codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Author	SHA1	Message	Date
Asger Feldthaus	e491431f4e	JS: Autoformat	2020-05-14 13:29:33 +01:00
Pavel Avgustinov	3cc13db3a0	NodeJSLib: Restore backwards-compatibility.	2020-05-14 12:51:09 +01:00
Pavel Avgustinov	ab2d059ed4	JavaScript: Model extra sinks in `vm` module	2020-05-14 10:01:40 +01:00
Erik Krogh Kristensen	422ade16db	Apply suggestions from code review Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-05-14 10:05:59 +02:00
Erik Krogh Kristensen	b727fa81a0	add a path sanitizer to zipslip	2020-05-14 09:46:50 +02:00
Erik Krogh Kristensen	71e7083dcb	add "linkname" as a file-name-property for zip-slip	2020-05-14 09:06:23 +02:00
Erik Krogh Kristensen	a19718a10f	add fs.link and fs.linkSync as writing file system calls	2020-05-14 09:00:50 +02:00
Asger Feldthaus	2ef7719b06	JS: PathExprInModule deprecation notice	2020-05-13 16:35:24 +01:00
Asger Feldthaus	3846f534a8	JS: Factor out overridden part of PathExpr.getSearchRoot	2020-05-13 16:34:43 +01:00
Asger Feldthaus	5f510878f3	JS: Remove PathExprBase and PathExprInModule	2020-05-13 16:34:28 +01:00
Asger Feldthaus	2d88385ffb	JS: Cache moduleImport	2020-05-13 15:07:13 +01:00
Esben Sparre Andreasen	9552352d6a	JS: address qhelp feedback	2020-05-13 12:53:59 +02:00
Esben Sparre Andreasen	7305a873b1	JS: formatting	2020-05-13 11:28:48 +02:00
Esben Sparre Andreasen	fedd32fc2b	JS: address review comment	2020-05-13 09:57:02 +02:00
Esben Sparre Andreasen	91f43a7dae	JS: address review comments	2020-05-13 09:52:01 +02:00
Esben Sparre Andreasen	7722d77c86	JS: add the NoSQL $where as a sink for js/code-injection	2020-05-13 08:30:22 +02:00
Esben Sparre Andreasen	20cf04442c	JS: model marsdb and minimongo	2020-05-13 08:28:59 +02:00
jcreedcmu	3c233c762c	Merge pull request #3431 from jcreedcmu/jcreed/jump-to-def-langs Java, Javascript, Csharp: Add jump-to-definition queries	2020-05-12 10:54:11 -04:00
semmle-qlci	6fb047aef6	Merge pull request #3451 from erik-krogh/fstreamWrite Approved by esbena	2020-05-12 14:58:02 +01:00
semmle-qlci	ee848328ab	Merge pull request #3442 from erik-krogh/SmallPerfs Approved by esbena	2020-05-12 14:36:34 +01:00
Erik Krogh Kristensen	3707792cfd	recognize reading/wrinting calls to fstream methods	2020-05-12 14:18:07 +02:00
Jonas Jensen	451ae7b762	Merge pull request #3444 from dbartol/codeql-c-analysis-team/68 Rename `sanity` -> `consistency`	2020-05-12 12:33:08 +02:00
Erik Krogh Kristensen	bd768cbd7e	autoformat	2020-05-12 12:28:02 +02:00
Erik Krogh Kristensen	2fbdeceae7	add getContainedNode constraint to charpred of IndirectInclusionTest, and refactor two getEnclosingExpr()	2020-05-12 10:19:06 +02:00
semmle-qlci	8ce9c9d57e	Merge pull request #3441 from erik-krogh/BabelDirectives Approved by esbena	2020-05-12 08:57:20 +01:00
Jason Reed	66da91fe59	Java, Javascript, Csharp: Restrict definitions predicates Only expose definition-use relation itself, and getEncodedFile.	2020-05-11 15:14:16 -04:00
Dave Bartolomeo	06783938d3	JavaScript: Rename `sanity` -> `consistency`	2020-05-11 13:46:12 -04:00
Asger F	86a774d912	Merge pull request #3394 from monkey-junkie/master JS SSTI CWE-094	2020-05-11 15:06:17 +01:00
Erik Krogh Kristensen	970ddcac7b	autoformat	2020-05-11 15:38:45 +02:00
Erik Krogh Kristensen	acb0f2e54f	exclude "@babel/helpers - .." from js/unknown-directive	2020-05-11 12:42:18 +02:00
Erik Krogh Kristensen	f8de69156e	inline basicFlowStep into flowStep	2020-05-10 22:15:37 +02:00
Erik Krogh Kristensen	87167900d1	deduplicate - and slightly optimize IndirectInclusionTest	2020-05-10 22:15:37 +02:00
Erik Krogh Kristensen	6d05b40d23	eliminate recursion from GuardControlFlowNode::dominates	2020-05-10 22:15:34 +02:00
Jason Reed	48e4079c64	JS: Refactor definitions query, add queries for ide search This enables jump-to-definition and find-references in the VS Code extension, for javascript source archives.	2020-05-07 12:44:36 -04:00
Erik Krogh Kristensen	945fe45b6f	all split()[0] are safe for url-redirect	2020-05-07 10:55:17 +02:00
Erik Krogh Kristensen	a3fb13882b	Merge branch 'master' into SplitFPs	2020-05-07 10:51:11 +02:00
monkey-junkie	4594aa470d	Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-06 18:18:06 +03:00
semmle-qlci	b2f1008a00	Merge pull request #3420 from max-schaefer/js/fix-missing-triple-backtick Approved by asgerf	2020-05-06 13:52:18 +01:00
Esben Sparre Andreasen	7cc3a5a242	JS: qhelp fixups	2020-05-06 14:46:34 +02:00
Esben Sparre Andreasen	69191577d6	JS: qhelp for js/unsafe-html-expansion	2020-05-06 14:03:27 +02:00
monkey-junkie	5ce9e0d0a2	Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-06 14:32:55 +03:00
Asger F	5725814774	Merge pull request #3403 from asger-semmle/js/getcontainer JS: Move getContainer to single rootdef (+fixes)	2020-05-06 12:06:44 +01:00
Max Schaefer	9335a6cb79	JavaScript: Fix missing triple backtick in qldoc comment.	2020-05-06 11:40:00 +01:00
monkey-junkie	122354a81a	Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-06 12:54:50 +03:00
monkey-junkie	3314dd0614	Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-05-06 11:17:41 +03:00
semmle-qlci	9210660ea0	Merge pull request #3401 from erik-krogh/jsonLike Approved by esbena	2020-05-06 08:00:44 +01:00
Asger F	b2da4fe491	Update javascript/ql/src/semmle/javascript/internal/StmtContainers.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-06 07:59:04 +01:00
Asger Feldthaus	926e79d272	JS: Autoformat	2020-05-06 07:59:04 +01:00
Asger Feldthaus	f51e846439	JS: Fix ClosureModule implementation	2020-05-06 07:59:04 +01:00
Asger Feldthaus	0f870a4992	JS: Use TCapturedVariableNode as starting point of callInputStep	2020-05-06 07:59:04 +01:00

... 23 24 25 26 27 ...

3856 Commits