hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,672 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

3856 Commits

Author SHA1 Message Date
Max Schaefer
640c194c92 JavaScript: Model util.deprecate as a pre call-graph step. 2020-06-26 11:47:19 +01:00
semmle-qlci
f81fc77e9e Merge pull request #3782 from erik-krogh/promiseSteps 
Approved by asgerf
 2020-06-26 10:11:10 +01:00
semmle-qlci
92cc59b47b Merge pull request #3800 from esbena/js/npmlog 
Approved by erik-krogh
 2020-06-26 07:54:08 +01:00
Erik Krogh Kristensen
7cb6516bc4 make internal predicates within DominatingPaths smaller. 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
8b3ca73c1c autoformat 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
47d52870f2 Use a ControlFlowNode based API to determine domination 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
926f2c139f require that a write must dominate the enclosing stmt of a read 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
55565a51df don't use getEnclosingStmt 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
34d6a4dcf8 use Rhs of a prop-write 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
f7c42ca1b5 autoformat 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
252f805db4 performance improvement 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
21e5a522b0 give the same rank to all expressions inside a single stmt 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
e467d3ccbf use dominating write check in js/path-injection 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
2b2d691e45 don't treated a property from a tainted object as tainted when there exists a dominating write 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
5e4acfbe19 implement predicate for finding dominating writes to an access-path 2020-06-25 23:00:52 +02:00
semmle-qlci
056e1a8c4b Merge pull request #3599 from asger-semmle/js/nameditem 
Approved by esbena
 2020-06-25 17:34:14 +01:00
Erik Krogh Kristensen
690bde47aa remove a .getALocalSource() that isn't needed 2020-06-25 16:51:10 +02:00
semmle-qlci
cf0cd00458 Merge pull request #3627 from asger-semmle/js/unneeded-defensive-return 
Approved by erik-krogh
 2020-06-25 15:28:57 +01:00
semmle-qlci
c39dce4d66 Merge pull request #3781 from asger-semmle/js/deprecate-type-member-lookup 
Approved by erik-krogh
 2020-06-25 14:56:17 +01:00
Erik Krogh Kristensen
c3b52fadcc add missing qldoc 2020-06-25 15:54:36 +02:00
Erik Krogh Kristensen
09d969a8ad recognize sensitive files by file-system writes 2020-06-25 15:19:42 +02:00
Erik Krogh Kristensen
8f5a3e9f4f add support for getASavePath() to js/insecure-download 2020-06-25 15:18:31 +02:00
Erik Krogh Kristensen
dafca8fd81 introduce flow-labels to js/insecure-download 2020-06-25 15:17:57 +02:00
Erik Krogh Kristensen
9bdedb3f48 introduce getASavePath to ClientRequest 2020-06-25 15:17:19 +02:00
Esben Sparre Andreasen
4bfce4b8a3 JS: model npmlog (and recognize the "verbose" log level) 2020-06-25 12:06:51 +02:00
semmle-qlci
b24fba8df0 Merge pull request #3734 from dellalibera/loginjection 
Approved by esbena
 2020-06-25 11:06:25 +01:00
Asger Feldthaus
ea3560fe07 JS: Ignore document.all checks explicitly 2020-06-25 11:03:06 +01:00
Erik Krogh Kristensen
2d7feb794f Refactor Promises.qll to use PreCallGraphStep 2020-06-25 10:41:08 +02:00
Asger F
090a685d86 Merge pull request #3751 from toufik-airane/master 
[javascript] CWE-347: JWT Missing Secret Or Public Key Verification
 2020-06-24 21:09:41 +01:00
ubuntu
d9a0dc0982 Remove check for console().getAMethodCall 2020-06-24 19:31:23 +02:00
ubuntu
65eba0272d Merge remote-tracking branch 'upstream/master' into loginjection 2020-06-24 19:15:27 +02:00
semmle-qlci
daeb13d9fd Merge pull request #3779 from asger-semmle/js/metric-queries 
Approved by esbena
 2020-06-24 15:37:03 +01:00
Asger Feldthaus
42f32bf76c JS: Recognize calls to .item and .namedItem 2020-06-24 15:11:18 +01:00
semmle-qlci
696d19cb14 Merge pull request #3773 from erik-krogh/guardedCrypto 
Approved by asgerf
 2020-06-24 13:04:04 +01:00
semmle-qlci
a723ac0d8e Merge pull request #3767 from esbena/js/console-member-calls 
Approved by erik-krogh
 2020-06-24 08:03:49 +01:00
Asger Feldthaus
d15c98d18c JS: Add more metrics 2020-06-24 08:03:24 +01:00
Asger Feldthaus
63d48bfe5c JS: Move IgnoredFile to MetaMetrics 2020-06-23 17:08:09 +01:00
Asger Feldthaus
35bdb4127e JS: Add TypedExprs metric 2020-06-23 17:05:58 +01:00
Erik Krogh Kristensen
3f8881a334 don't report insecure randomness when the insecure random is just a fallback 2020-06-23 15:53:19 +02:00
semmle-qlci
0d61443915 Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing 
Approved by erik-krogh
 2020-06-23 13:01:41 +01:00
Asger F
552b7ad3ca Merge pull request #3765 from asger-semmle/js-team-sprint-merge2 
JS: Merge js-team-sprint
 2020-06-23 12:58:27 +01:00
semmle-qlci
a5a3573a3e Merge pull request #3757 from asger-semmle/js/unused-npm-dependencies 
Approved by erik-krogh
 2020-06-23 12:56:45 +01:00
Asger Feldthaus
234f968294 JS: Deprecate property lookup on types 2020-06-23 11:42:28 +01:00
Toufik Airane
27f91b36b0 Update javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-23 12:28:21 +02:00
toufik-airane
37f44d98ce fix minor issues 2020-06-23 12:28:03 +02:00
Esben Sparre Andreasen
2d32ee7448 JS: support member calls of console 2020-06-23 10:46:01 +02:00
Asger Feldthaus
b4f75ef414 Merge branch 'master' into js-team-sprint-merge2 2020-06-23 00:18:09 +01:00
Asger F
ca06f6dfb4 Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-23 00:16:02 +01:00
toufik-airane
f7cbc8a8d4 Enhance query ouput 
- add valuable text to assess the query results
- add an example of the output
 2020-06-22 22:34:06 +02:00
toufik-airane
0f8879716f rewrite description 2020-06-22 21:57:58 +02:00