codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Jason Reed	23d37c7167	JS: Unbreak TaintedPath	2019-02-28 15:45:26 -05:00
Jason Reed	baa4f08259	JS: Add new query for ZipSlip (CWE-022)	2019-02-28 15:45:08 -05:00
Asger F	8dfec58428	JS: Update test	2019-02-28 16:49:35 +00:00
Asger F	47b5f34870	JS: shift line numbers in test output	2019-02-28 16:48:47 +00:00
Max Schaefer	2ecabad553	Merge pull request #1004 from asger-semmle/suffix-check-bug JS: Recognize '+' in suffix check	2019-02-28 14:23:26 +00:00
semmle-qlci	edba24129d	Merge pull request #1003 from xiemaisi/js/fix-test Approved by esben-semmle	2019-02-28 12:05:44 +00:00
Asger F	8e8085ea1f	JS: add test	2019-02-28 10:09:36 +00:00
Max Schaefer	c8a37297f3	Merge pull request #997 from asger-semmle/closure-promise JS: model of closure Promises	2019-02-28 10:05:12 +00:00
Max Schaefer	1b5887014b	Merge pull request #988 from asger-semmle/spread-taint-step JS: add taint step through object/array spread operators	2019-02-28 09:58:23 +00:00
Max Schaefer	02dff4e9d9	JavaScript: Update expected test output.	2019-02-28 08:21:06 +00:00
semmle-qlci	6602b4dbda	Merge pull request #992 from xiemaisi/js/socket.io Approved by asger-semmle	2019-02-27 18:43:40 +00:00
Asger F	9497199cbd	JS: add localFieldStep	2019-02-27 14:20:47 +00:00
Asger F	3d400cc57f	JS: basic model of closure Promises	2019-02-27 11:58:51 +00:00
semmle-qlci	999e0c8b95	Merge pull request #947 from asger-semmle/string-ops-concat Approved by xiemaisi	2019-02-27 09:54:46 +00:00
Max Schaefer	cd9ccd4c8d	Merge pull request #983 from asger-semmle/closure-global-ref JS: add closure library in globalObjectRef	2019-02-26 16:55:58 +00:00
Max Schaefer	db5fbe29a3	Merge pull request #941 from esben-semmle/js/vue-support-2 JS: Vue security improvements	2019-02-26 16:49:38 +00:00
Max Schaefer	739705865b	JavaScript: Add basic model of socket.io.	2019-02-26 15:53:29 +00:00
Asger F	29d2d620e4	JS: add taint step through object/array spread operators	2019-02-26 11:43:59 +00:00
semmle-qlci	681ff0f39c	Merge pull request #977 from asger-semmle/extend-test-version Approved by xiemaisi	2019-02-26 09:55:41 +00:00
semmle-qlci	74a4103857	Merge pull request #976 from asger-semmle/closure-import-deep Approved by esben-semmle	2019-02-26 09:34:04 +00:00
semmle-qlci	00d490e84d	Merge pull request #945 from asger-semmle/extensible-module-import Approved by xiemaisi	2019-02-26 09:26:28 +00:00
Max Schaefer	c2a5350bf2	Merge pull request #982 from asger-semmle/closure-string-lib JS: model string functions from closure library	2019-02-26 08:26:14 +00:00
Asger F	93440014a0	JS: only propagate through first argument of truncate()	2019-02-25 17:11:55 +00:00
Asger F	8354909d46	JS: add closure library in globalObjectRef	2019-02-25 16:45:47 +00:00
Asger F	fab0afd755	JS: model string functions from closure library	2019-02-25 16:08:47 +00:00
semmle-qlci	58cc8d0ecc	Merge pull request #936 from xiemaisi/js/revive-electron-support Approved by esben-semmle	2019-02-25 15:23:20 +00:00
Esben Sparre Andreasen	4dc147d506	JS: rename CapturedSource -> LocalObject (files)	2019-02-25 16:09:07 +01:00
Asger F	050626aca0	JS: remove audit alerts from package.json	2019-02-25 15:04:47 +00:00
Esben Sparre Andreasen	66367987af	JS: rename CapturedSource -> LocalObject	2019-02-25 16:04:37 +01:00
Esben Sparre Andreasen	65fb1423b7	JS: format test case (update expected output)	2019-02-25 15:55:44 +01:00
Esben Sparre Andreasen	1150f4c02b	JS: add documentation to test case	2019-02-25 15:52:23 +01:00
Esben Sparre Andreasen	46a1c75549	Merge pull request #973 from xiemaisi/js/remove-package-json JavaScript: Delete an unused `package.json` in a test.	2019-02-25 14:05:22 +01:00
Asger F	7d14429dce	JS: handle deeper access paths in Closure::moduleImport	2019-02-25 12:31:18 +00:00
Asger F	2f6496f6bd	JS: add test with undeclared nested access	2019-02-25 12:27:36 +00:00
Asger F	b31d7d1f5f	JS: add test case	2019-02-25 11:31:09 +00:00
Esben Sparre Andreasen	4ce7ec1661	JS: add XSS vector for Vue's v-html	2019-02-25 12:17:56 +01:00
Esben Sparre Andreasen	da1ffcfd1b	JS: introduce Vue Template Element	2019-02-25 12:17:33 +01:00
Esben Sparre Andreasen	9f4f945975	JS: introduce Vue::InstanceHeapStep	2019-02-25 12:17:33 +01:00
Asger F	614ba92fac	JS: add ClassContainsTwo.expected	2019-02-25 09:51:40 +00:00
semmle-qlci	014d4b9ed0	Merge pull request #934 from asger-semmle/module-import Approved by xiemaisi	2019-02-25 09:46:52 +00:00
Max Schaefer	d4dbe3bfb6	JavaScript: Back out parsing of qualified XML identifiers. Their syntax conflicts with the proposed function-bind operator, which is more important to support.	2019-02-24 21:30:59 +00:00
Max Schaefer	e7c95bae49	JavaScript: Add flow steps modelling Electron IPC.	2019-02-23 21:43:13 +00:00
Max Schaefer	a4e4957f31	JavaScript: Model `webContents` property.	2019-02-23 21:43:13 +00:00
Max Schaefer	ff83e600dc	JavaScript: Track Electron browser objects inter-procedurally.	2019-02-23 21:43:13 +00:00
Max Schaefer	d59c12e6eb	JavaScript: Recognise Electron browser objects based on TypeScript types when available.	2019-02-23 21:43:13 +00:00
Max Schaefer	20d41b85de	JavaScript: Delete an unused `package.json` in a test. While this file is part of the project used in the tutorial, it isn't necessary for the queries to work. It also specifies a dependency on a vulnerable version of Express, causing it to be (spuriously) flagged by security scanners.	2019-02-23 13:59:18 +00:00
Max Schaefer	db9ac72e7a	Merge pull request #957 from esben-semmle/js/another-autobinder-model JS: model one more 'autobind' for js/unbound-event-handler-receiver	2019-02-22 20:58:17 +00:00
Esben Sparre Andreasen	6c1b29e4b6	JS: add missing flowstep for unused parameter field initializers	2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen	6766716867	JS: add PropWrite tests for parameter field initializers	2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen	bdd8691e65	JS: add type inference for the return value of captured method calls	2019-02-21 21:44:28 +01:00

... 39 40 41 42 43 ...

2615 Commits