Erik Krogh Kristensen
|
5a5192b890
|
add testing for complex path sanitizer in ZipSlip
|
2020-05-19 10:17:15 +02:00 |
|
semmle-qlci
|
0c081a8e87
|
Merge pull request #3497 from esbena/js/yield-and-local-objects
Approved by asgerf, erik-krogh
|
2020-05-19 09:02:22 +01:00 |
|
semmle-qlci
|
0d762066f5
|
Merge pull request #3504 from erik-krogh/unique
Approved by esbena
|
2020-05-19 08:35:08 +01:00 |
|
Asger Feldthaus
|
91b9e95010
|
JS: Fix join ordering in analysis of add expressions
|
2020-05-18 22:45:59 +01:00 |
|
Asger Feldthaus
|
6a37e4b7a3
|
JS: Cache clobberedProp
|
2020-05-18 22:45:59 +01:00 |
|
Asger Feldthaus
|
5213c511b9
|
JS: Improve perf of GlobalVarUse.isIncomplete
|
2020-05-18 22:45:59 +01:00 |
|
Asger Feldthaus
|
7d9923038e
|
JS: Fix perf issue from overriding isIncomplete
|
2020-05-18 22:45:59 +01:00 |
|
Asger Feldthaus
|
e58683769d
|
JS: Fix bad join order in exploratoryBoundInvokeStep
|
2020-05-18 22:45:59 +01:00 |
|
Asger Feldthaus
|
9581bb52cb
|
JS: Update test output
|
2020-05-18 22:45:59 +01:00 |
|
Asger Feldthaus
|
430bf2da8a
|
JS: Fix whitelisting in UselessConditional
|
2020-05-18 22:45:56 +01:00 |
|
Asger Feldthaus
|
1d994b017f
|
JS: Update type inference
|
2020-05-18 22:42:12 +01:00 |
|
Asger Feldthaus
|
d5d08da545
|
JS: Update getEnclosingExpr
|
2020-05-18 22:42:12 +01:00 |
|
Asger Feldthaus
|
12cc228946
|
JS: Update getFallbackTypeAnnotation
|
2020-05-18 22:42:12 +01:00 |
|
Asger Feldthaus
|
b06cd6db30
|
JS: Update Node.isIncomplete
|
2020-05-18 22:42:12 +01:00 |
|
Asger Feldthaus
|
5568f0e182
|
JS: Pass local arguments to parameter value node, not SSA node
|
2020-05-18 22:34:42 +01:00 |
|
Asger Feldthaus
|
dc2d6a5fd9
|
JS: Make ValueNode the ParameterNode with a step to the SSA node
|
2020-05-18 22:34:42 +01:00 |
|
Asger Feldthaus
|
37ddccfa15
|
JS: Merge DestructuringPatternNode into ValueNode
|
2020-05-18 22:29:33 +01:00 |
|
Asger Feldthaus
|
b3161b1c41
|
JS: Factor TNode into a separate file
|
2020-05-18 22:29:33 +01:00 |
|
Asger Feldthaus
|
d9123833af
|
JS: Avoid misoptimization in mayReturnImplicitValue
|
2020-05-18 22:29:33 +01:00 |
|
Asger Feldthaus
|
eddbdffe62
|
JS: Add more tests for implicit returns
|
2020-05-18 22:29:33 +01:00 |
|
Asger Feldthaus
|
6a63f5b677
|
JS: Avoid bad join order in ImplicitProcessImport
|
2020-05-18 22:29:32 +01:00 |
|
Asger Feldthaus
|
c869812563
|
JS: Add UselessConditional test
|
2020-05-18 22:29:32 +01:00 |
|
Erik Krogh Kristensen
|
aa396a39d3
|
Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478
|
2020-05-18 20:57:51 +00:00 |
|
Erik Krogh Kristensen
|
fc7e9eb8c8
|
add test for non-tracked aliasing
|
2020-05-18 22:40:41 +02:00 |
|
Erik Krogh Kristensen
|
b8ba31aaa0
|
autoformat
|
2020-05-18 21:06:19 +02:00 |
|
Erik Krogh Kristensen
|
0758413cc7
|
revert change to import
|
2020-05-18 21:06:19 +02:00 |
|
Erik Krogh Kristensen
|
742abf8751
|
refactor package export into a library, and add tests for the library
|
2020-05-18 21:06:14 +02:00 |
|
Erik Krogh Kristensen
|
d7b852f408
|
use count aggregate to count
|
2020-05-18 21:03:26 +02:00 |
|
Erik Krogh Kristensen
|
202b8a56b7
|
apply the unique aggregate where trivially applicable
|
2020-05-18 20:37:38 +02:00 |
|
Asger F
|
96d6115452
|
Merge branch 'master' into js/sql-type-tracking
|
2020-05-18 15:58:42 +01:00 |
|
Erik Krogh Kristensen
|
70a28f60e3
|
Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478
|
2020-05-18 14:05:37 +00:00 |
|
Asger F
|
a9983fdb49
|
Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-18 13:23:22 +01:00 |
|
Max Schaefer
|
6797fec1a3
|
JavaScript: Add more models of packages that execute commands over SSH.
