaScript: Raise precision of `UndocumentedParameter` to `high`. This is more consistent with the other JSDoc queries. Results are still not shown on LGTM by default, but the query can now be enabled selectively for projects that care about JSDoc.	2019-08-20 09:32:00 +01:00
Asger F	ad67015720	JS: Address comments	2019-08-19 10:57:26 +01:00
Max Schaefer	020d31c3b6	JavaScript: Fix inconisstency in `TaintedPath.qhelp`.	2019-08-12 10:29:41 +01:00
Max Schaefer	80cfe070d4	JavaScript: Fix inconsistency in `MissingRegExpAnchor.qhelp`.	2019-08-12 10:29:21 +01:00
Max Schaefer	d2f4575978	JavaScript: Expand qldoc for `{Barrier,Sanitizer}GuardNode`.	2019-08-09 14:19:53 +01:00
semmle-qlci	6c3d1d676b	Merge pull request #1694 from asger-semmle/concatenation-operand Approved by xiemaisi	2019-08-08 12:41:30 +01:00
semmle-qlci	7482233a02	Merge pull request #1693 from asger-semmle/request-response Approved by esben-semmle, xiemaisi	2019-08-08 12:40:35 +01:00

... 3 4 5 6 7 ...

1713 Commits