hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

2615 Commits

Author SHA1 Message Date
Dave Bartolomeo
55f4839abf Allow mixed whitespace in JavaScript test sources 2018-11-08 11:06:42 -08:00
Esben Sparre Andreasen
bd2fc33621 JS: annotate tests with expectations 2018-11-08 13:23:19 +01:00
Esben Sparre Andreasen
33a297c829 JS: add query: js/useless-assignment-to-property 2018-11-08 13:23:19 +01:00
Asger F
e0d5557ef4 JS: add email HTML body as XSS sink 2018-11-07 11:31:40 +00:00
Max Schaefer
b058854964 JavaScript: Teach type inference about AMD imports. 2018-11-07 09:18:21 +00:00
semmle-qlci
4225e0bb44 Merge pull request #356 from asger-semmle/parameter-node 
Approved by xiemaisi
 2018-11-07 08:31:05 +00:00
semmle-qlci
2457eb98df Merge pull request #166 from asger-semmle/documentable-self-assign 
Approved by esben-semmle, xiemaisi
 2018-11-07 08:30:17 +00:00
semmle-qlci
c20e24d549 Merge pull request #385 from asger-semmle/async-model 
Approved by xiemaisi
 2018-11-07 08:28:37 +00:00
semmle-qlci
282d1e2096 Merge pull request #404 from asger-semmle/useless-conditional2 
Approved by xiemaisi
 2018-11-07 08:28:01 +00:00
Max Schaefer
212a78b5fc Merge pull request #323 from esben-semmle/js/always-return-type-inference 
JS: additional return type inference
 2018-11-07 08:25:28 +00:00
Esben Sparre Andreasen
a07c094437 JS: introduce TypeInferredCalleeWithAnalyzedReturnFlow 2018-11-06 16:04:46 +01:00
Asger F
dcf6218d1d JS: update test expectations 2018-11-06 12:22:05 +00:00
Asger F
b40fa3845f JS: add model of async package 2018-11-06 12:12:43 +00:00
Aditya Sharad
553c2f5d34 Merge master into next. 
As of 2846d80f1c.
 2018-11-06 11:52:51 +00:00
Asger F
87e0027974 JS: address comments 2018-11-06 10:29:04 +00:00
Asger F
56707fc79a JS: recognize more conditionals in useless-conditional 2018-11-06 10:28:05 +00:00
Esben Sparre Andreasen
651f32514b JS: use 'Util::describeExpression' in js/trivial-conditional 2018-11-05 13:00:07 +01:00
Esben Sparre Andreasen
4e54af3b41 JS: introduce 'Util::describeExpression' 2018-11-05 12:58:12 +01:00
Asger F
4f4ad2b942 JavaScript: ignore self-assignments with a JSDoc comment 2018-11-05 11:31:02 +00:00
semmle-qlci
b743ee4179 Merge pull request #314 from esben-semmle/js/json-stringify-as-command-line-injection-source-heuristic 
Approved by xiemaisi
 2018-11-05 07:37:36 +00:00
Esben Sparre Andreasen
8f3497a7bf JS: improve tests for interprocedural type inference 2018-11-01 13:51:38 +01:00
semmle-qlci
08833465a0 Merge pull request #386 from xiemaisi/js/lodash_partial 
Approved by esben-semmle
 2018-11-01 09:44:14 +00:00
semmle-qlci
a22aa3524e Merge pull request #388 from asger-semmle/revert-useless-conditional 
Approved by esben-semmle
 2018-11-01 09:23:19 +00:00
Aditya Sharad
b896899f4c Merge master into next. 
master as of dc3c5a684c
Version numbers resolved in favour of `next`.
C++ expected output file updated to accept test output.
 2018-10-31 10:47:31 +00:00
semmle-qlci
f00863fb58 Merge pull request #383 from esben-semmle/js/unused-eval-variable 
Approved by xiemaisi
 2018-10-31 10:42:55 +00:00
Asger F
2c11844c5b Revert "Merge pull request #380 from asger-semmle/generalize-useless-conditional" 
This reverts commit 28f3b686a7, reversing
changes made to dc3c5a684c.
 2018-10-31 10:38:38 +00:00
Max Schaefer
c75d785684 JavaScript: Fix modelling of _.partial. 
Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array;
cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial.
 2018-10-31 06:31:59 -04:00
Asger F
f07aa5bb2c JS: ensure parameters always have a dataflow node 2018-10-31 10:28:31 +00:00
Asger F
44d10cb74c JS: add test cases 2018-10-30 14:24:33 +00:00
Asger F
7e5e5aea11 JS: use guard nodes instead of synactic isConditional check 2018-10-30 14:22:31 +00:00
Esben Sparre Andreasen
74642b9b81 JS: whitelist js/unused-local-variable near direct eval calls 2018-10-30 13:08:24 +01:00
Esben Sparre Andreasen
ce3b4a6400 JS: add additional js/unused-local-variable tests 2018-10-30 13:07:23 +01:00
semmle-qlci
8b866ade0e Merge pull request #373 from asger-semmle/jsx-factory-import 
Approved by xiemaisi
 2018-10-30 10:35:49 +00:00
semmle-qlci
1509752df6 Merge pull request #345 from esben-semmle/js/intro-getUnderlying 
Approved by xiemaisi
 2018-10-30 10:34:00 +00:00
Esben Sparre Andreasen
90c77134af JS: make use of getUnderlyingValue in js/useless-assignment-to-local 2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen
ec1722c4db JS: add utility SyntacticConstants::isNullOrUndefined 2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen
fbd3a097a2 JS: add misc. tests 2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen
8f635e6493 JS: truncate js/unknown-directive message content 2018-10-26 15:21:16 +02:00
Esben Sparre Andreasen
244d8d5778 JS: introduce truncate utility 2018-10-26 15:20:58 +02:00
Asger F
91943ae2cb JS: support transform-react-jsx plugin 2018-10-26 12:06:56 +01:00
Asger F
d7eb4ef40e JS: test case for transform-react-jsx plugin 2018-10-26 12:06:18 +01:00
Aditya Sharad
56ee5ff99a Merge master into next. 
`master` up to and including cfe0b8803a.
 2018-10-25 15:32:47 +01:00
Max Schaefer
34b33ca04c JavaScript: Recognise rest patterns as lvalues. 2018-10-25 15:31:46 +01:00
Max Schaefer
394d7b7a9b JavaScript: Update expected output of CFG test. 2018-10-25 15:31:46 +01:00
Max Schaefer
d2993b9e04 JavaScript: Model data flow of destructuring assignments more precisely. 2018-10-25 15:31:46 +01:00
Aditya Sharad
292189c1e0 Merge pull request #347 from xiemaisi/rc/1.18-master-merge 
Mergeback rc/1.18 to master
 2018-10-24 16:03:30 +01:00
Max Schaefer
9a856935db Merge remote-tracking branch 'upstream/rc/1.18' into rc/1.18-master-merge 2018-10-24 10:43:37 +01:00
Max Schaefer
f103b1a371 JavaScript: Copy over a test left in internal repo. 
This test seems to have been accidentally committed into the old location in the internal repo.
 2018-10-24 08:40:54 +01:00
Max Schaefer
212edc2e18 Merge pull request #307 from esben-semmle/js/unused-import 
JS: make js/unused-local-variable flag import statements
 2018-10-22 13:13:02 +01:00
Max Schaefer
7702b58794 Merge pull request #305 from asger-semmle/json-taint-kind 
JS: Add flow label for tainted objects and sharpen NosqlInjection
 2018-10-22 11:58:50 +01:00