codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
semmle-qlci	55ceb9be8b	Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers Approved by xiemaisi	2018-08-24 08:37:41 +01:00
Max Schaefer	2187b0c245	Merge pull request #89 from esben-semmle/js/sharpen-type-confusion JS: remove emptiness checks from the type confusion `x.length` sinks	2018-08-23 08:04:09 +01:00
Esben Sparre Andreasen	20b48a2d24	JS: support relational indexof comparison sanitizers	2018-08-22 15:58:47 +02:00
Esben Sparre Andreasen	218c0cb51a	JS: address review comments	2018-08-22 13:54:07 +02:00
Esben Sparre Andreasen	fef257b1ec	JS: remove emptiness checks from the type confusion `x.length` sinks	2018-08-22 13:25:22 +02:00
Asger F	35aa2e6fbb	TypeScript: update test output	2018-08-22 10:18:38 +01:00
Asger F	4eeaf63a3a	TypeScript: update related test output	2018-08-22 10:18:38 +01:00
Asger F	d26aa04642	TypeScript: support optional and rest elements in static tuple type	2018-08-22 10:18:38 +01:00
Asger F	96005d2147	TypeScript: support unknown static type	2018-08-22 10:18:38 +01:00
Asger F	9a9bbac99e	TypeScript: support syntax for unknown types	2018-08-22 10:18:38 +01:00
Asger F	4a9eb0fd3f	TypeScript: Add tests for OptionalTypeExpr and RestTypeExpr	2018-08-22 10:18:38 +01:00
Asger F	241ce10da4	TypeScript: support syntax for rest elements in tuple types	2018-08-22 10:18:38 +01:00
Asger F	204b2a3002	TypeScript: support syntax for optional tuple type elements	2018-08-22 10:18:38 +01:00
semmle-qlci	7e7e30c01c	Merge pull request #73 from esben-semmle/js/cleartext-logging-query Approved by xiemaisi	2018-08-22 08:04:36 +01:00
semmle-qlci	7661a98909	Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference Approved by xiemaisi	2018-08-22 08:02:27 +01:00
Esben Sparre Andreasen	2b9f5c3fa2	JS: remove check for test-environment in js/clear-text-logging	2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen	3636708d30	JS: extract and expose StringConcatenationTaintStep in TaintTracking	2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen	6f5fb2a9fe	JS: update queries and tests for improved type inference	2018-08-21 22:07:38 +02:00
Esben Sparre Andreasen	3692667af2	JS: improve inter-procedural type inference for "local functions"	2018-08-21 22:07:11 +02:00
Esben Sparre Andreasen	eb356d8d0b	Merge branch 'master' into js/format-string-taint-step	2018-08-21 15:47:31 +02:00
semmle-qlci	6969466202	Merge pull request #83 from esben-semmle/js/bitwise-indexof-sanitizer Approved by xiemaisi	2018-08-21 14:17:20 +01:00
semmle-qlci	a01a453045	Merge pull request #78 from xiemaisi/js/remove-old-test Approved by esben-semmle	2018-08-21 09:04:52 +01:00
Esben Sparre Andreasen	bbdf6b0f1d	JS: mark PrintfStyleCall as a taint step	2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen	be8a32bb18	JS: add sanitizer support for `~whitelist.indexOf(x)`	2018-08-20 20:32:57 +02:00
Max Schaefer	46ef208e09	JavaScript: Remove spurious test file.	2018-08-20 15:02:51 +01:00
semmle-qlci	0adeef73ff	Merge pull request #74 from xiemaisi/js/multi-step-export-from Approved by asger-semmle	2018-08-20 12:36:26 +01:00
Max Schaefer	b2e304951e	Merge branch 'master' into ts-typescript2.9	2018-08-20 08:14:58 +01:00
Max Schaefer	a9f1e21363	JavaScript: Fix exported name of default re-exports. A default re-export (not part of the standard yet) looks like this: ``` export f from 'mod'; ``` What this means is that the default export of `mod` is re-exported under the name `f`. Default re-export specifiers (like `f` in this example) are modelled as a kind of default export specifier in our library, but unlike normal default export specifiers they do not export the name `default`. This was previously not modelled correctly, leading to surprising errors down the line, for example in type inference where we suddenly would no longer be able to resolve an import that otherwise looked resolvable.	2018-08-20 08:02:15 +01:00
semmle-qlci	44e4b25f42	Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client Approved by xiemaisi	2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen	0c4fb15651	JS: add query js/cleartext-logging	2018-08-20 08:34:16 +02:00
Esben Sparre Andreasen	804c06bd59	JS: add models of logging frameworks	2018-08-20 08:27:42 +02:00
Robert Marsh	aaeda5dfcc	JavaScript: add the ESLint attack as a test	2018-08-17 10:16:52 -07:00
Robert Marsh	4da9d6d795	JavaScript: add support for Electron http client	2018-08-17 10:16:51 -07:00
Asger F	3806e4b1aa	JavaScript: add tests for "import" types	2018-08-17 14:26:32 +01:00
Esben Sparre Andreasen	a025dafcf5	JS: classify twitter-text library instances	2018-08-15 08:51:31 +02:00
Max Schaefer	886329689f	JavaScript: Teach `globalVarRef` about top-level `this` and the `global` npm package.	2018-08-14 09:15:15 +01:00
Max Schaefer	9de527fbe2	Merge pull request #49 from asger-semmle/array-map-taint JavaScript: add taint steps through Array 'join' and 'map' methods	2018-08-14 08:07:54 +01:00
Max Schaefer	e67f36732a	JavaScript: Update expected test output due to changes in Node.js detector.	2018-08-13 14:08:14 +01:00
Asger F	d9ba5a1cab	JavaScript: add test cases for new array steps	2018-08-13 12:27:12 +01:00
semmle-qlci	c0fe0a1d24	Merge pull request #46 from asger-semmle/html-sanitizers Approved by xiemaisi	2018-08-13 10:16:15 +01:00
semmle-qlci	3d0748c542	Merge pull request #48 from xiemaisi/js/webview-sinks Approved by asger-semmle	2018-08-13 09:37:33 +01:00
Max Schaefer	199990feea	JavaScript: Add `WebView`-related taint sinks for `CodeInjection`, `DomBasedXss` and `ServerSideUrlRedirect`.	2018-08-10 15:59:27 +01:00
Max Schaefer	3ce82aff02	JavaScript: Add basic modelling of React Native `WebView`s.	2018-08-10 15:59:27 +01:00
semmle-qlci	2478c6e150	Merge pull request #43 from xiemaisi/js/odasa-7275 Approved by	2018-08-10 12:52:05 +01:00
Asger Feldthaus	2b5684d1b9	JavaScript: Add library for HTML sanitizers	2018-08-10 12:27:39 +01:00
Asger F	b00938e9b3	Make NodeJSLib use moduleMember for ES6-compatibility	2018-08-09 15:10:21 +01:00
Max Schaefer	e32dc08cd0	Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization JS: change alert location for js/incomplete-object-initialization	2018-08-09 13:58:11 +01:00
Max Schaefer	41da997651	JavaScript: Teach `IncompleteSanitization` to recognize incomplete URL {en,de}coding.	2018-08-09 12:44:16 +01:00
Max Schaefer	badb167962	Merge pull request #35 from esben-semmle/js/classify-application-insight JS: classify the ApplicationInsights library instance	2018-08-09 08:12:12 +01:00
Max Schaefer	0de9eed71c	Merge pull request #32 from asger-semmle/export-import-flow TypeScript: bugfixes for import-assign statement	2018-08-08 16:35:43 +01:00

... 49 50 51 52 53

2615 Commits