hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,003 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJavaRebase
Commit Graph

2686 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
31c09ba678 implement flow for .apply() by adding a ReflectiveParametersNode data-flow node 2022-08-22 08:29:28 +02:00
Erik Krogh Kristensen
d86b7f6c54 recognize an access to the arguments object as library-input 2022-08-22 08:29:24 +02:00
Erik Krogh Kristensen
7b1ef7473e change ArrayCreationStep to a PreCallGraphStep and unrestrict the storeStep 2022-08-22 08:15:54 +02:00
erik-krogh
049af68bc2 restrict suffix-construction to relevant regexps 2022-08-21 20:35:39 +02:00
erik-krogh
bcf4c57060 Merge branch 'main' into redosPrefix 2022-08-19 19:22:49 +02:00
erik-krogh
d052b1e3c9 also support regular expressions without repetitions 2022-08-19 19:21:44 +02:00
Tom Hvitved
663096fe3a Remove redundant overrides 2022-08-19 13:57:41 +02:00
Rasmus Wriedt Larsen
e6b4d12f94 Sync ConceptsShared 2022-08-18 13:42:52 +02:00
Asger F
349331d6ca Merge pull request #10082 from asgerf/js/exports-handling2 
JS: Handle nested conditions in "exports" section
 2022-08-18 11:10:59 +02:00
erik-krogh
473bc92e2d move the PrefixConstruction module out of the ReDoSPruning module 2022-08-18 10:07:48 +02:00
Harry Maclean
70ec70940a Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization 2022-08-18 10:02:39 +12:00
Erik Krogh Kristensen
e93ff8672c Merge pull request #10075 from erik-krogh/depOld 
delete old deprecations
 2022-08-17 21:21:57 +02:00
erik-krogh
6b9f01535b change All to Most in the change-notes 2022-08-17 15:34:57 +02:00
Erik Krogh Kristensen
bd4947fdbd Merge pull request #10046 from erik-krogh/protoFunc 
JS: generalize `BarrierGuardFunction`to work on function that have multiple parameters
 2022-08-17 14:50:54 +02:00
erik-krogh
2622c78766 add change-notes 2022-08-17 13:55:16 +02:00
erik-krogh
b2e3d8bb86 remove some more legacy code that existed to support deprecated code 2022-08-17 13:32:39 +02:00
Harry Maclean
1f4dad4167 Update for rename of ReDoSUtil to NfaUtils 2022-08-17 16:03:49 +12:00
Harry Maclean
f1a546c4d6 Rename IncompleteMultiCharacterSanitization[Query] 2022-08-17 16:03:49 +12:00
Harry Maclean
e48158b9ad JS: Share more code with Ruby 2022-08-17 16:03:49 +12:00
Harry Maclean
b7d9bf4066 Share IncompleteMultiCharacterSanitization JS/Ruby 
Most of the classes and predicates in this query can be shared between
the two languages. There's just a few language-specific things that we
place in IncompleteMultiCharacterSanitizationSpecific.
 2022-08-17 16:03:46 +12:00
erik-krogh
478e0bf5a3 delete old code that only existed to support a deleted deprecated feature 2022-08-16 23:35:48 +02:00
erik-krogh
5586c9a17e delete old deprecations 2022-08-16 22:27:15 +02:00
Erik Krogh Kristensen
fd5b8896df Merge pull request #10063 from erik-krogh/fixRbDep 
re-deprecate ReDoSUtil in ruby
 2022-08-16 13:27:52 +02:00
Alex Ford
d02ad51d74 Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3 
Post-release preparation for codeql-cli-2.10.3
 2022-08-16 12:04:07 +01:00
Asger F
449e697761 JS: Handle nested conditions in "exports" section 2022-08-16 11:45:48 +02:00
erik-krogh
8e6a36256c import the non-deprecated NfaUtils in the overly-large-range query 2022-08-16 11:21:43 +02:00
Erik Krogh Kristensen
f106e064fa Merge pull request #9422 from erik-krogh/refacReDoS 
Refactorizations of the ReDoS libraries
 2022-08-16 09:32:08 +02:00
erik-krogh
14cfe2e250 improve the join-order of BarrierGuardFunction::isBarrierCall 2022-08-16 09:28:48 +02:00
erik-krogh
3355a7a046 generalize BarrierGuardFunctionto work on function that have multiple parameters 2022-08-16 09:13:15 +02:00
Asger F
eaf3aa7075 Merge pull request #10036 from asgerf/js/exports-handling 
JS: More precise handling of "exports"
 2022-08-15 15:32:00 +02:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
Asger F
3c41f28519 JS: Use explicit this 2022-08-15 12:49:23 +02:00
Asger F
671573633b JS: Simplify getMain() 2022-08-15 12:48:41 +02:00
Asger F
80a37c5863 JS: More precise handling of "exports" 2022-08-15 11:59:40 +02:00
Erik Krogh Kristensen
51a724315f Merge pull request #10017 from erik-krogh/forAwait 
JS: support top-level for await statements
 2022-08-15 11:58:56 +02:00
erik-krogh
a28948e836 add change note 2022-08-15 10:53:33 +02:00
erik-krogh
3a4a3437b5 fix some QL-for-QL warnings 2022-08-12 20:38:50 +02:00
erik-krogh
b54f037424 Merge branch 'main' into refacReDoS 2022-08-12 20:28:30 +02:00
erik-krogh
97681ea219 simplify code after review 2022-08-12 20:27:50 +02:00
erik-krogh
3403e2f325 apply suggestions from code review 2022-08-12 20:25:55 +02:00
github-actions[bot]
21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00
github-actions[bot]
57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
erik-krogh
4cbfbfe170 add call-edge for dynamic dispatch to unknown property from an object literal 2022-08-11 12:29:50 +02:00
Erik Krogh Kristensen
887f6557ed fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Esben Sparre Andreasen
0c6f28014c Merge pull request #9821 from erik-krogh/jsQlFix 
JS: fix some QL-for-QL warnings in JS
 2022-08-09 22:06:29 +02:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen
add9e9dac4 Merge pull request #9548 from erik-krogh/exports 
JS: support the "exports" property in a package.json
 2022-08-09 12:16:12 +02:00
Asger F
fdcb1fa115 Merge pull request #9928 from asgerf/js/source-node-type 
JS: Simplify type hierarchy for SourceNode
 2022-08-08 16:53:20 +02:00
Evgenii Protsenko
50264547bf make array taint-step better 2022-08-08 11:00:11 +02:00
Asger F
98a9cb0b55 JS: Simplify type hierarchy for SourceNode 
The charpred caused spurious type to appear
 2022-07-29 19:44:10 +02:00