hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,929 Commits 1,671 Branches 157 Tags
rc/1.20
Commit Graph

1270 Commits

Author SHA1 Message Date
Jason Reed
0a91d919b0 JS: Allow path.basename sanitization in zipslip. 2019-03-06 09:46:41 +00:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Asger F
ee7461380e JS: Omit uninteresting nodes from path explanations 2019-03-06 08:41:03 +00:00
Max Schaefer
832dff54e8 JavaScript: Remove a @link in Javadoc. 
Javadoc claims not to be able to resolve this link, while Eclipse manages to do so without any problems, failing an internal PR check.

It's only in a test, though, so I just removed it.
 2019-03-05 17:02:44 +00:00
semmle-qlci
dedefe0f9e Merge pull request #1039 from xiemaisi/js/parallel-extraction-env-vars 
Approved by asger-semmle
 2019-03-05 14:42:01 +00:00
Max Schaefer
b1033b079f JavaScript: Make configuration of parallel extraction consistent with parallel evaluation. 
Just like parallel evaluation, the number of extractor threads is now determined by the `LGTM_THREADS` environment variable, and defaults to one.
 2019-03-05 10:06:32 +00:00
Max Schaefer
29f381eb34 JavaScript: Consolidate DOM tests. 2019-03-05 08:24:39 +00:00
Max Schaefer
3ab465edcc JavaScript: Consolidate ReactJS tests. 2019-03-05 08:24:39 +00:00
Max Schaefer
1c97a57888 JavaScript: Consolidate Promises tests. 2019-03-05 08:24:36 +00:00
Max Schaefer
41349c547f JavaScript: Consolidate stmts tests. 2019-03-05 08:14:47 +00:00
Max Schaefer
eb02e8bd36 JavaScript: Consolidate CallGraphs tests. 2019-03-05 08:14:47 +00:00
Max Schaefer
9178da4f61 JavaScript: Consolidate Expr tests. 2019-03-05 08:14:47 +00:00
Max Schaefer
256f3b013b JavaScript: Consolidate tutorial tests. 2019-03-05 08:14:47 +00:00
Max Schaefer
5a242d4849 JavaScript: Consolidate ModuleImportNode tests. 
Note that `CustomImport.ql` is still separate since it customises the standard library and would hence influennce other tests.
 2019-03-05 08:14:47 +00:00
Max Schaefer
deff97a9e6 JavaScript: Consolidate PropWrite tests. 2019-03-05 08:14:39 +00:00
Max Schaefer
0b5599d009 JavaScript: Consolidate connect, koa, hapi and restify tests. 2019-03-05 08:04:01 +00:00
Max Schaefer
89ad16be4b JavaScript: Consolidate Functions tests. 2019-03-05 08:04:01 +00:00
Max Schaefer
40502c68a5 JavaScript: Consolidate Classes tests. 2019-03-05 08:04:01 +00:00
Max Schaefer
3b89c70da8 JavaScript: Consolidate Modules tests. 2019-03-05 08:04:01 +00:00
Max Schaefer
f3eca887a9 JavaScript: Consolidate JSDoc tests. 2019-03-05 08:04:01 +00:00
Max Schaefer
65ece6e895 JavaScript: Consolidate TypeAnnotations tests. 2019-03-05 08:04:01 +00:00
Max Schaefer
716e741371 JavaScript: Consolidate NodeJSLib tests. 2019-03-05 08:04:01 +00:00
semmle-qlci
9a2a328243 Merge pull request #1025 from xiemaisi/js/fix-exports-assign 
Approved by asger-semmle
 2019-03-04 21:25:56 +00:00
Max Schaefer
7f5e2630a1 Merge pull request #1032 from xiemaisi/master-for-merge 
Merge master into rc/1.20
 2019-03-04 21:23:51 +00:00
semmle-qlci
f13eb18493 Merge pull request #1018 from xiemaisi/js/consolidate-tests 
Approved by esben-semmle
 2019-03-04 10:59:51 +00:00
Max Schaefer
3cabc12be3 JavaScript: Teach InvalidExport to never flag module.exports = exports = ... and similar. 
This was previously flagged if `exports` wasn't used any further. While it's true that the assignment to `exports` is redundant in this case, the assignment is also flagged by DeadStorOfLocal, so there is no point in InvalidExport flagging it as well.
 2019-03-04 09:53:37 +00:00
semmle-qlci
4c3ecf0f76 Merge pull request #989 from asger-semmle/class-node-get-this-access 
Approved by xiemaisi
 2019-03-01 19:40:31 +00:00
Max Schaefer
8e340922cb JavaScript: Simplify some imports. 2019-03-01 14:44:58 +00:00
Max Schaefer
75c76619d8 JavaScript: Autoformat rearranged tests. 2019-03-01 14:42:01 +00:00
Max Schaefer
83e0f3bc8d Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 
JS: Captured Nodes, type inference + a query
 2019-03-01 10:48:52 +00:00
semmle-qlci
6cafe222c4 Merge pull request #1013 from asger-semmle/closure-string-ops 
Approved by esben-semmle
 2019-03-01 10:31:27 +00:00
Max Schaefer
a6f3305edc Merge pull request #1006 from asger-semmle/express-end 
JS: Treat res.end() as alias for res.send() in Express
 2019-03-01 10:30:06 +00:00
Max Schaefer
d4d9d61216 JavaScript: Consolidate Express tests. 
Instead of having many small independent tests, we now just have a single test that pulls in all the individual tests and runs them together.

