hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,074 Commits 1,671 Branches 157 Tags
rc/1.19
Commit Graph

585 Commits

Author SHA1 Message Date
semmle-qlci
57de628ab8 Merge pull request #650 from xiemaisi/js/nomagic-isDOMProperty 
Approved by asger-semmle
 2018-12-10 13:52:47 +00:00
Max Schaefer
e7df9b8b01 JavaScript: Avoid unhelpful magic. 2018-12-10 10:40:37 +00:00
semmle-qlci
1ca27e2c18 Merge pull request #647 from xiemaisi/js/fix-msita-perf 
Approved by esben-semmle
 2018-12-09 21:32:31 +00:00
Max Schaefer
74e70615ed JavaScript: Fix performance regression in MixedStaticInstanceThisAccess. 2018-12-07 13:17:36 +00:00
semmle-qlci
bc91e0f53b Merge pull request #624 from Semmle/xiemaisi-patch-2 
Approved by esben-semmle
 2018-12-06 08:04:37 +00:00
Max Schaefer
13a9903c21 JavaScript: Remove redundant conjunct in MixedStaticInstanceThisAccess. 
Minor cleanup, but might as well go into the release.
 2018-12-05 15:11:32 +00:00
Max Schaefer
a1f210df67 JavaScript: Address review comments. 2018-12-05 14:10:06 +00:00
Max Schaefer
22502e7a10 JavaScript: Add query help for FileAccessToHttp query. 2018-12-05 13:12:52 +00:00
Max Schaefer
92c1e655dd JavaScript: Add query help for HttpToFileAccess query. 2018-12-05 12:58:38 +00:00
semmle-qlci
3d058a2895 Merge pull request #603 from xiemaisi/js/fix-inconsistent-new 
Approved by asger-semmle, esben-semmle
 2018-12-03 16:48:55 +00:00
Max Schaefer
8627ddbe4b JavaScript: Adjust alert message. 2018-12-03 12:38:00 +00:00
Max Schaefer
3351650895 JavaScript: Make InconsistentNew give fewer results. 2018-11-30 16:13:46 +00:00
Max Schaefer
b17518a5eb JavaScript: Refactor InconsistentNew to improve performance. 
All the filtering is now done in `getALikelyCallee`, to which I have also added an additional parameter that improves the join in the `select` clause.

