hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

11278 Commits

Author SHA1 Message Date
Max Schaefer
98e0932de5 JavaScript: Make Configuration::isLive nullary. 
This makes it more obvious to the evaluator that it is a good predicate to pick as a sentinel, and in practice we mostly just have one configuration in scope anyway.
 2019-10-29 15:19:26 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Erik Krogh Kristensen
2d01e7c5ed simplify the callsArray predicate 2019-10-29 12:13:01 +01:00
Erik Krogh Kristensen
563f32193c suggestions from @max-schaefer 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-10-29 12:10:12 +01:00
semmle-qlci
2cddb82f10 Merge pull request #2210 from max-schaefer/js/better-destructuring-type-inference 
Approved by asger-semmle, esbena
 2019-10-29 08:08:51 +00:00
Asger F
94dd9a1c04 JS: Block XSS flow through encodeURIComponent 2019-10-28 17:12:40 +00:00
Henning Makholm
ae554cf1e9 Make each upgrade directory a QL pack 2019-10-28 17:14:31 +01:00
semmle-qlci
30a907861b Merge pull request #2193 from max-schaefer/js/autobuilder-exclude-node_modules 
Approved by asger-semmle
 2019-10-28 11:26:51 +00:00
semmle-qlci
33374ee089 Merge pull request #2202 from asger-semmle/express-sendfile 
Approved by esbena
 2019-10-28 09:24:34 +00:00
Max Schaefer
b333c6a214 Merge pull request #2106 from asger-semmle/call-graph-3 
JS: Call graph changes
 2019-10-28 09:24:10 +00:00
Erik Krogh Kristensen
b2c31701f3 add documentation to two predicates 2019-10-27 09:12:56 +01:00
Erik Krogh Kristensen
92cebea235 update tests to include empty reciever case 2019-10-27 00:25:59 +02:00
Erik Krogh Kristensen
c6f53199d4 ignore when the reciever is the empty array 2019-10-27 00:24:38 +02:00
Erik Krogh Kristensen
da23898eba update tests 2019-10-26 23:26:45 +02:00
Erik Krogh Kristensen
841dac1aba address review feedback 2019-10-25 17:46:55 +02:00
semmle-qlci
d2f3574427 Merge pull request #2165 from erik-krogh/dosHigh 
Approved by asger-semmle
 2019-10-25 16:28:07 +01:00
Erik Krogh Kristensen
5b26d03f1c introduce backtracking, and also marking join/slice calls 2019-10-25 16:50:09 +02:00
Max Schaefer
d4b9beb010 JavaScript: Teach autobuilder not to extract node_modules and bower_components folders. 2019-10-25 14:25:02 +01:00
Max Schaefer
bd6109484d JavaScript: Rename node_modules to vendor in AutoBuildTests. 2019-10-25 14:25:02 +01:00
Max Schaefer
89f68f47a0 JavaScript: Improve type inference for captured variables. 2019-10-25 14:22:24 +01:00
Max Schaefer
6269dd99ab JavaScript: Improve type inference for destructuring assignments. 2019-10-25 14:22:24 +01:00
Asger F
04ee483c9e JS: update test output 2019-10-25 14:10:18 +01:00
Asger F
7ed31baeea JS: Rename to upward navigation 2019-10-25 13:07:07 +01:00
Asger F
39e2d1480e JS: Default to imprecision zero by default 2019-10-25 12:20:16 +01:00
Asger F
5636d42c13 JS: Update test 2019-10-25 09:57:10 +01:00
Asger F
ad645d3d50 JS: Restrict sendfile sink 2019-10-25 09:57:10 +01:00
semmle-qlci
89896c02c4 Merge pull request #2176 from Semmle/esbena-patch-1 
Approved by erik-krogh
 2019-10-25 09:26:12 +01:00
Erik Krogh Kristensen
5489a80372 add query for detecting ignored calls to Array.prototype.concat 2019-10-24 16:17:19 +02:00
Erik Krogh Kristensen
5c07750286 simplify the heuristic for Deferred promises 2019-10-24 15:51:36 +02:00
Erik Krogh Kristensen
ab42b5de80 fix line end at end of dbscheme 2019-10-24 10:17:06 +02:00
Erik Krogh Kristensen
a584d7c850 change update script description 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-10-24 10:17:06 +02:00
Erik Krogh Kristensen
834b572f45 add initial support for expressions in TypeScript 2019-10-24 10:17:00 +02:00
semmle-qlci
fc8c1e195a Merge pull request #2177 from asger-semmle/nodejs-detector-class-expression 
Approved by max-schaefer
 2019-10-23 14:33:07 +01:00
Asger F
45667cc127 TS: Tolerate syntax errors in class declaration 2019-10-23 11:40:34 +01:00
Esben Sparre Andreasen
207692a7a1 add missing .ql extension to suite file name 2019-10-23 11:18:48 +02:00
Pavel Avgustinov
325dbfe9c0 Merge pull request #2172 from hmakholm/qlpack.yml 
qlpack files are now YAML rather than JSON
 2019-10-22 17:19:52 +01:00
semmle-qlci
cbfa1cd058 Merge pull request #2168 from xiemaisi/js/remove-duplicate-configuration 
Approved by erik-krogh
 2019-10-22 17:02:26 +01:00
Henning Makholm
347d97c14c qlpack.json is now qlpack.yml 2019-10-22 17:36:35 +02:00
Henning Makholm
fd768a1af6 Add some new-style suite definitions 2019-10-22 15:51:00 +02:00
semmle-qlci
cb3a05c6de Merge pull request #2166 from xiemaisi/js/fix-typo 
Approved by esben-semmle
 2019-10-22 12:38:10 +01:00
Max Schaefer
1c23615742 JavaScript: Fix typo in doc comment. 2019-10-22 10:44:25 +01:00
Erik Krogh Kristensen
ad3185c558 simplify lastStatementHasNoEffect and use the control-flow to determine which statement is the last 2019-10-22 10:33:05 +02:00
Erik Krogh Kristensen
db22916850 fix the alwaysHasNoEffect predicate, and rename it to lastStatementHasNoEffect 2019-10-22 09:37:19 +02:00
semmle-qlci
1c79ec550e Merge pull request #2092 from esben-semmle/js/brittle-system-reflection-command 
Approved by mchammer01, xiemaisi
 2019-10-22 08:36:44 +01:00
Erik Krogh Kristensen
1ae8e25603 change precision of js/loop-bound-injection and fix a false positive 2019-10-22 09:21:19 +02:00
semmle-qlci
eb9d90dff6 Merge pull request #2143 from esben-semmle/js/fix-all-sanitisers 
Approved by xiemaisi
 2019-10-22 07:16:27 +01:00
semmle-qlci
0dcb189e67 Merge pull request #2162 from xiemaisi/js/remove-deprecated-queries 
Approved by esben-semmle
 2019-10-22 07:15:58 +01:00
Esben Sparre Andreasen
5a983cb535 JS: add query js/shell-command-injection-from-environment 2019-10-21 23:31:55 +02:00
Erik Krogh Kristensen
2e0244cda6 address review feedback 2019-10-21 20:32:45 +02:00
Max Schaefer
b9203377c7 JavaScript: Remove a duplicate Configuration class. 2019-10-21 17:32:02 +01:00