codeql

mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00

Author	SHA1	Message	Date
CodeQL CI	4a59e69722	Merge pull request #4564 from asgerf/js/react-hooks Approved by esbena	2020-10-30 21:00:31 +00:00
Asger Feldthaus	c7667d372e	JS: Address review comments	2020-10-30 16:25:30 +00:00
Asger Feldthaus	6ab7846e81	JS: Restrict getAContextInput	2020-10-30 09:28:06 +00:00
Erik Krogh Kristensen	ebc4856456	detect more expensive regexps in js/polynomial-redos	2020-10-30 09:52:13 +01:00
CodeQL CI	7856e784e1	Merge pull request #4566 from asgerf/js/classnames Approved by erik-krogh	2020-10-29 11:00:06 +00:00
Asger F	581441d585	Update javascript/ql/src/semmle/javascript/frameworks/React.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-10-28 16:29:15 +00:00
Asger Feldthaus	f99db23e7b	JS: Add test and fix for contextType	2020-10-28 16:23:36 +00:00
Asger F	056ce38dad	Update javascript/ql/src/semmle/javascript/frameworks/Classnames.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-10-28 14:35:37 +00:00
Asger Feldthaus	081017ea8a	JS: Autoformat	2020-10-28 13:58:02 +00:00
Asger Feldthaus	3d86e855f3	JS: Add model of classnames and clsx	2020-10-28 13:56:35 +00:00
Asger Feldthaus	7ee3846142	JS: Add missing qldoc	2020-10-28 12:43:48 +00:00
Asger Feldthaus	7a3f0095f6	JS: Autoformat	2020-10-28 11:57:23 +00:00
Asger Feldthaus	d116b424f4	JS: Add model of react hooks and react-router	2020-10-28 11:57:11 +00:00
Asger Feldthaus	42c03ab2fd	JS: Add flow steps through dynamic imports	2020-10-28 11:57:08 +00:00
Erik Krogh Kristensen	75d996a0f9	make `promisify` smaller	2020-10-28 11:59:21 +01:00
Erik Krogh Kristensen	c49d5081cc	Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll Co-authored-by: Asger F <asgerf@github.com>	2020-10-28 11:45:58 +01:00
Asger Feldthaus	a9adb2912a	JS: Improve lodash model	2020-10-28 10:09:41 +00:00
Asger Feldthaus	9fc5c0bdb8	JS: Update ComposedFunctions	2020-10-28 10:09:40 +00:00
Erik Krogh Kristensen	2e514c4d7b	add model for Node Redis	2020-10-28 09:52:54 +01:00
Asger Feldthaus	7345df63c0	JS: Include DataFlow::AdditionalFlowStep in TaintSteps metric	2020-10-27 08:41:50 +00:00
Erik Krogh Kristensen	33465dbe6b	refactor `parameterPropRead` and `reachesReturn` to get a slight performance improvement	2020-10-26 16:49:49 +01:00
Erik Krogh Kristensen	0b41a59dbf	add support for imports into "outDir" from tsconfig.json	2020-10-25 22:51:21 +01:00
toufik-airane	7d2741a287	Add newline	2020-10-23 17:42:55 +02:00
toufik-airane	3ccdc2c518	Update ElectronShellOpenExternalSink location Move the class ElectronShellOpenExternalSink to ClientSideUrlRedirect.qll. It's been to be a more appropriate location.	2020-10-23 17:39:03 +02:00
toufik-airane	e87790b828	Add ElectronShellOpenExternalSink class Add ElectronShellOpenExternalSink class to detect untrusted input interpreted by `openExternal` function call in `electron` module. Based on the #14 Electron Security checklist: https://www.electronjs.org/docs/tutorial/security#14-do-not-use-openexternal-with-untrusted-content	2020-10-23 15:41:03 +02:00
