hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
2d3e42e6d6 update qhelp for xss-through-dom 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-20 11:50:46 +02:00
Erik Krogh Kristensen
c713ba7bfe fix typo 2020-04-20 10:51:42 +02:00
Asger Feldthaus
bb9fea5a27 JS: Refactor isAmbient computation 2020-04-19 22:45:19 +01:00
Erik Krogh Kristensen
2632699397 Merge branch 'master' of git.semmle.com:Semmle/ql into Mispelled 2020-04-18 17:58:57 +02:00
Erik Krogh Kristensen
4a93b91d59 make maybePromisified private 2020-04-17 11:47:03 +02:00
Erik Krogh Kristensen
4f32157a78 rename func to callback 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-17 11:36:48 +02:00
Erik Krogh Kristensen
427c32f211 report a local variable as the misspelling if there any many occourances of the global 2020-04-17 11:25:23 +02:00
Erik Krogh Kristensen
1b80f46f30 add QHelp for js/xss-through-dom query 2020-04-17 10:54:21 +02:00
Erik Krogh Kristensen
14b551f887 Xss through DOM 2020-04-17 10:54:14 +02:00
Erik Krogh Kristensen
55edfed1ee support jQuery().get() returning a DOM node 2020-04-17 10:32:53 +02:00
Erik Krogh Kristensen
dd9aec056c handle basic dynamic method dispatch for jQuery methods 2020-04-17 10:32:52 +02:00
Erik Krogh Kristensen
eca98b42d2 basic support for util.promisify for NodeJSFileSystemAccess 2020-04-17 09:54:37 +02:00
Erik Krogh Kristensen
ea0f6a367d refactor into maybePromisified predicate 2020-04-17 09:50:08 +02:00
Erik Krogh Kristensen
69a16af152 Merge branch 'master' into Maps 2020-04-15 20:41:22 +02:00
Erik Krogh Kristensen
fd51142200 change succ in storeStep to be a SourceNode 2020-04-15 20:40:58 +02:00
Erik Krogh Kristensen
e8dc77d508 add support for util.promisify with child_process calls 2020-04-15 19:16:30 +02:00
semmle-qlci
bfd80b42a7 Merge pull request #3260 from asger-semmle/js/location-tweaks 
Approved by erik-krogh
 2020-04-15 10:47:35 +01:00
Asger F
34d40b5035 Merge pull request #3237 from asger-semmle/js/sparse-capture 
JS: Add CapturedVariableNode to avoid N^2 edges
 2020-04-15 10:42:48 +01:00
Asger Feldthaus
679259944f JS: Address review comments 2020-04-15 10:27:32 +01:00
Asger Feldthaus
1107e7c6a6 JS: Rename other uses of getURL 2020-04-14 19:45:09 +01:00
Asger Feldthaus
6668a7a546 JS: Add backwards-compatible predicates to SocketIO 2020-04-14 15:57:19 +01:00
Asger F
c178eecd43 Update javascript/ql/src/semmle/javascript/Variables.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-14 14:40:21 +01:00
Asger Feldthaus
3515a2b412 JS: Update test output 2020-04-14 10:31:31 +01:00
Asger Feldthaus
88667206fc JS: Remove default hasLocationInfo case 2020-04-14 10:03:10 +01:00
Asger Feldthaus
5da968e34c JS: Specialize ASTNode.getFile 2020-04-14 10:03:10 +01:00
Asger Feldthaus
244a304e1d JS: Implement getFile() directly instead of via locations 2020-04-14 10:03:10 +01:00
Asger Feldthaus
dc084628cc JS: Avoid the special name getURL 2020-04-14 10:03:09 +01:00
Erik Krogh Kristensen
6827b84bdc change docstring to inline comment, and refer directly to array class 2020-04-14 10:32:16 +02:00
Erik Krogh Kristensen
e47575ce5b more precise getChild for matching "../" 2020-04-14 10:24:08 +02:00
Pavel Avgustinov
6737e99d65 Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
Asger Feldthaus
c070416fbe JS: Update test output 2020-04-09 12:24:11 +01:00
Asger Feldthaus
25d5cc78cb JS: Use entry location instead of whole container 2020-04-09 09:18:26 +01:00
Asger Feldthaus
d9f81b082b JS: Autoformat 2020-04-09 07:45:00 +01:00
Asger Feldthaus
47934310ef JS: Hide captured nodes in path explanations 2020-04-08 19:58:36 +01:00
semmle-qlci
404f7225a1 Merge pull request #3196 from asger-semmle/js/unnecessary-source-node-range 
Approved by esbena
 2020-04-08 18:44:02 +01:00
Asger Feldthaus
5ab595da2e JS: Autoformat 2020-04-08 12:40:00 +01:00
Asger Feldthaus
4ca3ac5ee9 JS: Add another warning 2020-04-08 10:30:45 +01:00
Asger F
4acb9da2cf Update javascript/ql/src/semmle/javascript/frameworks/LazyCache.qll 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-08 10:30:21 +01:00
Asger Feldthaus
171b131eb1 JS: Add test for SourceNode not depending on flowsTo 2020-04-08 10:23:47 +01:00
Asger Feldthaus
1f496d3c6b JS: Add CapturedVariableNode 2020-04-07 19:02:46 +01:00
Henning Makholm
d1ff3211ef Add extractor fields to test qlpack.yml files. 2020-04-06 19:21:41 +02:00
Henning Makholm
bf579dedd4 Add extractor field in base language QL packs 2020-04-06 18:48:01 +02:00
Asger Feldthaus
7da0345c6a JS: Autoformat 2020-04-06 12:30:04 +01:00
Asger Feldthaus
2c6beadf68 JS: Recognize more forms of scheme checks 2020-04-06 12:30:03 +01:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
semmle-qlci
a8098a2b2d Merge pull request #3197 from erik-krogh/NormalPathSanitizer 
Approved by asgerf
 2020-04-03 16:33:18 +01:00
Erik Krogh Kristensen
9c2053168b writing out the truth table for DotDotSlashPrefixRemovingReplace 2020-04-03 15:46:47 +02:00
semmle-qlci
676da02118 Merge pull request #3192 from asger-semmle/js/missing-await-not-delete 
Approved by esbena
 2020-04-03 13:21:48 +01:00
Erik Krogh Kristensen
94751c1b31 dst can be relative for "../" replace call 2020-04-03 11:08:31 +02:00
semmle-qlci
dc774e0eac Merge pull request #3166 from erik-krogh/DeadLocal 
Approved by asgerf
 2020-04-03 09:36:20 +01:00