hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

2615 Commits

Author SHA1 Message Date
semmle-qlci
dc7863ce29 Merge pull request #2579 from asger-semmle/typescript-trace-resolution 
Approved by max-schaefer
 2020-01-03 12:57:43 +00:00
Asger F
4772798d7b JS: do not resolve arbitrary extensions to JavaScript files 2020-01-03 11:37:51 +00:00
Asger F
c5f73cb868 JS: Add test showing spurious .css import 2020-01-03 10:59:10 +00:00
Asger F
f31d47c66e TS: explain test case 2020-01-03 10:48:15 +00:00
Erik Krogh Kristensen
c22d3d0b3a add test for block-level flow type annotations 2020-01-03 11:07:35 +01:00
semmle-qlci
06d812a6ff Merge pull request #2556 from erik-krogh/RegexpVoidCxt 
Approved by max-schaefer
 2020-01-03 08:38:56 +00:00
Asger F
202746e92d TS: Guard getTypeAtLocation with try/catch 2020-01-02 16:31:23 +00:00
Asger F
0388e9ca0c TS: Add regression test 2020-01-02 16:28:49 +00:00
Asger F
2ca0e7d232 TS: Disable output from tracing 2020-01-02 15:38:10 +00:00
Asger F
8f478f7caf TS: Add test with traceResolution: true 2020-01-02 15:04:30 +00:00
Max Schaefer
8d1ad5c5f3 JavaScript: Alert suppression through single-line /* */ style comments. 2020-01-02 10:45:20 +00:00
semmle-qlci
f921cf7d01 Merge pull request #2512 from erik-krogh/moarExceptions 
Approved by esbena, max-schaefer
 2019-12-20 20:31:50 +00:00
Erik Krogh Kristensen
15d74b7d03 remove FP from js/regexpinjection where no regexp was constructed 2019-12-19 10:47:03 +01:00
Erik Krogh Kristensen
4fdfa51e44 add support for import.meta expressions in JavaScript 2019-12-18 10:45:54 +01:00
Erik Krogh Kristensen
bf56797ad7 update expected output of tests 2019-12-17 16:27:55 +01:00
Erik Krogh Kristensen
7c931452d9 autoformat 2019-12-16 13:45:42 +01:00
Erik Krogh Kristensen
904976c7ac update tests after removing control-flow checks from error-callbacks 2019-12-16 08:30:21 +01:00
Erik Krogh Kristensen
e164f46330 changes based on review feedback 2019-12-13 11:44:31 +01:00
Erik Krogh Kristensen
f35dc5d274 Merge remote-tracking branch 'upstream/master' into moarExceptions 2019-12-12 16:13:52 +01:00
Asger F
a30f991b5e JS: Add query for missing await 2019-12-12 15:11:25 +00:00
Erik Krogh Kristensen
08d0cb795b revert the introduction of getEnclosingCall 2019-12-12 15:14:02 +01:00
semmle-qlci
cb8e5fa3fc Merge pull request #2411 from asger-semmle/regexp-sanitizer-guards 
Approved by esbena, max-schaefer
 2019-12-11 12:00:21 +00:00
Erik Krogh Kristensen
62512dd3e9 expand the js/exception-xss to handle more types of exceptional flow 2019-12-11 10:43:50 +01:00
Erik Krogh Kristensen
59bafab6c3 update test to not use private class 2019-12-10 10:39:01 +01:00
Erik Krogh Kristensen
72cf14989a update expected output of test 2019-12-10 10:33:37 +01:00
Erik Krogh Kristensen
110302678c add model for EventEmitter in NodeJS, and base the Electron::IPC model on top of the new EventEmitter model 2019-12-09 14:27:35 +01:00
Henning Makholm
66b3c7cf07 JS tests: add queries.xml 
The `queries.xml` file defines which extractor the `codeql test` runner will use
to extract databases for the tests. In the future one will be able to write this
information in `qlpack.yml`, but we can't do that immediately because the
_existing_ CodeQL tooling would refuse to parse a `qlpack.yml` that has the new
field in it.