I've also simplified the alert message to no longer use `toString`, which isn't meant for alert messages anyway. (This is an old query.)
 2018-11-30 15:40:45 +00:00
Asger F
f85e30aa6c Merge pull request #571 from xiemaisi/js/numeric-constant-interpreted-as-code 
JavaScript: Add new query `HardcodedDataInterpretedAsCode`.
 2018-11-29 17:07:48 +00:00
Max Schaefer
8637eaf100 JavaScript: Address review comments. 2018-11-29 10:48:44 +00:00
Max Schaefer
5f16406ad7 JavaScript: Add new query HardcodedDataInterpretedAsCode. 2018-11-29 09:52:31 +00:00
Max Schaefer
94a5722c2a JavaScript: Model taint propagation through new Buffer and Buffer.from. 2018-11-29 09:52:31 +00:00
Max Schaefer
4091cf410d JavaScript: Improve detection of require calls. 2018-11-29 09:52:31 +00:00
Max Schaefer
506236994f JavaScript: Address doc review comments. 2018-11-29 09:49:13 +00:00
Max Schaefer
45574d4eaa JavaScript: Minor change to documentation to facilitate opening another PR. 2018-11-28 13:53:28 +00:00
Max Schaefer
39f1c7904b JavaScript: Address review comments. 2018-11-28 09:44:58 +00:00
Max Schaefer
f1c538a97b JavaScript: Restrict RemotePropertyInjection query to avoid double-reporting. 
This query now only flags user-controlled property and header writes, method calls are handled by the new unsafe/unvalidated method call queries.
 2018-11-28 08:16:31 +00:00
Max Schaefer
2889e07eb8 JavaScript: Add new query UnvalidatedDynamicMethodCall. 2018-11-28 08:16:31 +00:00
Max Schaefer
cf1e7cff3f JavaScript: Move an auxiliary predicate into shared library. 2018-11-27 12:03:25 +00:00
Max Schaefer
8e54c7ab6c Merge pull request #503 from asger-semmle/unsafe-global-object-access 
JS: add method name injection query
 2018-11-26 15:56:20 +00:00
Aditya Sharad
c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
semmle-qlci
04c2b23abd Merge pull request #520 from esben-semmle/js/clear-text-logging-taint-kinds 
Approved by asger-semmle
 2018-11-23 12:40:40 +00:00
Esben Sparre Andreasen
b780f82869 JS: sharpen js/clear-text-logging (ODASA-7485) 2018-11-22 13:38:43 +01:00
Asger F
61ef6552c3 JS: handle both data() and taint() source labels 2018-11-22 09:59:31 +00:00
semmle-qlci
4e72a08b8d Merge pull request #507 from esben-semmle/js/mixed-static-intance-this-access-inheritance 
Approved by xiemaisi
 2018-11-21 16:07:25 +00:00
semmle-qlci
f5d3274655 Merge pull request #508 from esben-semmle/js/indirect-global-call-with-default-arguments 
Approved by xiemaisi
 2018-11-21 16:06:46 +00:00
Asger F
27c9326e70 JS: address doc review 2018-11-21 14:19:14 +00:00
Esben Sparre Andreasen
72c4ef4d90 JS: fixup optional chaining on CallWithNonLocalAnalyzedReturnFlow 2018-11-21 14:18:14 +01:00
Asger F
8c7e19567b JS: fix string value of taint configuration 2018-11-21 12:35:35 +00:00
Asger F
4ae2493798 JS: rename query to Unsafe Dynamic Method Access 2018-11-21 12:34:18 +00:00
Asger F
cb832b1de9 Merge branch 'unsafe-global-object-access' of github.com:asger-semmle/ql into unsafe-global-object-access 2018-11-21 11:14:21 +00:00
Asger F
84d642612e JS: more comments 2018-11-21 11:14:13 +00:00
Max Schaefer
fa761c07bd Update javascript/ql/src/Security/CWE-094/MethodNameInjection.ql 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2018-11-21 10:55:38 +00:00
Esben Sparre Andreasen
caea6212ed JS: use inheritance in js/mixed-static-instance-this-access 2018-11-21 09:48:37 +01:00
Esben Sparre Andreasen
01ad9ed8bc JS: address review comments 2018-11-21 09:19:20 +01:00
Esben Sparre Andreasen
41b45352aa JS(ql): support optional chaining 2018-11-21 08:57:10 +01:00
Esben Sparre Andreasen
00587ba7b4 JS(extractor): support optional chaining 2018-11-21 08:57:10 +01:00
Asger F
7d80847832 JS: add qhelp example to test suite 2018-11-20 18:44:18 +00:00
Asger F
4138f814d8 JS: expand example 2018-11-20 18:42:49 +00:00
Asger F
260ae36cf8 JS: document the shared module 2018-11-20 18:27:02 +00:00
Asger F
3902f752d0 JS: share detection of objects with unsafe methods 2018-11-20 18:26:20 +00:00
Asger F
b16072a7be JS: share ConcatSanitizer in common module 2018-11-20 18:24:52 +00:00
Asger F
49cd2876c9 JS: use StringConcatenation library in ConcatSanitizer 2018-11-20 18:12:07 +00:00
Asger F
1c06f45046 JS: address some comments 2018-11-20 18:11:46 +00:00
semmle-qlci
b21b066255 Merge pull request #499 from xiemaisi/js/target-blank-location 
Approved by esben-semmle
 2018-11-20 17:16:05 +00:00