hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

6172 Commits

Author SHA1 Message Date
Asger F
7007698de4 JS: Fix the FP 2019-09-06 15:39:40 +01:00
Erik Krogh Kristensen
ccdc821c5d add xlink:href as xss target when using setAttribute 2019-09-06 14:43:47 +01:00
Asger F
fa95871f46 JS: Add event handler sink to code injection 2019-09-06 14:33:00 +01:00
Anders Schack-Mulligen
ca45fb5a60 JavaScript: Autoformat. 2019-09-06 09:04:51 +02:00
semmle-qlci
33329f95c2 Merge pull request #1874 from asger-semmle/express-types 
Approved by esben-semmle, xiemaisi
 2019-09-05 16:42:28 +01:00
semmle-qlci
fd2e8486e4 Merge pull request #1862 from asger-semmle/prototype-pollution-angular-merge 
Approved by esben-semmle
 2019-09-05 12:50:58 +01:00
semmle-qlci
e6bfe2bd5d Merge pull request #1873 from asger-semmle/type-inf-consistency 
Approved by xiemaisi
 2019-09-05 12:46:59 +01:00
Asger F
61c4d30dd6 JS: Use express module instead 2019-09-05 12:09:24 +01:00
Esben Sparre Andreasen
a9665f53b8 JS: whitelist quote stripping for js/incomplete-sanitization 2019-09-05 09:47:49 +01:00
Asger F
0e4c34bd81 JS: Add deprecated predicate alias 2019-09-04 16:14:51 +01:00
Asger F
27567e41c5 JS: Add angular.fromJson as JSON parser 2019-09-04 16:14:51 +01:00
Asger F
5aa948cd17 JS: Add angular.merge sink to prototype pollution query 2019-09-04 16:14:51 +01:00
Asger F
744f0b1aa3 JS: Use type info to recognize routers 2019-09-04 11:43:21 +01:00
Asger F
c06fd451d6 JS: Handle router chaining in type tracking predicate 2019-09-04 11:43:21 +01:00
Asger F
f3aea0706a JS: Use type info in Express Request/Response 2019-09-04 11:43:21 +01:00
semmle-qlci
6778f28424 Merge pull request #1854 from asger-semmle/prototype-pollution-precision 
Approved by esben-semmle, xiemaisi
 2019-09-03 10:50:24 +01:00
Asger F
7790d4b667 JS: Make getALocalValue overriders include super 2019-09-02 16:45:06 +01:00
Asger F
2006826101 JS: Avoid breaking local object analysis 2019-09-02 16:45:06 +01:00
Asger F
9f2f10fa15 JS: Make type inference flow go through ssa definition node 2019-09-02 16:45:06 +01:00
Asger F
54d47f60da JS: Include base types in TypeName 2019-09-02 14:18:48 +01:00
Asger F
a41a23fdba JS: Raise precision of prototype-pollution query 2019-09-02 11:00:24 +01:00
semmle-qlci
6d55d1f7c0 Merge pull request #1707 from asger-semmle/canonical-name-call-graph 
Approved by xiemaisi
 2019-09-02 09:45:24 +01:00
Asger F
89b91af6db JS: Make getDocumentation handle chain assignments 2019-08-30 18:20:54 +01:00
Asger F
3926436bd4 JS: Explain use of t.call() 2019-08-30 18:19:19 +01:00
Asger F
d6578e10c8 JS: Handle constructor calls to avoid regression 2019-08-30 18:19:19 +01:00
Asger F
a13fb8e2ba JS: Handle RHS in more cases 2019-08-30 18:19:19 +01:00
Asger F
bd6768e2c8 JS: Fix closure namespace prefix and update tests 2019-08-30 18:19:19 +01:00
Asger F
b1f9db9145 JS: Make getAFunctionValue follow global access paths 2019-08-30 18:19:19 +01:00
Asger F
8d59df229a JS: Allow calls to externs 2019-08-30 18:19:19 +01:00
Asger F
cfa2ec1084 JS: Remove fake JSONType from es5.js externs 2019-08-30 18:19:19 +01:00
Asger F
e7166c2a1c JS: Workaround for JSON externs 2019-08-30 18:19:19 +01:00
Asger F
221d94961a JS: Resolve simple calls based on qualified name 2019-08-30 18:19:19 +01:00
Asger F
ca71d3117e JS: Use access paths from Closure module 2019-08-30 18:19:19 +01:00
Asger F
8c5b6b256b JS: Remove globalFlowPred() 2019-08-30 18:19:18 +01:00
Asger F
96d9e66ced JS: cache things 2019-08-30 18:19:18 +01:00
Asger F
313579c258 JS: Restrict flow to access paths assigned in a unique file 2019-08-30 18:19:18 +01:00
Asger F
7315a2baee JS: Make type tracking work through access paths 2019-08-30 18:19:18 +01:00
Asger F
2105e0bdee JS: use JSDoc types in class tracking 2019-08-30 18:19:18 +01:00
Asger F
6b05aa129c JS: Use global access paths to recognize .prototype 2019-08-30 18:19:18 +01:00
Asger F
5874c14a9c JS: Avoid materializing JSONValue.getFile() 2019-08-30 16:02:42 +01:00
Asger F
6c0f9be6df JS: Avoid materializing HTML::Element.getFile() 2019-08-30 16:02:42 +01:00
Asger F
33267067e0 JS: Deprecate and remove path resolution for reference comments 2019-08-30 16:02:42 +01:00
Asger F
fa3532ca8c TS: Handle locally defined packages 2019-08-30 16:02:42 +01:00
Asger F
ec81e368da JS: Use type info in Firebase model 2019-08-30 16:02:41 +01:00
Asger F
efa7e1112b JS: Add Node.hasUnderlyingType 2019-08-30 16:02:41 +01:00
Max Schaefer
b6220998d1 JavaScript: Restrict setAttribute sink to potentially dangerous attribute names. 2019-08-30 11:57:29 +01:00
Max Schaefer
78ce290de3 JavaScript: Fix DomMethodCallExpr.interpretsArgumentsAsHTML. 2019-08-28 11:22:03 +01:00
semmle-qlci
fc59dd6819 Merge pull request #1788 from asger-semmle/additional-type-tracking-step 
Approved by xiemaisi
 2019-08-24 11:55:16 +01:00
semmle-qlci
af469fdeb8 Merge pull request #1773 from xiemaisi/js/undocumented-parameter-precision 
Approved by esben-semmle
 2019-08-23 21:29:10 +01:00
semmle-qlci
cf24c9ff4a Merge pull request #1804 from asger-semmle/template-literal-tag 
Approved by esben-semmle
 2019-08-23 09:37:38 +01:00