|
2020-05-18 12:08:14 +01:00 |
|
Esben Sparre Andreasen
|
a9ba6ac659
|
JS: make LocalObjects::isEscape aware of yield
|
2020-05-18 12:43:46 +02:00 |
|
Erik Krogh Kristensen
|
0f82370f4e
|
rename getHighLight() -> getAlertLocation()
|
2020-05-18 12:28:28 +02:00 |
|
Erik Krogh Kristensen
|
2b1724291b
|
adjust qhelp to focus on user-controlled data
|
2020-05-18 12:27:20 +02:00 |
|
Erik Krogh Kristensen
|
d18808698a
|
adjust qhelp to focus on the execFile API
|
2020-05-18 12:22:46 +02:00 |
|
Esben Sparre Andreasen
|
aa87008775
|
JS: typo fixups
|
2020-05-18 12:19:46 +02:00 |
|
Erik Krogh Kristensen
|
9c294513c7
|
Apply suggestions from code review
Co-authored-by: Asger F <asgerf@github.com>
|
2020-05-18 12:18:20 +02:00 |
|
semmle-qlci
|
14664be467
|
Merge pull request #3468 from p0/imp/nodejs-vm-sinks
Approved by esbena
|
2020-05-18 11:10:13 +01:00 |
|
Esben Sparre Andreasen
|
b3691cd0e9
|
JS: change MembershipTest to MembershipCandidate
|
2020-05-18 11:51:00 +02:00 |
|
Erik Krogh Kristensen
|
c6276ddd1c
|
update expected output after restricting precise array tracking to Promise.all
|
2020-05-18 11:49:07 +02:00 |
|
Asger Feldthaus
|
a18e0b37cf
|
JS: simplify sequelize model
|
2020-05-18 09:34:17 +01:00 |
|
Asger F
|
f52c827966
|
Apply suggestions from code review
Base type of EscapingSanitizer
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-18 09:31:09 +01:00 |
|
Asger F
|
ffb22c061a
|
Apply suggestions from code review
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-18 09:28:22 +01:00 |
|
Erik Krogh Kristensen
|
bd3c4d4077
|
Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478
|
2020-05-18 07:51:19 +00:00 |
|
Esben Sparre Andreasen
|
ddb545c182
|
JS: introduce MembershipTests.qll and use in two locations
|
2020-05-18 09:50:00 +02:00 |
|
semmle-qlci
|
6041d52936
|
Merge pull request #3424 from asger-semmle/js/express-param-handler
Approved by esbena
|
2020-05-18 08:48:24 +01:00 |
|
semmle-qlci
|
135eae9895
|
Merge pull request #3483 from esbena/js/fix-qhelp-FNs
Approved by asgerf
|
2020-05-18 08:47:05 +01:00 |
|
semmle-qlci
|
0230b79efc
|
Merge pull request #3391 from erik-krogh/SplitFPs
Approved by esbena
|
2020-05-18 08:46:26 +01:00 |
|