Adding a queries.xml file means that the normalization of file names in the test
output changes even with the old QLTest, so there are a number of consequential
updates of expected output files.
 2019-12-07 02:38:02 +01:00
Asger F
2acd616e6f JS: Review comments 2019-12-06 11:53:06 +00:00
Asger F
bbb6dad726 JS: Update koa testcase 2019-12-06 11:49:59 +00:00
Asger F
b407de01f8 JS: Update TaintBarriers test 2019-12-06 11:49:59 +00:00
Asger F
a6e75259d6 JS: More fine-grained regexp-based sanitizer guards 2019-12-06 11:49:59 +00:00
semmle-qlci
cfcd18b411 Merge pull request #2429 from erik-krogh/typeAheadSink 
Approved by esbena
 2019-12-03 08:07:25 +00:00
Asger F
f162749044 Merge pull request #2418 from max-schaefer/js/file-locatable 
JavaScript: Make `File` not extend `Locatable` anymore.
 2019-12-02 16:15:14 +00:00
Max Schaefer
ec2ba735de JavaScript: Update Dependencies library to not rely on Files being Locatable. 
Previously, we would consider an HTML file to be a dependent of all scripts embedded in it. Now we instead consider each JavaScript toplevel inside the HTML file to be a dependent, which is more sensible anyway.
 2019-12-02 12:40:49 +00:00
Erik Krogh Kristensen
ea9d6189de update expected test outpu 2019-12-02 12:52:39 +01:00
Erik Krogh Kristensen
c6c1ebe81a Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-12-02 08:41:49 +01:00
Max Schaefer
f958916c76 Merge pull request #2330 from erik-krogh/exceptionXss 
JS: Added query for detecting XSS that happens through an exception
 2019-11-29 09:04:45 +00:00
semmle-qlci
73e08eba43 Merge pull request #2468 from max-schaefer/js/regexp-predecessor 
Approved by asgerf
 2019-11-28 16:57:31 +00:00
Max Schaefer
a788bf87a0 JavaScript: Fix RegExpTerm.getPredecessor and getSuccessor. 
These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching).

However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order.

Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.
 2019-11-28 15:14:50 +00:00
Erik Krogh Kristensen
d212394058 update expected output 2019-11-27 15:21:47 +01:00
Erik Krogh Kristensen
34e44e89fd Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-27 15:19:06 +01:00
Erik Krogh Kristensen
9351cd44e4 Merge remote-tracking branch 'githubsemmle/master' into HEAD 2019-11-27 13:45:59 +01:00
semmle-qlci
a2827e9503 Merge pull request #2362 from erik-krogh/promiseAll 
Approved by max-schaefer
 2019-11-27 12:35:04 +00:00
Erik Krogh Kristensen
4f75986274 update test to not use private classes 2019-11-27 12:59:10 +01:00
semmle-qlci
4916bed9cd Merge pull request #2433 from asger-semmle/import-js-file 
Approved by max-schaefer
 2019-11-27 10:55:59 +00:00
semmle-qlci
9ca4f6aecb Merge pull request #2392 from asger-semmle/window-name-flow 
Approved by max-schaefer
 2019-11-27 10:55:26 +00:00
semmle-qlci
793988afe4 Merge pull request #2344 from asger-semmle/element-pattern-prop-read 
Approved by max-schaefer
 2019-11-27 10:54:46 +00:00
Erik Krogh Kristensen
967ecbad24 Merge remote-tracking branch 'upstream/master' into promiseAll 2019-11-27 11:28:37 +01:00
Erik Krogh Kristensen
42fbcbf007 update expected test output 2019-11-27 11:14:04 +01:00
Asger F
605c8834c6 JS: Avoid redundant window.name sources 2019-11-27 06:15:12 +00:00