hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
6382f6d202 renamed "isComputed" to "is_computed" 2020-09-04 11:51:52 +02:00
Erik Krogh Kristensen
2204b1e92d renamed "isArgumentsObject" to "is_arguments_object" 2020-09-04 11:51:51 +02:00
Erik Krogh Kristensen
3fb561d72b renamed "isDelegating" to "is_delegating" 2020-09-04 11:51:50 +02:00
Erik Krogh Kristensen
ba600acd5e renamed "arraySize" to "array_size" 2020-09-04 11:51:50 +02:00
Erik Krogh Kristensen
83b89fa52d renamed "exprContainers" to "expr_containers" 2020-09-04 11:51:49 +02:00
Erik Krogh Kristensen
30ba7d29a1 renamed "enclosingStmt" to "enclosing_stmt" 2020-09-04 11:51:48 +02:00
Erik Krogh Kristensen
99f8887844 renamed "isForAwaitOf" to "is_for_await_of" 2020-09-04 11:51:47 +02:00
Erik Krogh Kristensen
621e702e99 renamed "hasDeclareKeyword" to "has_declare_keyword" 2020-09-04 11:51:46 +02:00
Erik Krogh Kristensen
49b71d515c renamed "isInstantiated" to "is_instantiated" 2020-09-04 11:51:45 +02:00
Erik Krogh Kristensen
76f728aacd renamed "jumpTargets" to "jump_targets" 2020-09-04 11:51:45 +02:00
Erik Krogh Kristensen
059d72858a renamed "stmtContainers" to "stmt_containers" 2020-09-04 11:51:44 +02:00
Erik Krogh Kristensen
07fd747069 renamed "isClosureModule" to "is_closure_module" 2020-09-04 11:51:43 +02:00
Erik Krogh Kristensen
2a2901f6ae renamed "isES2015Module" to "is_es2015_module" 2020-09-04 11:51:42 +02:00
Erik Krogh Kristensen
8782c2b8e0 renamed "isNodejs" to "is_nodejs" 2020-09-04 11:51:41 +02:00
Erik Krogh Kristensen
4fb6d6060c renamed "isModule" to "is_module" 2020-09-04 11:51:40 +02:00
Erik Krogh Kristensen
39ff727ec7 renamed "isExterns" to "is_externs" 2020-09-04 11:51:39 +02:00
Erik Krogh Kristensen
05c38da2cb add section to Aliases.qll for deprecated dbscheme relations 2020-09-04 11:51:38 +02:00
Asger Feldthaus
961554eb6f JS: Autoformat 2020-09-04 10:42:26 +01:00
Erik Krogh Kristensen
fd05156298 clarifying comment on the last jQuery inconsistency 2020-09-04 10:30:42 +02:00
Erik Krogh Kristensen
b18f51806c regain the lost property presence result 2020-09-04 10:30:38 +02:00
Asger F
0704be4d41 Update javascript/ql/src/semmle/javascript/TypeScript.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-04 08:55:31 +01:00
Max Schaefer
252902d245 JavaScript: Restructure API-graph tests. 
With the old test runner we cannot have `VerifyAssertions.qlref`s for each individual test that reference a shared `VerifyAssertions.ql` in the parent directory, since it doesn't like nested tests.

Instead, we have to turn `VerifyAssertions.ql` into `VerifyAssertions.qll`, and each `VerifyAsssertions.qlref` into a `VerifyAssertions.ql` that imports it.