CodeQL CI	da58306f2d	Merge pull request #4506 from asgerf/js/separate-jquery-config Approved by esbena	2020-10-21 03:13:42 -07:00
CodeQL CI	9faf675f1f	Merge pull request #4486 from erik-krogh/lessTokens Approved by asgerf	2020-10-21 02:56:38 -07:00
CodeQL CI	897d8de65a	Merge pull request #4523 from erik-krogh/optionalPromise Approved by asgerf	2020-10-21 00:34:12 -07:00
Erik Krogh Kristensen	bdbc8f5c91	add support for OptionalUse in js/missing-await	2020-10-20 16:52:57 +02:00
CodeQL CI	7ea8652f49	Merge pull request #4521 from erik-krogh/moreMiddle Approved by asgerf	2020-10-20 07:14:14 -07:00
Erik Krogh Kristensen	e061c6a006	add support for more custom CSRF checking middlewares	2020-10-20 15:16:14 +02:00
CodeQL CI	d2282fc474	Merge pull request #4517 from erik-krogh/logAssign Approved by esbena	2020-10-20 05:24:49 -07:00
Asger Feldthaus	c91cdb5194	JS: Address review comments	2020-10-20 12:00:02 +01:00
CodeQL CI	8b084ffe22	Merge pull request #4518 from asgerf/js/fix-oom Approved by erik-krogh	2020-10-20 03:37:00 -07:00
Asger Feldthaus	50a015c73e	JS: Move $() sink into separate dataflow config	2020-10-20 10:52:33 +01:00
CodeQL CI	4cc7138784	Merge pull request #4507 from erik-krogh/template Approved by asgerf	2020-10-20 02:45:00 -07:00
Erik Krogh Kristensen	8c8cf4fc01	autoformat	2020-10-20 11:17:06 +02:00
Erik Krogh Kristensen	eb786078cb	support modern compund-assignment in js/implicit-operand-conversion	2020-10-20 10:40:47 +02:00
Erik Krogh Kristensen	f47fb5ebd8	switch extends around to match @assignlogandexpr and @assignlogorexpr correctly	2020-10-20 10:38:45 +02:00
Asger Feldthaus	78c85775e3	JS: Do not extend AdditionalTaintStep in the ldap library	2020-10-20 09:07:12 +01:00
CodeQL CI	4c5ecb4093	Merge pull request #4478 from erik-krogh/homegrownCsrf Approved by asgerf	2020-10-19 11:04:10 -07:00
CodeQL CI	502faa7d1c	Merge pull request #4494 from erik-krogh/callLimit Approved by asgerf	2020-10-19 11:03:25 -07:00
CodeQL CI	5ead4244fe	Merge pull request #4450 from asgerf/js/angular Approved by erik-krogh	2020-10-19 07:25:59 -07:00
Erik Krogh Kristensen	ce95676130	add express.csrf as an CSRF protecting middleware	2020-10-19 15:39:02 +02:00
CodeQL CI	d644a30b19	Merge pull request #4434 from erik-krogh/printAST Approved by asgerf	2020-10-19 04:42:42 -07:00
CodeQL CI	2e52cbeb4a	Merge pull request #4499 from max-schaefer/js/module_compile Approved by asgerf	2020-10-19 03:06:21 -07:00
Erik Krogh Kristensen	8f6165cd5f	print synthetic constructors in PrintAst.ql	2020-10-19 11:10:14 +02:00
Erik Krogh Kristensen	5b1ed97d68	Update javascript/ql/src/semmle/javascript/TypeScript.qll Co-authored-by: Asger F <asgerf@github.com>	2020-10-19 11:01:06 +02:00
Erik Krogh Kristensen	8c44392638	add local dataflow to js/template-syntax-in-string-literal	2020-10-19 10:58:40 +02:00
Max Schaefer	e1d90e90ad	JavaScript: Add modelling for `Module.prototype._compile`.	2020-10-19 09:42:17 +01:00

... 48 49 50 51 52 ...

6276 Commits