hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,671 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

3856 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
4dfc0680e2 support non SourceNode receiver for partialInvoke in routeHandlerStep 2020-09-21 10:42:19 +02:00
Erik Krogh Kristensen
4cde48cfb8 change comma to dot in qldoc 2020-09-21 10:23:21 +02:00
Erik Krogh Kristensen
edebbd640e revert change to return-type 2020-09-21 10:18:22 +02:00
Erik Krogh Kristensen
6c050d3160 revert change of return-type 2020-09-20 22:21:42 +02:00
Erik Krogh Kristensen
ae228cb5b2 move new predicates to a more fitting location 2020-09-20 22:15:03 +02:00
Erik Krogh Kristensen
5fd4c7a422 use PartialInvokeNode 2020-09-20 22:06:48 +02:00
Erik Krogh Kristensen
bef09254ee rename forwardingCall to isAForwardingRouteHandlerCall 2020-09-20 21:59:33 +02:00
Erik Krogh Kristensen
62332121b2 remove getNumParameter constraint 2020-09-20 21:57:55 +02:00
Erik Krogh Kristensen
3aaa2d11a7 rename decoratedRouteHandler to isDecoratedCall 2020-09-20 21:54:56 +02:00
Erik Krogh Kristensen
0b16f81f8b improve performance by using RouteHandlerCandidate 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
1f95311342 further loosen the RouteHandlerCandidate heuristic 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
3eaa56ed60 support containers with decorated route handlers 2020-09-18 09:29:08 +02:00
Erik Krogh Kristensen
c087e94d47 add additional indirect route-handler steps 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
02c1d689e4 support indirect route-handlers for NodeJS 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
43e5c0212c add basic support for indirect route handlers 2020-09-18 09:26:33 +02:00
CodeQL CI
c2175b678c Merge pull request #4263 from erik-krogh/importScripts 
Approved by esbena
 2020-09-16 06:01:35 -07:00
CodeQL CI
951e3093d2 Merge pull request #4231 from erik-krogh/CVE767 
Approved by asgerf
 2020-09-15 03:47:40 -07:00
Erik Krogh Kristensen
c5b5a4fd55 improve performance of NodeJS::NodeModule::exports 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
c1cb19abd7 add level PreCallGrapSteps to the callgraph 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
f2ecb63e5a add a direct Export step as a PreCallGraphStep 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
61f6580d1e add API in PackageExports.qll for getting a value exported under a name 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
d3653b3030 add support for re-exports using the spread operator for NodeJS exports 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
cb7de2714a add onmessage handlers registered using global property as PostMessageEventHandler 2020-09-14 16:50:45 +02:00
Erik Krogh Kristensen
2e3df74dce add importScripts as a sink for js/client-side-unvalidated-url-redirection 2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen
6fb534f178 fix catastrophic join order in UnsafeJQueryPlugin 2020-09-14 09:59:48 +02:00
Erik Krogh Kristensen
9502869e3c improve join-order for aliasPropertyPresenceStep 2020-09-14 09:59:22 +02:00
CodeQL CI
903bc007b8 Merge pull request #4082 from max-schaefer/js/api-graph 
Approved by asgerf
 2020-09-11 04:41:38 -07:00
Max Schaefer
b71a8e2ad0 JavaScript: Expose an API-graph predicate that is useful for flow summaries. 2020-09-10 08:44:06 +01:00
CodeQL CI
a1cec12377 Merge pull request #4220 from erik-krogh/colonCmd 
Approved by esbena
 2020-09-09 10:13:14 +01:00
Erik Krogh Kristensen
cffe573d06 add taint-steps for underscore methods 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
eb80705e99 add a taint-step for require("bluebird").mapSeries() 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
b97c09a319 use tuples to simplify arrayFunctionTaintStep 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
bb97829e1d add a model for the ClientRequest new require("net").Socket() 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
d5097d820d support direct callbacks to require("net").createServer 2020-09-09 09:46:17 +02:00
Erik Krogh Kristensen
4515d27ad2 Merge branch 'main' of https://github.com/github/codeql into pr/erik-krogh/4220 2020-09-08 14:10:15 +00:00
Jonas Jensen
0935d1e155 JS: Deprecate the Block class alias 2020-09-08 08:40:20 +02:00
Max Schaefer
b8a492473b JavaScript: Stop tracking canonical function names in API graphs. 
This blows up on the TypeScript compiler, and is likely to be much less useful than tracking type names and namespaces, which we still do.
 2020-09-07 16:47:45 +01:00
Asger F
d3f19721e6 Merge pull request #4153 from erik-krogh/snake_case_pr 
JS: rename dbscheme predicates to consistently use snake_case in dbscheme
 2020-09-07 16:21:32 +01:00
Max Schaefer
423d87b812 JavaScript: Rename TNode to TApiNode. 
This prevents spurious recomputation of a cached stage.
 2020-09-07 14:02:37 +01:00
Erik Krogh Kristensen
55b79f445c recognize commands with slash and underscore 2020-09-07 14:28:28 +02:00
Erik Krogh Kristensen
320879bc1e recognize colon in command-prefixes 2020-09-07 13:12:38 +02:00
CodeQL CI
85f6388a19 Merge pull request #4206 from erik-krogh/consistentJquery 
Approved by esbena
 2020-09-07 11:23:23 +01:00
Erik Krogh Kristensen
8ada928b16 Merge branch 'main' into snake_case_pr 2020-09-07 11:12:57 +02:00
Erik Krogh Kristensen
61e2e5647c autoformat 2020-09-07 11:05:56 +02:00
CodeQL CI
b5872fe848 Merge pull request #3873 from asger-semmle/js/type-qualified-name-fallback 
Approved by erik-krogh
 2020-09-07 09:48:05 +01:00
Erik Krogh Kristensen
f13a4f5771 require that the plugin and sink are in the same toplevel 2020-09-04 13:59:16 +02:00
Erik Krogh Kristensen
d47c852767 autoformat 2020-09-04 12:44:18 +02:00
Max Schaefer
cfc91cc5f1 JavaScript: Drop "feature" terminology. 
It turned out to be more confusing than helpful, so we're back with plain old API-graph "nodes".
 2020-09-04 10:57:21 +01:00
Erik Krogh Kristensen
6e54cf426c autoformat 2020-09-04 11:55:39 +02:00
Erik Krogh Kristensen
5a159abd75 renamed "interfacedefinition" to "interface_definition" 2020-09-04 11:55:33 +02:00