But then that doesn't work with our old directory structure, since the import path would have to contain the invalid identifier `library-tests`. As a workaround, I have moved the API graph tests into a directory without dashes in its path.
 2020-09-04 08:43:15 +01:00
Erik Krogh Kristensen
6fccf5aa70 use isLikelyIntentionalHtmlSink in the sink instead of in the where clause 2020-09-04 09:26:03 +02:00
CodeQL CI
58f51899c9 Merge pull request #4173 from erik-krogh/targetBlankFP 
Approved by esbena
 2020-09-04 08:21:22 +01:00
Max Schaefer
cb433a0c0f JavaScript: Add test for custom API-graph entry points. 2020-09-03 22:28:09 +01:00
Max Schaefer
58702e4c52 JavaScript: Rename EntryPoint.getADef to getARhs. 2020-09-03 22:28:09 +01:00
Max Schaefer
f3173ca968 JavaScript: Add a few unit tests for API graphs. 2020-09-03 22:28:09 +01:00
Max Schaefer
985399f4cf JavaScript: Move ApiGraphs library to semmle.javascript and import it from javascript.qll. 2020-09-03 22:28:09 +01:00
Max Schaefer
aaa70e4ad3 JavaScript: Make API-graph edge labels accessible outside ApiGraphs.qll. 2020-09-03 22:28:09 +01:00
Max Schaefer
7239f1fb6f JavaScript: Distinguish more carefully between def and use nodes in API graphs. 
In particular, we now have two different kinds of module features: module definitions and module uses.

For the most part, `API::Definition`s correspond to right-hand sides in the data-flow graph, and `API::Use`s correspond to references. However, module definitions can have references (via the CommonJS `module` variable), and so can their exports (via `module.exports` or `exports`). Note that this is different from references to uses of the module, which are simply imports.
 2020-09-03 22:28:09 +01:00
CodeQL CI
f180497554 Merge pull request #4192 from max-schaefer/js/ssa__implicitinit 
Approved by asgerf
 2020-09-03 16:46:56 +01:00
Max Schaefer
d8fbf60cbf JavaScript: Weaken a few types to stay under BDD node limit. 
`SourceNode` in cached layers seems particularly problematic.
 2020-09-03 14:29:04 +01:00
Max Schaefer
e77948103f JavaScript: Remove AdditionalFeature from ApiGraphs. 
I ended up not using it for flow summaries, so at this point it is purely speculative generality. We can reintroduce it later if we need to.
 2020-09-03 14:29:04 +01:00
Max Schaefer
924ef6ae5d Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-03 14:04:23 +01:00
Asger Feldthaus
393db73d0a JS: Update test 2020-09-03 14:01:40 +01:00
Asger Feldthaus
bfcc434a61 JS: Use both local and global names in hasQualifiedName 2020-09-03 14:01:13 +01:00
Asger Feldthaus
f7552a77c3 JS: Add metric for number of types with qualified names 2020-09-03 14:01:13 +01:00
Erik Krogh Kristensen
ed54fdcb06 Merge pull request #4118 from dellalibera/js/ldap 
[javascript] CodeQL to detect LDAP Injection
 2020-09-03 14:50:03 +02:00
Erik Krogh Kristensen
d946a61d6e update expected output 2020-09-03 13:32:54 +02:00
Erik Krogh Kristensen
3952553953 adjust comment about inconsistency for XSS in typeahead 2020-09-03 10:50:40 +02:00
Alessio Della Libera
116e7d006d Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-03 10:32:18 +02:00
Alessio Della Libera
bfae0ef5d5 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-03 10:32:08 +02:00
CodeQL CI
2ba84be565 Merge pull request #4185 from erik-krogh/unusedArrDestruct 
Approved by esbena
 2020-09-03 09:18:15 +01:00
Erik Krogh Kristensen
1f9749fbfe revert mailto: change in TargetBlank.ql 2020-09-03 09:39:01 +02:00
Erik Krogh Kristensen
d7a96d685a simplify implementation of getDelimiterMatchingRegexp 2020-09-03 09:37:43 +02:00
Erik Krogh Kristensen
ec21236bba update docstring for isNonLastDestructedArrayElement 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-09-03 08:51:10 +02:00
Erik Krogh Kristensen
fb3148a7a8 autoformat 2020-09-03 08:17:08 +02:00
Max Schaefer
ec3c1f114c JavaScript: Simplify steps through promises. 2020-09-02 21:40:34 +01:00
Max Schaefer
702192c316 JavaScript: Make implicit inits of module and exports source nodes. 
This is instead of making every access to those variables source nodes, and fixes a regression in `DeadStoreOfProperty`.
 2020-09-02 19:52:13 +01:00
Max Schaefer
9840a7ddfb JavaScript: Add utility predicate SSA::implicitInit. 2020-09-02 19:46:59 +01:00