hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,884 Commits 1,671 Branches 157 Tags
main
Commit Graph

62 Commits

Author SHA1 Message Date
Felicity Chapman
4d512a5b01 Remove non-LGTM query (see following PR) 2018-09-11 22:54:37 +01:00
Felicity Chapman
7dd891d908 Further updates and addition of query @ids 2018-09-11 22:51:14 +01:00
Felicity Chapman
223bf6cf56 Updates for consistency 2018-09-11 22:31:32 +01:00
semmle-qlci
b17aeb689c Merge pull request #118 from esben-semmle/js/request-forgery 
Approved by asger-semmle
 2018-09-11 16:28:59 +01:00
Esben Sparre Andreasen
aaf1ac770d JS: reduce declared precision of js/request-forgery 2018-09-09 21:30:43 +02:00
semmle-qlci
62e9946fe2 Merge pull request #150 from asger-semmle/ts-asi-bug 
Approved by xiemaisi
 2018-09-05 21:22:29 +01:00
semmle-qlci
50b5a3bd71 Merge pull request #151 from asger-semmle/ts-ambient-toplevel 
Approved by xiemaisi
 2018-09-05 10:52:08 +01:00
Asger F
4e9c52a3c3 TypeScript: add change note 2018-09-04 15:20:16 +01:00
Asger F
6ceb10371a TypeScript: rephrase change note 2018-09-04 15:06:04 +01:00
Asger F
f7827b72ab TypeScript: update change note to mention TypeScript 3.0 support 2018-09-04 14:30:16 +01:00
Asger F
2b8bc63b01 TypeScript: add change note 2018-09-04 14:23:37 +01:00
Esben Sparre Andreasen
68b7a8b57e JS: change notes for UrlRequest libraries and js/request-forgery 2018-09-04 09:26:45 +02:00
semmle-qlci
4dec7c5036 Merge pull request #127 from xiemaisi/js/incomplete-sanitisation-doc-improvement 
Approved by esben-semmle
 2018-09-03 16:25:44 +01:00
Max Schaefer
759d98661c Merge pull request #117 from esben-semmle/js/push-sort-taint-steps 
JS: support `push` and `sort` taint steps for arrays
 2018-09-03 09:20:35 +01:00
Max Schaefer
58e384558c JavaScript: Improve query name and help for js/incomplete-sanitization. 
The query applies more generally to all kinds of string escaping and encoding, not just sanitization.
 2018-09-03 08:20:01 +01:00
Max Schaefer
20bff709b1 Merge pull request #136 from esben-semmle/js/composed-function-taint 
JS: model composed functions (RC)
 2018-09-03 08:18:20 +01:00
Max Schaefer
7e3adec789 Merge pull request #135 from esben-semmle/js/pick-get-taint-steps 
JS: model property projection calls (RC)
 2018-09-03 08:17:42 +01:00
Max Schaefer
fabd6c0864 Merge pull request #119 from esben-semmle/js/fix-change-note-libs 
JS: use https- and repo-links in change notes
 2018-08-30 14:23:34 +01:00
Esben Sparre Andreasen
b7fd1e7a74 JS: use https- and repo-links in change notes 2018-08-30 14:54:15 +02:00
Esben Sparre Andreasen
6ee8f71d09 JS: add change notes for property projection libraries 2018-08-30 09:39:02 +02:00
Esben Sparre Andreasen
c1e6280a0e JS: generalize change notes for improved array operation taint steps 2018-08-30 09:18:48 +02:00
Esben Sparre Andreasen
dc72788746 JS: add a model of some function composition libraries 2018-08-30 08:17:01 +02:00
Max Schaefer
2187b0c245 Merge pull request #89 from esben-semmle/js/sharpen-type-confusion 
JS: remove emptiness checks from the type confusion `x.length` sinks
 2018-08-23 08:04:09 +01:00
Esben Sparre Andreasen
fef257b1ec JS: remove emptiness checks from the type confusion x.length sinks 2018-08-22 13:25:22 +02:00
semmle-qlci
7e7e30c01c Merge pull request #73 from esben-semmle/js/cleartext-logging-query 
Approved by xiemaisi
 2018-08-22 08:04:36 +01:00
semmle-qlci
7661a98909 Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference 
Approved by xiemaisi
 2018-08-22 08:02:27 +01:00
Esben Sparre Andreasen
6950bfe915 JS: review fixups in documentation and comments 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
605695e117 JS: review fixups in documentation 2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen
21c895368d JS: change notes for improved inter-procedural type inference 2018-08-21 22:07:40 +02:00
Esben Sparre Andreasen
eb356d8d0b Merge branch 'master' into js/format-string-taint-step 2018-08-21 15:47:31 +02:00
semmle-qlci
6969466202 Merge pull request #83 from esben-semmle/js/bitwise-indexof-sanitizer 
Approved by xiemaisi
 2018-08-21 14:17:20 +01:00
Esben Sparre Andreasen
f522376217 JS: mention string formatting taint step in change notes 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen
be8a32bb18 JS: add sanitizer support for ~whitelist.indexOf(x) 2018-08-20 20:32:57 +02:00
semmle-qlci
0adeef73ff Merge pull request #74 from xiemaisi/js/multi-step-export-from 
Approved by asger-semmle
 2018-08-20 12:36:26 +01:00
Max Schaefer
b2e304951e Merge branch 'master' into ts-typescript2.9 2018-08-20 08:14:58 +01:00
Max Schaefer
a9f1e21363 JavaScript: Fix exported name of default re-exports. 
A default re-export (not part of the standard yet) looks like this:

```
export f from 'mod';
```