Concretely, each `.ql` file has been turned into a `.qll` file with a query predicate corresponding to the original `select` clause and named after the original `.ql` file, plus a prefix `test_`.

The newly added `tests.ql` imports all these `.qll`s.

The individual `.expected` files have been concatenated together into `tests.expected`, each prefixed with the name of the corresponding query predicate. (This is the format that qltest produces for tests with multiple query predicates.)
 2019-03-01 09:39:31 +00:00
Max Schaefer
b265ff7cdf JavaScript: Delete stray .expected file. 2019-03-01 09:39:31 +00:00
semmle-qlci
bc8906ba82 Merge pull request #1009 from xiemaisi/js/reformat-extractor 
Approved by asger-semmle
 2019-03-01 08:20:59 +00:00
Max Schaefer
8dcd8715b9 Merge pull request #889 from jcreedcmu/jcreed/tarslip 
JavaScript: Add new query for ZipSlip (CWE-022).
 2019-03-01 08:16:35 +00:00
Jason Reed
86bbb5fb18 JS: Add ZipSlip query to security suite 2019-02-28 15:46:34 -05:00
Jason Reed
c1b218a5ff JS: Documentation fixes 2019-02-28 15:46:19 -05:00
Jason Reed
c5e57dacf8 JS: Actually use fileName in examples 2019-02-28 15:46:14 -05:00
Jason Reed
674d2790b4 JS: Address review comments 2019-02-28 15:46:07 -05:00
Jason Reed
caebdd2f68 JS: Fix incorrect sample link 2019-02-28 15:46:00 -05:00
Jason Reed
2fc2a393b7 JS: Address review comments 2019-02-28 15:45:52 -05:00
Jason Reed
09b9a57783 JS: More efficient reasoning through pipe 2019-02-28 15:45:38 -05:00
Jason Reed
b0636dd410 JS: Better local flow through .pipe chaining 2019-02-28 15:45:33 -05:00
Jason Reed
23d37c7167 JS: Unbreak TaintedPath 2019-02-28 15:45:26 -05:00
Jason Reed
32d48ba98b JS: Run auto-formatter 2019-02-28 15:45:20 -05:00
Jason Reed
abd2644af7 JS: Address review comments 2019-02-28 15:45:13 -05:00
Jason Reed
baa4f08259 JS: Add new query for ZipSlip (CWE-022) 2019-02-28 15:45:08 -05:00
Asger F
8dfec58428 JS: Update test 2019-02-28 16:49:35 +00:00
Asger F
47b5f34870 JS: shift line numbers in test output 2019-02-28 16:48:47 +00:00