hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,003 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJavaRebase
Commit Graph

11357 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
c885490c7e JS: address review comments 2018-10-10 12:18:30 +02:00
Esben Sparre Andreasen
0da1ac4d75 JS: naming and documentation cleanup for NodeJS file system accesses 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
64b0d39390 JS: polish HttpToFileAccess.qll 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
df72492f16 JS: polish FileAccessToHttp.qll 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
43f98a7ef8 JS: refactor NodeJSFileSystemRead* to FileStreamRead 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
30f7f41dff JS: refactor NodeJSFileSystemWrite to FileStreamWrite 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
e99b9d34c5 JS: polish characters of NodeJSFileSystemAccess*Call 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
4e4597a24d JS: replace HTTP::RequestBody with ClientRequest.getADataNode 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
0fc56e443e JS: introduce ClientRequest.getADataNode 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
3b2440e850 JS: remove useless externs definitions for tests 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
a3ec739210 JS: restructure FileSystemWriteAccess/FileSystemReadAccess API 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
b00aa36cdc JS: polish HttpToFileAccess.ql 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
d261915598 JS: polish FileAccessToHttp.ql 2018-10-10 12:12:54 +02:00
Asger F
74f115fa40 JS: add test case 2018-10-10 10:46:40 +01:00
Asger F
2a87d53db4 JS: Add additional Mongoose/MongoDB sinks 2018-10-10 10:11:18 +01:00
Asger F
4e7f171f54 JavaScript: do not cache AdditionalPartialInvokeNode 2018-10-10 09:40:49 +01:00
Max Schaefer
8d8148d58e Merge pull request #294 from asger-semmle/canonical-this-source 
JS: Canonicalize 'this' in the data-flow graph
 2018-10-10 08:10:53 +01:00
Max Schaefer
355786c2d8 Merge pull request #296 from esben-semmle/js/more-array-creation 
JS: use DataFlow::ArrayCreationNode in additional places
 2018-10-10 08:10:17 +01:00
Asger F
9fb73f41c9 JS: rename ReactComponent::getAThisAccess -> getAThisNode 2018-10-09 08:54:44 +01:00
Asger F
fd58039753 JS: update additional QL test output 2018-10-09 08:54:14 +01:00
Asger F
030bae9454 JS: Canonicalize ThisNode 2018-10-09 08:53:41 +01:00
Asger F
3bc5e3bfdf JS: Replace some uses AnalyzedValueNode with AnalyzedNode 2018-10-09 08:53:41 +01:00
Tom Hvitved
ccebd5eb11 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 16:23:29 +02:00
Tom Hvitved
546a91e192 Revert "JavaScript: Patch CFG to improve support for non-top level import declarations." 
This reverts commit f05e777e64.
 2018-10-08 16:20:40 +02:00
Max Schaefer
e354694173 Merge pull request #273 from asger-semmle/csrf-sources 
JS: add RemoteFlowSource.isThirdPartyControllable()
 2018-10-08 15:09:38 +01:00
Asger F
d2af4ab94a Merge pull request #227 from xiemaisi/js/taint-kinds 
JavaScript: Add support for state-based taint tracking.
 2018-10-08 15:09:12 +01:00
Esben Sparre Andreasen
70cd03d3bc JS: use DataFlow::ArrayCreationNode in additional places 2018-10-08 15:47:11 +02:00
Tom Hvitved
49644bfb47 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 11:48:56 +02:00
Esben Sparre Andreasen
a668f906bc JS: recognize binding decorators on classes 2018-10-08 07:58:12 +02:00
semmle-qlci
98254e87e1 Merge pull request #132 from denislevin/denisl/js/HttpToFileAccessTest 
Approved by xiemaisi
 2018-10-04 14:06:46 +01:00
Asger F
8bc92bd534 TS: test case for type expansion through type parameter bound 2018-10-04 12:05:05 +01:00
Asger F
c2a5f99d9c JS: include referer header as reflected XSS source 2018-10-04 10:53:10 +01:00
Asger F
dc26bdc5e7 JS: Move isThirdPartyControllable into RequestInputAccess 2018-10-04 10:36:49 +01:00
semmle-qlci
bea86e52fb Merge pull request #275 from xiemaisi/js/workaround-for-nested-imports 
Approved by asger-semmle
 2018-10-04 08:25:52 +01:00
Max Schaefer
e326dd4688 JavaScript: Add TaintKind as an alias to FlowLabel. 2018-10-03 15:54:58 +01:00
Max Schaefer
86ee58d019 JavaScript: Address review comments. 2018-10-03 15:49:02 +01:00
Max Schaefer
a8a8754c89 JavaScript: Restrict default sink flow labels to StandardFlowLabel. 2018-10-03 15:49:02 +01:00
Max Schaefer
5727b2a5f4 JavaScript: Properly handle value-preserving paths. 
When constructing a path through a property write/read pair, we want to make sure that we only use value-preserving steps to track the base object. However, the value flowing in from the right-hand side of the assignment may have a different flow label (such as `taint()`), so we cannot use the normal `append` predicate to construct the composite path.
 2018-10-03 15:49:02 +01:00
Max Schaefer
910d6de47d JavaScript: Add new tests. 2018-10-03 15:49:02 +01:00
Max Schaefer
3affe922e3 JavaScript: Make PathSummary.toString more useful. 2018-10-03 15:49:02 +01:00
Max Schaefer
dad13c9b64 JavaScript: Simplify onPath predicate. 2018-10-03 15:49:02 +01:00
Max Schaefer
8d471f01ef JavaScript: Simplify a few helper predicates. 2018-10-03 15:49:02 +01:00
Max Schaefer
017ae4990d JavaScript: Use custom flow labels in ClientSideUrlRedirect. 2018-10-03 15:49:02 +01:00
Max Schaefer
f4ea8bc82a JavaScript: Introduce flow labels. 2018-10-03 15:49:02 +01:00
Max Schaefer
4e4ef520ab JavaScript: Rename a predicate in CommandInjection.qll. 2018-10-03 15:49:02 +01:00
Max Schaefer
f3239cbec9 JavaScript: Respect barriers on return edges. 2018-10-03 15:49:01 +01:00
Max Schaefer
cc1c7b11d6 Merge pull request #263 from asger-semmle/ts-tokens 
TypeScript: add tokenization test cases
 2018-10-03 15:38:58 +01:00
Max Schaefer
8b7bb8cecc JavaScript: Add test case for type inference in the presence of non-toplevel imports. 2018-10-03 13:08:31 +01:00
Max Schaefer
db32dc2bdf JavaScript: Generalise code that assumes imports only appear at the toplevel. 2018-10-03 13:08:31 +01:00
Max Schaefer
f05e777e64 JavaScript: Patch CFG to improve support for non-top level import declarations. 2018-10-03 13:08:31 +01:00