hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,668 Commits 1,672 Branches 157 Tags
esbena/query-result-test
Commit Graph

5161 Commits

Author SHA1 Message Date
CodeQL CI
e95b665556 Merge pull request #4363 from erik-krogh/nosql-api 
Approved by max-schaefer
 2020-10-05 12:01:34 -07:00
Erik Krogh Kristensen
c1b5357e74 remove stray todo 2020-10-05 16:53:05 +02:00
Erik Krogh Kristensen
2753a4f379 Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-10-05 15:11:04 +02:00
CodeQL CI
48fa8aacd5 Merge pull request #4403 from asgerf/js/remove-tslint-dependency 
Approved by erik-krogh
 2020-10-05 05:58:48 -07:00
Asger Feldthaus
fee99105da JS: Remove tslint dependency 2020-10-05 11:53:58 +01:00
CodeQL CI
43b2c90538 Merge pull request #4400 from max-schaefer/js/api-graph-classrefs 
Approved by asgerf
 2020-10-05 03:12:23 -07:00
Asger Feldthaus
8689a9b3b9 JS: Fix a bad join order in barrierGuardBlocksNode 2020-10-05 09:55:22 +01:00
Asger Feldthaus
790d2ba0fc JS: Fix FPs from ParameterFieldAsPropWrite.getPropertyNameExpr 2020-10-05 09:55:22 +01:00
Asger Feldthaus
cad259fb83 JS: Use more types in DOM model 2020-10-05 09:55:22 +01:00
Asger Feldthaus
3dabff6b17 JS: Recognize field types in untyped code 2020-10-05 09:55:22 +01:00
Erik Krogh Kristensen
856ad07694 join-order improvement in NoSQL.qll 2020-10-03 22:07:34 +02:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Erik Krogh Kristensen
6acb199074 improve precision using getAnImmediateUse to check parameter names 2020-10-02 11:09:50 +02:00
Erik Krogh Kristensen
abdbe92720 refactor the NoSQL model to use API graphs 2020-10-02 10:42:49 +02:00
Max Schaefer
98e93a7b9d JavaScript: Improve API-graph support for function-style classes. 2020-10-02 09:25:51 +01:00
Chris Smowton
aa707e9370 Merge pull request #4381 from smowton/smowton/admin/fix-owasp-broken-links 
Fix OWASP broken links
 2020-10-02 08:51:36 +01:00
Aditya Sharad
f7f05476a2 Merge pull request #4375 from adityasharad/javascript/client-side-url-redirect-regexp 
JavaScript: Track taint through RegExp.prototype.exec for URL redirection
 2020-10-01 09:55:19 -07:00
CodeQL CI
36450a8998 Merge pull request #4338 from erik-krogh/nodejs-server-request-data 
Approved by asgerf
 2020-10-01 06:00:17 -07:00
Erik Krogh Kristensen
d54a057457 Merge pull request #4377 from erik-krogh/babelCrash 
JS: prevent crash when TemplateLiteral is used in import
 2020-10-01 14:58:45 +02:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Erik Krogh Kristensen
18f7f2b559 autoformat 2020-10-01 13:49:31 +02:00
Erik Krogh Kristensen
4dec2171da add http request server data as a RemoteFlowSource 2020-10-01 13:21:56 +02:00
CodeQL CI
0158e2ffef Merge pull request #4374 from max-schaefer/js/api-graph 
Approved by erik-krogh
 2020-10-01 03:33:45 -07:00
Erik Krogh Kristensen
fbd62abd64 prevent crash when TemplateLiteral is used in import 2020-10-01 11:26:49 +02:00
Erik Krogh Kristensen
75b9237b81 use Parameter instead of SimpleParameter in the AngularJS model 2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen
c675d72629 use Parameter instead of SimpleParameter in remaining route-handler models 2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen
f65ba11485 use Parameter instead of SimpleParameter in AMD.qll 2020-10-01 10:44:05 +02:00
Aditya Sharad
e712d16e7e JavaScript: Track taint through RegExp.prototype.exec for URL redirection 
Regexp literals are currently handled, but not `RegExp` objects.
 2020-09-30 15:13:02 -07:00
Erik Krogh Kristensen
bfb653a34a rename getAReference to getAnImmediateUse 2020-09-30 15:15:49 +02:00
Erik Krogh Kristensen
eb973b39fe Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-30 15:12:17 +02:00
Erik Krogh Kristensen
d316cb512e deprecate exports and replace uses with the new getAnExportedValue 2020-09-30 13:46:28 +02:00
Erik Krogh Kristensen
b24e959033 add getAnInvocation to the ApiGraphs API 2020-09-30 13:33:36 +02:00
Erik Krogh Kristensen
b720bfdd11 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-09-30 13:26:51 +02:00
Erik Krogh Kristensen
e0b25798ff remove type-tracking from getAReference, and rewrite qldocs 2020-09-30 10:36:08 +02:00
Erik Krogh Kristensen
65441705ef renamings based on review 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
c3f5a6dcac introduce API::Node::getACall() 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
69f4ac25c4 renamings based on review 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
1596436f7e rename getASourceUse to getAReference 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
adc05022f3 update comment in test case 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-29 18:21:41 +02:00
Erik Krogh Kristensen
3857331657 avoid .getReturn().getAUse().(DataFlow::InvokeNode) in the SQL model 2020-09-29 17:08:09 +02:00
Erik Krogh Kristensen
deae9256dd add convenience method to API graphs 2020-09-29 17:08:00 +02:00
CodeQL CI
d7add29dc2 Merge pull request #4359 from erik-krogh/cookieWrites 
Approved by esbena
 2020-09-29 06:32:01 -07:00
CodeQL CI
910c19e613 Merge pull request #4348 from erik-krogh/needle 
Approved by esbena
 2020-09-29 02:57:32 -07:00
CodeQL CI
11f39a9d88 Merge pull request #4342 from erik-krogh/track-where-prop 
Approved by asgerf
 2020-09-29 02:09:53 -07:00
Erik Krogh Kristensen
52d94f6177 use getABoundCallbackParameter instead of getCallback and getParameter. 2020-09-29 10:12:46 +02:00
CodeQL CI
060c19a063 Merge pull request #4352 from erik-krogh/destructing-redirect 
Approved by esbena
 2020-09-28 12:31:42 -07:00
Erik Krogh Kristensen
e04404b713 also recognize cookie writes are leading to cookie access 2020-09-28 21:17:25 +02:00
Max Schaefer
dfc4436012 JavaScript: Teach API graphs to recognise arguments supplied in partial function applications. 2020-09-28 17:52:57 +01:00