What this means is that the default export of `mod` is re-exported under the name `f`.

Default re-export specifiers (like `f` in this example) are modelled as a kind of default export specifier in our library, but unlike normal default export specifiers they do not export the name `default`.

This was previously not modelled correctly, leading to surprising errors down the line, for example in type inference where we suddenly would no longer be able to resolve an import that otherwise looked resolvable.
 2018-08-20 08:02:15 +01:00
semmle-qlci
44e4b25f42 Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen
0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Robert Marsh
4698d13a0d JavaScript: add change note 2018-08-17 10:16:51 -07:00
Asger F
7f77acf5f6 TypeScript: add change note 2018-08-17 14:48:53 +01:00
Max Schaefer
303b0a0027 JavaScript: Demote HeterogenousComparison to warning level. 2018-08-14 15:54:07 +01:00
Max Schaefer
886329689f JavaScript: Teach globalVarRef about top-level this and the global npm package. 2018-08-14 09:15:15 +01:00
Asger F
587e0f9175 JavaScript: add change note 2018-08-13 13:11:01 +01:00
semmle-qlci
c0fe0a1d24 Merge pull request #46 from asger-semmle/html-sanitizers 
Approved by xiemaisi
 2018-08-13 10:16:15 +01:00
semmle-qlci
3d0748c542 Merge pull request #48 from xiemaisi/js/webview-sinks 
Approved by asger-semmle
 2018-08-13 09:37:33 +01:00
Max Schaefer
14f14c1f6c JavaScript: Add change note. 2018-08-10 15:59:28 +01:00
semmle-qlci
2478c6e150 Merge pull request #43 from xiemaisi/js/odasa-7275 
Approved by
 2018-08-10 12:52:05 +01:00
Asger F
8074786af4 JavaScript: Add change note HTMLSanitizers 2018-08-10 12:36:55 +01:00
Asger Feldthaus
9a7da817b4 Add change note for Extend.qll 2018-08-10 09:56:35 +01:00
Max Schaefer
e32dc08cd0 Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization 
JS: change alert location for js/incomplete-object-initialization
 2018-08-09 13:58:11 +01:00