hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,465 Commits 1,672 Branches 157 Tags
ginsbach/overlay-java-discarding
Commit Graph

6276 Commits

Author SHA1 Message Date
Asger F
ec8ced7963 TS: Fix a typos and leftover todo 2019-11-21 15:39:37 +00:00
Asger F
2c916cb4f3 TS: Update stats 2019-11-21 15:39:37 +00:00
Asger F
4a885cbf92 TS: Expose optional parameters at syntax level 2019-11-21 15:39:37 +00:00
Asger F
b6b8213e13 TS: Handle rest parameters in call signatures 2019-11-21 15:39:37 +00:00
Asger F
8205a59688 TS: Unfold aliases in Type.unfold() 2019-11-21 15:39:37 +00:00
Asger F
e25ee182a0 TS: Extract type alias relation 2019-11-21 15:39:37 +00:00
Erik Krogh Kristensen
42a0a62e4c remove 3 FP sources from use-of-returnless-function 2019-11-21 14:27:04 +01:00
Esben Sparre Andreasen
03c83c9c9d JS: model React's getDerivedStateFromError 2019-11-21 13:18:43 +01:00
Esben Sparre Andreasen
23d29a80db JS: improve comment syntax 2019-11-21 13:16:40 +01:00
Esben Sparre Andreasen
6328a0a8b9 JS: improve FP filter for js/unbound-event-handler-receiver 2019-11-21 13:13:40 +01:00
semmle-qlci
77c869f528 Merge pull request #2220 from erik-krogh/processEnvTaint 
Approved by esbena, max-schaefer
 2019-11-20 13:16:43 +00:00
Max Schaefer
cb20de8070 JavaScript: Add a warning to IncompleteSanitization help. 
Sanitizing away multi-character strings using regular expressions is tricky business, and we should probably warn about it.
 2019-11-20 11:57:50 +00:00
Max Schaefer
5565be14fc JavaScript: Teach IncompleteSanitization to flag incomplete path sanitizers. 2019-11-19 15:06:16 +00:00
Erik Krogh Kristensen
1ba777a45d remove deep taint of objects 2019-11-19 15:50:50 +01:00
Erik Krogh Kristensen
c2b48eb546 rename getExceptionalNode to getExceptionTarget 2019-11-19 15:32:17 +01:00
Erik Krogh Kristensen
d8a5554666 update doc on getExceptionalNode 2019-11-19 14:10:35 +01:00
Erik Krogh Kristensen
abd58ba905 rename 'getThrowsToNode' to 'getExceptionalNode' 2019-11-19 14:08:36 +01:00
Erik Krogh Kristensen
9fa7393d56 add support for try-statements with no catch block 2019-11-19 13:37:35 +01:00
Erik Krogh Kristensen
0a428a8f44 typo 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-19 13:05:13 +01:00
Erik Krogh Kristensen
2f08ee9faf fix typo 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-19 12:53:50 +01:00
Erik Krogh Kristensen
91674f681b refactoring to remove duplicated code and simplify the ExceptionXss query 2019-11-19 08:54:51 +01:00
Erik Krogh Kristensen
853c86685b remove some false positives 2019-11-18 13:32:47 +01:00
Erik Krogh Kristensen
5a6958a1cd add promise aggregators 2019-11-17 11:22:29 +01:00
Erik Krogh Kristensen
b3e88cdf31 refactored multiple implementations of getEnclosingTryStmt into a single predicate 2019-11-17 09:50:41 +01:00
Erik Krogh Kristensen
1b81526691 Merge remote-tracking branch 'upstream/master' into exceptionXss 2019-11-17 09:29:54 +01:00
Erik Krogh Kristensen
525da97dd4 changes based on review feedback 2019-11-17 09:24:00 +01:00
Erik Krogh Kristensen
3b9847e075 apply suggestions from max 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-17 09:01:48 +01:00
Erik Krogh Kristensen
8ff515a58d address review feedback on MaskingReplacer 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
4ec2070e48 remove property reads on process.env as a taint step, and add a barrier for masking replace calls 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
052a331395 rename ProcessEnvLabel to PartiallySensitiveMap 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
2bd48db8cd refactor isSanitizerEdge in clear-text-logging 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
92dc759cf9 remove type cast, and fix expected test results 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
850278c62f some changes based on review. And change to only flag unknown reads of process.env 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
68c30aaef3 add flowlabels to js/clear-text-logging 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
14e4decffa changes based on review feedback. No flow-labels yet 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
1766f6a6d8 simplify global var "process" 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen
297c71a64b add process.env as source for js/clear-text-logging 2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen
b12e255fd8 add indirect calls to logging methods as logging methods 2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen
ddd217628f Merge pull request #2347 from esbena/js/fix-mjs-check 
JS: fix the check for an "mjs" extension on an extensionless file
 2019-11-15 17:39:10 +01:00
Erik Krogh Kristensen
4073dfaf24 remove redundant code 2019-11-15 16:17:18 +01:00
Erik Krogh Kristensen
3edd65f9ab changed the exceptional taint-steps to step through each call-site 2019-11-15 16:05:15 +01:00
Erik Krogh Kristensen
e95cceef1d import all the shared XSS sources and sinks 2019-11-15 15:41:53 +01:00
Esben Sparre Andreasen
8e8215893f JS: fix mjs check for extensionless files 2019-11-15 14:38:27 +01:00
Erik Krogh Kristensen
65a018ceed use flow labels to avoid dual configurations 2019-11-15 14:37:46 +01:00
Erik Krogh Kristensen
f813e06680 Merge pull request #2345 from Semmle/esbena-patch-3 
Update FlowSteps.qll
 2019-11-15 14:04:14 +01:00
Erik Krogh Kristensen
8d2ae136b0 move String.prototype.match taint step to a general AdditionalTaintStep 2019-11-15 12:52:54 +01:00
semmle-qlci
2f63b89941 Merge pull request #2338 from esbena/js/model-get-them-args 
Approved by max-schaefer
 2019-11-15 11:50:45 +00:00
Esben Sparre Andreasen
a3deb7d4e0 Update FlowSteps.qll 2019-11-15 12:44:04 +01:00
Asger F
e3b15a98c4 JS: Add prop names for array element pattern PropReads 2019-11-15 11:16:50 +00:00
Esben Sparre Andreasen
c3fdfdecab JS: rename DefaultParsedCommandLineArgumentsAsSource 2019-11-15 10:40:15 +01:00