hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

1210 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
8f3497a7bf JS: improve tests for interprocedural type inference 2018-11-01 13:51:38 +01:00
Max Schaefer
c75d785684 JavaScript: Fix modelling of _.partial. 
Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array;
cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial.
 2018-10-31 06:31:59 -04:00
Asger F
f07aa5bb2c JS: ensure parameters always have a dataflow node 2018-10-31 10:28:31 +00:00
semmle-qlci
1509752df6 Merge pull request #345 from esben-semmle/js/intro-getUnderlying 
Approved by xiemaisi
 2018-10-30 10:34:00 +00:00
Esben Sparre Andreasen
ec1722c4db JS: add utility SyntacticConstants::isNullOrUndefined 2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen
244d8d5778 JS: introduce truncate utility 2018-10-26 15:20:58 +02:00
Max Schaefer
394d7b7a9b JavaScript: Update expected output of CFG test. 2018-10-25 15:31:46 +01:00
Max Schaefer
d2993b9e04 JavaScript: Model data flow of destructuring assignments more precisely. 2018-10-25 15:31:46 +01:00
Aditya Sharad
292189c1e0 Merge pull request #347 from xiemaisi/rc/1.18-master-merge 
Mergeback rc/1.18 to master
 2018-10-24 16:03:30 +01:00
Max Schaefer
9a856935db Merge remote-tracking branch 'upstream/rc/1.18' into rc/1.18-master-merge 2018-10-24 10:43:37 +01:00
Max Schaefer
f103b1a371 JavaScript: Copy over a test left in internal repo. 
This test seems to have been accidentally committed into the old location in the internal repo.
 2018-10-24 08:40:54 +01:00
Asger F
f9634040b0 TypeScript: add test case with mixed rescanned tokens 
(cherry picked from commit 057af7c865)
 2018-10-19 08:30:03 +01:00
Asger F
39c788f4f1 TypeScript: test case for tokens starting with ">" 
(cherry picked from commit d3a1df644c)
 2018-10-19 08:30:03 +01:00
Asger F
2abe34b2f9 TypeScript: test case for whitespace before a rescanned token 
(cherry picked from commit a199035a05)
 2018-10-19 08:30:03 +01:00
Asger F
cbf06ae74d TypeScript: test case for tokenization of template literals 
(cherry picked from commit 9146cc26bd)
 2018-10-19 08:30:03 +01:00
Asger F
4d7e762629 TS: test case for type expansion through type parameter bound 
(cherry picked from commit 8bc92bd534)
 2018-10-19 08:30:03 +01:00
Max Schaefer
5167d43fbc JavaScript: Refactor AnalyzedPropertyWrite::writes to enable correct modelling of variable exports. 
(cherry picked from commit 080f974663)
 2018-10-19 08:30:03 +01:00
Max Schaefer
2b7d69aaf4 JavaScript: Add support for Google Cloud Spanner. 
(cherry picked from commit cd284b2f97)
 2018-10-19 08:30:03 +01:00
Max Schaefer
5e75a62f5c JavaScript: Add test case for type inference in the presence of non-toplevel imports. 
(cherry picked from commit 8b7bb8cecc)
 2018-10-19 08:30:03 +01:00
Esben Sparre Andreasen
c65bc5cc90 JS: add Util::pluralize, also add tests for Util::capitalize 2018-10-18 11:49:28 +02:00
semmle-qlci
e55eaefded Merge pull request #310 from esben-semmle/js/additional-client-request-data-nodes 
Approved by xiemaisi
 2018-10-16 12:59:22 +01:00
Esben Sparre Andreasen
2881649310 JS: add js/command-line-injection heuristic source: JSON.stringify() 2018-10-16 13:56:06 +02:00
semmle-qlci
e319159a59 Merge pull request #316 from xiemaisi/js/odasa-7355-workaround 
Approved by esben-semmle
 2018-10-16 12:47:58 +01:00
Esben Sparre Andreasen
c7fe96d4bd JS: implement getADataNode for Electron::ClientRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
e7836d74ab JS: implement getADataNode for NodeHttpUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
3c07b4faf1 JS: implement getADataNode for SuperAgentUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
eef0b8c94d JS: implement getADataNode for GotUrlRequest 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
977b287129 JS: implement getADataNode for FetchUrlRequest 2018-10-16 08:51:30 +02:00
Esben Sparre Andreasen
c21a0472d4 JS: implement getADataNode for AxiosUrlRequest 2018-10-16 08:50:56 +02:00
Max Schaefer
080f974663 JavaScript: Refactor AnalyzedPropertyWrite::writes to enable correct modelling of variable exports. 2018-10-12 13:00:52 +01:00
Max Schaefer
cd284b2f97 JavaScript: Add support for Google Cloud Spanner. 2018-10-11 09:30:39 +01:00
Asger F
fd58039753 JS: update additional QL test output 2018-10-09 08:54:14 +01:00
Asger F
030bae9454 JS: Canonicalize ThisNode 2018-10-09 08:53:41 +01:00
Asger F
d2af4ab94a Merge pull request #227 from xiemaisi/js/taint-kinds 
JavaScript: Add support for state-based taint tracking.
 2018-10-08 15:09:12 +01:00
Max Schaefer
5727b2a5f4 JavaScript: Properly handle value-preserving paths. 
When constructing a path through a property write/read pair, we want to make sure that we only use value-preserving steps to track the base object. However, the value flowing in from the right-hand side of the assignment may have a different flow label (such as `taint()`), so we cannot use the normal `append` predicate to construct the composite path.
 2018-10-03 15:49:02 +01:00
Max Schaefer
910d6de47d JavaScript: Add new tests. 2018-10-03 15:49:02 +01:00
Max Schaefer
f4ea8bc82a JavaScript: Introduce flow labels. 2018-10-03 15:49:02 +01:00
Max Schaefer
f3239cbec9 JavaScript: Respect barriers on return edges. 2018-10-03 15:49:01 +01:00
Max Schaefer
8b7bb8cecc JavaScript: Add test case for type inference in the presence of non-toplevel imports. 2018-10-03 13:08:31 +01:00
semmle-qlci
b35f450b01 Merge pull request #162 from asger-semmle/partial-calls 
Approved by esben-semmle, xiemaisi
 2018-10-02 11:24:02 +01:00
Asger F
e4c8653549 JS: Factor RequestHeaderAccess into separate class 2018-09-27 16:28:58 +01:00
Asger F
1b4fc93e9d JS: add HTTP::RequestInputAccess.getAHeaderName() 2018-09-27 10:20:35 +01:00
Asger F
f7775f36a8 JS: Add EmailClients lib 2018-09-27 10:20:35 +01:00
semmle-qlci
c36e7f07be Merge pull request #231 from asger-semmle/express-headers 
Approved by xiemaisi
 2018-09-26 15:40:58 +01:00
semmle-qlci
a93939b827 Merge pull request #230 from esben-semmle/js/ad-hoc-whitelisting 
Approved by xiemaisi
 2018-09-26 14:14:25 +01:00
Asger F
057c3a92b4 JS: update other Express test outputs 2018-09-26 08:36:52 +01:00
Asger F
a47b1dc774 JS: recognize Express header access with dynamic name 2018-09-26 08:22:21 +01:00
Esben Sparre Andreasen
52061b35d8 JS: address review comments: improve regex, limit sanitizer usage 2018-09-26 09:20:07 +02:00
Asger F
e78a4e9f10 JS: update output from other Express tests 2018-09-26 07:58:44 +01:00
Asger F
ce11b5330d JS: recognize Express headers as RequestInputAccess 2018-09-26 07:58:44 +01:00