hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

1210 Commits

Author SHA1 Message Date
Asger Feldthaus
bf2c944b4f JS: Model concat() calls as string concatenation 2020-02-04 10:20:37 +00:00
Max Schaefer
e21c24c60e JavaScript: Add failing test case. 2020-02-04 09:39:04 +00:00
semmle-qlci
bd51ef35b7 Merge pull request #2731 from erik-krogh/CVE527 
Approved by esbena
 2020-02-04 08:38:26 +00:00
Erik Krogh Kristensen
e3189aaa47 raise syntax error on declaration of private method, and add syntax tests for private fields 2020-02-03 16:00:25 +01:00
Asger Feldthaus
9abf5f06e6 TS: Resolve imports using TypeScript symbols 2020-02-03 09:32:56 +00:00
semmle-qlci
d995d5a4a0 Merge pull request #2716 from esbena/js/additional-koa-requests 
Approved by erik-krogh
 2020-01-31 18:30:42 +00:00
Erik Krogh Kristensen
279c584bb8 fix FP in js/path-injection by recognizing more prefix checks 2020-01-31 11:03:11 +01:00
semmle-qlci
f8d0b4e602 Merge pull request #2618 from erik-krogh/ExceptionalPromise 
Approved by asgerf
 2020-01-31 07:59:09 +00:00
Esben Sparre Andreasen
5f1317fa2d JS: model path.parse and its ponyfill package: "path-parse" 2020-01-30 21:26:18 +01:00
semmle-qlci
3158b8401a Merge pull request #2705 from erik-krogh/CVE75 
Approved by asgerf
 2020-01-30 13:07:05 +00:00
Esben Sparre Andreasen
a6d3afd817 JS: support additional Koa request sources 2020-01-29 14:49:01 +01:00
Esben Sparre Andreasen
d4d910b681 JS: add koa test 2020-01-29 14:41:23 +01:00
Erik Krogh Kristensen
b8834ffcad add support for private fields in classes 2020-01-29 13:10:45 +01:00
Erik Krogh Kristensen
cb16116b4d adjust type-tracking on custom EventEmitters 2020-01-28 14:00:26 +01:00
Asger Feldthaus
b306571d52 JS: Type-track react component factories 2020-01-28 10:22:04 +00:00
Erik Krogh Kristensen
b526a2ea0f implement a model of WebSocket and ws based on the EventEmitter model 2020-01-22 14:46:53 +01:00
semmle-qlci
007b0795ec Merge pull request #2636 from erik-krogh/NewSocketIO 
Approved by esbena
 2020-01-22 13:46:11 +00:00
Erik Krogh Kristensen
5063e3820d update expected output 2020-01-22 11:18:47 +01:00
Erik Krogh Kristensen
8370699344 add support for creating a promise with another resolved promise, e.g: Promise.resolve(otherPromise) 2020-01-21 20:11:27 +01:00
Erik Krogh Kristensen
fe0b6a86d7 add data-flow steps for when Promise handlers return other promises 2020-01-21 16:15:18 +01:00
Erik Krogh Kristensen
d8b25ef5a2 add data-flow steps for resolved promises using pseudo-properties 2020-01-21 15:52:50 +01:00
Erik Krogh Kristensen
6648e2751f remove use of .getAlocalSource() i custom load/store test 2020-01-21 15:49:42 +01:00
Erik Krogh Kristensen
569ee8fc8d add support for subclasses of EventEmitter 2020-01-21 12:08:50 +01:00
Erik Krogh Kristensen
026092559c changes based on review 2020-01-20 15:53:58 +01:00
Erik Krogh Kristensen
ad813ef86c add flowsTo to the use of isAdditionalLoadStep 2020-01-20 14:16:29 +01:00
Erik Krogh Kristensen
ffbd0f6632 update expected test output 2020-01-20 09:56:40 +01:00
Erik Krogh Kristensen
b3b132c66d Merge remote-tracking branch 'upstream/master' into ExceptionalPromise 2020-01-20 09:20:09 +01:00
Erik Krogh Kristensen
6ad62e32e0 copyPropertyStep works interprocedurally 2020-01-17 12:24:29 +01:00
Erik Krogh Kristensen
06e898f53b only use .getALocalSource in copyPropertyStep 2020-01-16 16:04:45 +01:00
Erik Krogh Kristensen
4e880e2f96 implement SocketIO on top of the EventEmitter model 2020-01-16 11:02:36 +01:00
Erik Krogh Kristensen
a76ab39a39 no longer need for .getALocalSource() in custom load/store 2020-01-15 16:00:57 +01:00
Erik Krogh Kristensen
830100d2ed support interprocedural flow with custom load/store steps 2020-01-15 14:23:17 +01:00
Erik Krogh Kristensen
d09bce5cd7 custom load/store steps to implement promise flow 2020-01-14 21:37:55 +01:00
Erik Krogh Kristensen
c50de3a7e8 update expected output of tests 2020-01-10 17:49:24 +01:00
Erik Krogh Kristensen
ec5896abba add additional data-flow edges to data-flow related to promises 2020-01-10 14:12:53 +01:00
Erik Krogh Kristensen
af8b36b750 Merge remote-tracking branch 'upstream/master' into EventEmitter 2020-01-09 15:09:43 +01:00
Max Schaefer
9160fbf106 Merge pull request #2435 from asger-semmle/phi-edge-barrier-guards 
JS: Phi edge barrier guards
 2020-01-06 14:14:18 +00:00
semmle-qlci
f48e4bc2a0 Merge pull request #2580 from asger-semmle/typescript-unbounded-recursion 
Approved by max-schaefer
 2020-01-06 14:00:55 +00:00
semmle-qlci
0c0073fb02 Merge pull request #2582 from asger-semmle/spurious-css-import 
Approved by max-schaefer
 2020-01-06 14:00:08 +00:00
Asger F
4d25bfc038 JS: Fix copy pasta 2020-01-06 11:37:21 +00:00
Asger F
142c83f38f JS: Add negative dominance test 2020-01-06 11:37:21 +00:00
Asger F
aa6572b5c8 JS: Sanitize phi edges from barrier guards 2020-01-06 11:37:21 +00:00
Asger F
0b04f0d8f7 JS: Add test case for phi input 2020-01-06 11:37:20 +00:00
Asger F
4772798d7b JS: do not resolve arbitrary extensions to JavaScript files 2020-01-03 11:37:51 +00:00
Asger F
c5f73cb868 JS: Add test showing spurious .css import 2020-01-03 10:59:10 +00:00
Asger F
f31d47c66e TS: explain test case 2020-01-03 10:48:15 +00:00
Asger F
202746e92d TS: Guard getTypeAtLocation with try/catch 2020-01-02 16:31:23 +00:00
Asger F
0388e9ca0c TS: Add regression test 2020-01-02 16:28:49 +00:00
Asger F
2ca0e7d232 TS: Disable output from tracing 2020-01-02 15:38:10 +00:00
Asger F
8f478f7caf TS: Add test with traceResolution: true 2020-01-02 15:04:30 +00:00