hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,884 Commits 1,671 Branches 157 Tags
main
Commit Graph

57 Commits

Author SHA1 Message Date
Felicity Chapman
e589d12d78 Update change-notes/1.21/analysis-javascript.md 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2019-06-07 10:25:56 +01:00
Felicity Chapman
012f6adf90 Minor text changes 2019-06-07 09:44:49 +01:00
Felicity Chapman
a4e2593c94 Correct table sort order 2019-06-06 18:53:10 +01:00
Max Schaefer
d233cea79d JavaScript: Lower precision of PasswordInConfigurationFile. 
In spite of recent improvements, this query is still too noisy to show
by default.
 2019-06-05 08:09:19 +01:00
Esben Sparre Andreasen
0fa73b8331 JS: add query js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Asger F
a4a9e951d5 JS: Add query ID to change note 2019-05-31 11:44:06 +01:00
Asger F
ffb3265b26 JS: Mention results are shown on LGTM 2019-05-31 11:35:35 +01:00
Asger F
5170fa2ded JS: Add change note for prototype pollution 2019-05-31 10:58:56 +01:00
semmle-qlci
0fa06e5c8d Merge pull request #1180 from asger-semmle/tainted-path-squashed 
Approved by xiemaisi
 2019-05-30 17:20:19 +01:00
Asger F
320f484e7e TS: Rephrase change note 2019-05-30 12:48:05 +01:00
Asger F
1a6d09cc07 JS: Add change note 2019-05-28 12:42:59 +01:00
semmle-qlci
bd15994bb4 Merge pull request #1367 from xiemaisi/js/configuration-api-consistency 
Approved by esben-semmle
 2019-05-28 12:26:58 +01:00
semmle-qlci
9804105855 Merge pull request #1364 from asger-semmle/typescript-change-note 
Approved by esben-semmle
 2019-05-28 08:27:38 +01:00
Max Schaefer
86e96c6dc3 JavaScript: Introduce is{Barrier,Sanitizer}Edge predicate. 
This name is more intuitive than the previous binary
`is{Barrier,Sanitizer}` predicates, and is consistent with the other
languages.
 2019-05-28 08:08:14 +01:00
Asger F
a1399d07a4 JS: Add change note for TypeScript full extraction 2019-05-23 09:19:01 +01:00
Asger F
61ef73b0f7 JS: Add change note and deprecation member 2019-05-22 12:23:29 +01:00
semmle-qlci
2b5b8751ea Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps 
Approved by esben-semmle, xiemaisi
 2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen
8256f2e736 Merge pull request #1308 from asger-semmle/exceptional-flow 
JS: Add flow through exceptions
 2019-05-17 08:33:44 +02:00
Asger F
9c1208e751 JS: Add change note 2019-05-16 17:50:10 +01:00
Asger F
b9ade67933 JS: Add change note 2019-05-16 10:56:47 +01:00
semmle-qlci
9653fbd4f7 Merge pull request #1311 from emarteca/unreachableThrows 
Approved by xiemaisi
 2019-05-09 10:37:41 +01:00
Ellen Arteca
893f62f334 Stylistic issue: replace \"eg\" by \"example\", as requested 2019-05-09 09:30:12 +01:00
Ellen Arteca
a12d12d59a JavaScript: Update UnreachableStmt query so unreachable throws no longer gives an alert 2019-05-08 16:25:54 +01:00
Max Schaefer
c16e9a77f3 JavaScript: Fix a few false positives in PasswordInConfigurationFile. 2019-05-08 08:26:05 +01:00
Max Schaefer
7ca5cc22d8 Merge pull request #1257 from asger-semmle/jsdoc 
JS: Add common interface between TypeExpr and JSDocTypeExpr
 2019-04-29 16:20:17 +01:00
semmle-qlci
52d6626547 Merge pull request #1242 from esben-semmle/js/whitelist-trailing-newline-removal 
Approved by xiemaisi
 2019-04-29 07:35:15 +01:00
Asger F
393a9fd7b0 JS: Add change notes 2019-04-26 16:56:04 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
Esben Sparre Andreasen
f064ba0c55 JS: change notes for newline whitelist in js/incomplete-sanitization 2019-04-23 08:38:26 +02:00
semmle-qlci
f36eafce3f Merge pull request #1246 from xiemaisi/js/hardcoded-password 
Approved by asger-semmle
 2019-04-17 08:54:09 +01:00
Max Schaefer
4c9edafef3 Merge pull request #1211 from esben-semmle/js/type-tracking-for-incomplete-hostname-regexp 
JS: type tracking for js/incomplete-hostname-regexp
 2019-04-15 12:19:46 +01:00
Max Schaefer
1d5bb97121 JavaScript: Refine PasswordInConfigurationFile to avoid FPs. 
We now exclude passwords that look like they might be filled in via
templating or shell substitution.
 2019-04-15 12:10:21 +01:00
Esben Sparre Andreasen
2d66069d60 JS: change notes for js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00
semmle-qlci
ccbb7ce04b Merge pull request #1224 from asger-semmle/cheerio 
Approved by esben-semmle
 2019-04-11 15:21:44 +01:00
Asger F
78b00e16d7 TS: change note 2019-04-10 14:11:11 +01:00
Asger F
39bafa354e JS: Add change note 2019-04-09 12:22:20 +01:00
Esben Sparre Andreasen
52d86471af JS: whitelist another emptiness check for the type-confusion query 2019-04-08 09:52:27 +02:00
Asger F
80f413177a Merge branch 'master' into shelljs 2019-04-05 14:44:32 +01:00
semmle-qlci
063dbeeff3 Merge pull request #1198 from esben-semmle/js/more-express-route-handlers 
Approved by xiemaisi
 2019-04-05 09:47:51 +01:00
Esben Sparre Andreasen
0ec0aa35be JS: change notes for Express 2019-04-04 21:42:23 +02:00
Asger F
a2b8721898 JS: Add change note 2019-04-04 11:45:59 +01:00
Esben Sparre Andreasen
3c608fe11e Merge branch 'master' into js/improve-createServer 2019-04-03 12:37:33 +02:00
semmle-qlci
1da828fa80 Merge pull request #1195 from esben-semmle/js/firebase-express-requests 
Approved by xiemaisi
 2019-04-03 11:36:02 +01:00
Esben Sparre Andreasen
f23a5a5fee JS: model firebase-functions/https.onRequest 2019-04-03 08:01:45 +02:00
Esben Sparre Andreasen
0b733b4f23 JS: treat the last argument to https.createServer as a route handler 2019-04-02 14:38:31 +02:00
semmle-qlci
02f4695a5b Merge pull request #1152 from esben-semmle/js/koa-improvements 
Approved by xiemaisi
 2019-04-02 08:51:19 +01:00
Esben Sparre Andreasen
86a046a28e JS: change notes for Koa improvements 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
6908c54df6 JS: change notes 2019-04-01 09:25:07 +02:00
Asger F
6478d9383c JS: drive-by typo fix 2019-03-28 10:28:44 +00:00
Asger F
5dba78ba1a JS: add change note 2019-03-28 10:28:30 +00:00