codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
semmle-qlci	e65271dfad	Merge pull request #2251 from asger-semmle/barrier-guard-improvements Approved by esbena	2019-11-07 15:50:23 +00:00
semmle-qlci	f79c2a7630	Merge pull request #2224 from asger-semmle/access-paths-with-source-node-root Approved by max-schaefer	2019-11-07 15:46:14 +00:00
Asger F	8544850945	JS: Generalize StringOps::Includes to ::InclusionTest	2019-11-07 14:35:17 +00:00
Erik Krogh Kristensen	e4f6f41634	add DataFlow::getEnclosingExpr to get the an Expr from a potentially reflective call	2019-11-07 14:29:31 +01:00
Max Schaefer	e314869e5c	JavaScript: Classify files with names ending in `_min` as minified. We already do the same for `-min` and `.min`. [Here](https://github.com/antoniogarrote/rdfstore-js/blob/master/dist/rdfstore_min.js) is a real-world example.	2019-11-07 10:33:47 +00:00
Sauyon Lee	0040c9fb4c	Update links to OWASP cheat sheet	2019-11-06 20:21:47 -08:00
Asger F	d9beb54dde	Merge pull request #2102 from erik-krogh/deferredModel JS: add Deferred model in js/use-of-returnless-function	2019-11-06 14:30:03 +00:00
semmle-qlci	f73caac88d	Merge pull request #2254 from asger-semmle/for-of-propread Approved by max-schaefer	2019-11-06 13:44:55 +00:00
Erik Krogh Kristensen	19554ff6e7	change "e.g." to "for example" in qldoc	2019-11-06 13:37:54 +01:00
Asger F	3ec95881b4	Update javascript/ql/src/semmle/javascript/GlobalAccessPaths.qll Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2019-11-06 11:58:06 +00:00
Asger F	7e80823cb6	JS: Fix deprecated API usage	2019-11-06 11:58:06 +00:00
Asger F	b373901e11	JS: Avoid leading dot in access paths	2019-11-06 11:58:06 +00:00
Asger F	c365833731	JS: Refactor the public access path API	2019-11-06 11:58:06 +00:00
Asger F	e90516d4d8	JS: Dont use getALocalSource in fromRhs	2019-11-06 11:58:06 +00:00
Asger F	bc35f24f31	JS: Generalize access paths to arbitrary root nodes	2019-11-06 11:58:06 +00:00
Asger F	7a7a8b2b09	JS: More steps in getImmediatePredecessor	2019-11-06 11:58:06 +00:00
semmle-qlci	04f0c22f24	Merge pull request #2203 from erik-krogh/ignorePureFunction Approved by max-schaefer, mchammer01	2019-11-06 09:09:11 +00:00
Erik Krogh Kristensen	16b63b3d01	move deferred model to the query where it is used	2019-11-05 15:45:17 +01:00
Erik Krogh Kristensen	7045cd2648	Merge remote-tracking branch 'upstream/master' into deferredModel	2019-11-05 15:08:47 +01:00
semmle-qlci	1fe5a9e7e7	Merge pull request #2236 from max-schaefer/js/data-flow-exploration Approved by erik-krogh, esbena	2019-11-05 12:15:00 +00:00
semmle-qlci	794d5bda6d	Merge pull request #2116 from erik-krogh/arrayCBRet Approved by max-schaefer	2019-11-05 11:32:13 +00:00
Asger F	d8f3a2c550	JS: Add lvalue of for..of loop as a PropRead	2019-11-05 10:01:18 +00:00
semmle-qlci	eb6e8866fa	Merge pull request #2247 from max-schaefer/odasa-8149 Approved by asger-semmle, esbena	2019-11-05 09:40:54 +00:00
Erik Krogh Kristensen	bdb81c268c	change tense	2019-11-04 18:56:03 +01:00
Erik Krogh Kristensen	8ebfe15f0d	apply doc feedback from mchammer01 Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>	2019-11-04 18:54:43 +01:00
Erik Krogh Kristensen	6cac9619d3	add missing not Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2019-11-04 18:44:13 +01:00
Max Schaefer	016808b92e	JavaScript: Address review comments.	2019-11-04 17:00:12 +00:00
Max Schaefer	770a4703c9	Merge pull request #2237 from asger-semmle/typescript3.7-rc TS: Add support for TypeScript 3.7	2019-11-04 16:36:11 +00:00
Esben Sparre Andreasen	7f55e3f336	JS: classify Doxygen-generated files as "generated"	2019-11-04 09:57:41 +01:00
Asger F	79dbdac8fa	TS: Support declare modifier for fields	2019-11-04 07:54:38 +00:00
Asger F	9bc45f351c	TS: Fix typo in stats file	2019-11-04 07:54:38 +00:00
Asger F	b81931e402	TS: Support assertion types	2019-11-04 07:54:38 +00:00
Asger F	4e7b987fa3	TS: Rename IsTypeExpr -> PredicateTypeExpr	2019-11-04 07:54:38 +00:00
Asger F	f48d16fcb7	JS: Support barrier guards that are reflective calls	2019-11-01 15:23:38 +00:00
Asger F	d6158427c5	JS: Generalize SanitizerFunction to data flow configs and flow labels	2019-11-01 15:23:38 +00:00
Asger F	e2b0ec5696	JS: Handle multiple and/or operators in SanitizerFunction	2019-11-01 15:23:38 +00:00
semmle-qlci	e8e2f7bb20	Merge pull request #2240 from max-schaefer/js/indirect-command-argument-data-flow Approved by esbena	2019-11-01 11:00:22 +00:00
semmle-qlci	d03aecaa98	Merge pull request #2235 from max-schaefer/js/issue-2233 Approved by esbena	2019-10-31 14:17:58 +00:00
Max Schaefer	03c9a40ba3	JavaScript: Add libraries for forward and backward data-flow exploration.	2019-10-31 12:37:31 +00:00
Max Schaefer	8aae1f443f	JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments.	2019-10-31 12:13:55 +00:00
Max Schaefer	311cbd824c	JavaScript: Recognize ":" pseudo-directive.	2019-10-31 11:39:09 +00:00
semmle-qlci	2a3980222b	Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes Approved by asger-semmle	2019-10-31 10:47:30 +00:00
Max Schaefer	3bbded57d3	JavaScript: Autoformat.	2019-10-30 14:49:18 +00:00
Max Schaefer	bb0771b36c	JavaScript: Deal with escape-unescape-escape (and similar) chains.	2019-10-30 14:49:01 +00:00
Max Schaefer	8c133ff61d	JavaScript: Deal with (un-)escaping on captured variables.	2019-10-30 14:46:50 +00:00
Max Schaefer	a8214ce7ee	JavaScript: Fix regexes for escaping schemes.	2019-10-30 14:15:59 +00:00
Max Schaefer	5349e0f881	JavaScript: Recognise wrapped chains of replacements.	2019-10-30 13:14:38 +00:00
Max Schaefer	02d16b1dc9	JavaScript: Recognise wrapped string replacement functions.	2019-10-30 13:01:17 +00:00
Max Schaefer	aaeca32519	JavaScript: Recognize string escaping using `.replace` with a callback.	2019-10-30 12:45:32 +00:00
Max Schaefer	bd1c99d8a4	JavaScript: Recognise `JSON.stringify` and `JSON.parse` as escaper/unescaper.	2019-10-30 12:38:05 +00:00

... 89 90 91 92 93 ...

6276 Commits