hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Asger F
70cbecaf1b JS: Update more test outputs 2019-07-02 21:08:13 +01:00
Asger F
52a5bce10d TS: Update test affected by new stringification 2019-07-02 21:01:47 +01:00
Asger F
329ff0db1b JS: Add an use getAPropertySource() 2019-07-02 10:09:06 +01:00
Asger F
5ce08e2c78 JS: Address review comments 2019-07-02 10:09:06 +01:00
Asger F
408fd3e106 JS: Augment call graph using type-tracked class instances 2019-07-02 10:09:06 +01:00
Asger F
779d98a143 JS: Prevent bad join in hasOwnProperty 2019-07-02 10:09:05 +01:00
Max Schaefer
bfb236f56d JavaScript: Add more default source nodes. 
In particular, `await`, `yield` and dynamic `import` expressions are now source nodes, as well as a few other experimental and legacy language features involving non-local flow.
 2019-07-02 08:10:28 +01:00
semmle-qlci
71c86fa69b Merge pull request #1527 from esben-semmle/js/classify-more-generated-and-tests 
Approved by asger-semmle
 2019-07-02 07:38:10 +01:00
semmle-qlci
b0b152aaaa Merge pull request #1529 from xiemaisi/js/getter-summaries 
Approved by asger-semmle
 2019-07-02 06:16:34 +01:00
Max Schaefer
7f95c20345 JavaScript: Add support for tracking flow into receivers of reflective calls. 2019-07-01 17:54:43 +01:00
semmle-qlci
3b126d9c4e Merge pull request #1488 from asger-semmle/call-graph-metric 
Approved by xiemaisi
 2019-07-01 16:09:34 +01:00
Max Schaefer
895055f30e JavaScript: Avoid unhelpful magic. 
The constraint `exists(callback.getParameter(i))` was getting pushed into `higherOrderCall`, which isn't a bad thing to do. However, this then led to a join on `i`, which is a very bad thing to do.
 2019-07-01 15:45:57 +01:00
Max Schaefer
b5b89c0eac JavaScript: Track flow into method receivers. 2019-07-01 15:45:57 +01:00
Esben Sparre Andreasen
062778bdd8 JS: heuristically recognize x.spec.y and x.test.y as test files 2019-07-01 15:49:17 +02:00
Esben Sparre Andreasen
7cab308205 fixup! JS: classify numeric file names as generated 2019-07-01 15:49:03 +02:00
Asger F
ff4d6ece80 JS: Rename metrics to ResolvableCallX 2019-07-01 12:34:48 +01:00
Asger F
16e6dd12d0 JS: Address review comments part 1 2019-07-01 12:30:51 +01:00
Esben Sparre Andreasen
41e568d1f7 JS: classify files with many short variables as minified 2019-07-01 13:25:07 +02:00
Asger F
2ab72c4eef JS: Support line breaks in types 2019-07-01 11:46:30 +01:00
Asger F
625cdb8765 JS: Update test output 2019-07-01 11:29:55 +01:00
Esben Sparre Andreasen
2eb7e4a818 JS: classify x.test.js files with test(...) calls as jest tests 2019-07-01 10:28:10 +02:00
Esben Sparre Andreasen
5ebcef41fa JS: classify numeric file names as generated 2019-07-01 10:25:38 +02:00
Asger F
f5569b8b58 TS: Avoid infinite recursion in stringifyType 2019-06-28 10:53:33 +01:00
Max Schaefer
3c3422e221 JavaScript: Refactor unpromoted-candidate queries to no longer rely on tracked nodes. 2019-06-28 10:25:23 +01:00
Max Schaefer
ff62c56df1 JavaScript: Replace remaining uses of TrackedExpr with type tracking. 2019-06-28 09:21:41 +01:00
Max Schaefer
b3e8103dce JavaScript: Track flow through property getter functions. 2019-06-28 08:51:27 +01:00
Max Schaefer
1c175cbe71 JavaScript: Rename loadStep to basicLoadStep. 2019-06-28 08:51:27 +01:00
Asger F
8f4228b7c3 JS: Ignore RemoteFlowSource case due to bad join ordering 2019-06-27 12:23:07 +01:00
semmle-qlci
44bd540c44 Merge pull request #1495 from asger-semmle/array-taint-step 
Approved by xiemaisi
 2019-06-27 12:16:17 +01:00
semmle-qlci
1a9f3624c2 Merge pull request #1504 from xiemaisi/js/shift-bigint 
Approved by asger-semmle
 2019-06-26 18:30:48 +01:00
Max Schaefer
e35fde322b JavaScript: Teach ShiftOutOfRange about BigInt. 2019-06-26 09:16:34 -07:00
Asger F
102fd11e8d JS: Change to queries of @kind metric 2019-06-25 22:12:11 +01:00
Asger F
57dac1d0d5 JS: Update test output to reflect new edge relation 2019-06-25 16:41:29 +01:00
Asger F
aa4d28028e JS: Add test 2019-06-25 14:15:06 +01:00
Asger F
71100bb68a JS: Do not require predecessor to be a SourceNode 2019-06-25 14:03:57 +01:00
Chris Gavin
bce153648e JavaScript: Update link to the OWASP XSS prevetion cheat sheet. 2019-06-24 23:21:14 +01:00
Asger F
207ed1e14a JS: Add query for measuring call graph quality 2019-06-24 01:01:13 +01:00
Max Schaefer
4370f25b32 JavaScript: Remove dependency of module import on globalVarRef. 2019-06-20 21:08:34 +01:00
Ellen Arteca
99c32f08fb JavaScript: Recognize imports from TypeScript type annotations 2019-06-20 10:45:30 +01:00
Mark Shannon
77030c4dde Merge branch 'rc/1.21' into 'master' 2019-06-13 12:32:45 +01:00
semmle-qlci
8a43fdc806 Merge pull request #1448 from xiemaisi/js/fix-access-paths-perf-regression 
Approved by esben-semmle
 2019-06-13 10:13:27 +01:00
semmle-qlci
bffc3307b5 Merge pull request #1450 from esben-semmle/js/classify-json-js-as-generated 
Approved by xiemaisi
 2019-06-13 09:45:37 +01:00
semmle-qlci
7332446ee1 Merge pull request #1444 from esben-semmle/js/express-node-inheritance 
Approved by xiemaisi
 2019-06-12 21:43:44 +01:00
semmle-qlci
913544600a Merge pull request #1449 from xiemaisi/js/fix-http-response-sink-perf-regression 
Approved by esben-semmle
 2019-06-12 21:36:23 +01:00
Max Schaefer
60964efce5 JavaScript: Avoid bad context pushing in ReflectedXss::HttpResponseSink. 2019-06-12 16:20:35 +01:00
Esben Sparre Andreasen
3f11ae7eaa Merge remote-tracking branch 'rc/1.21' into master 2019-06-12 12:57:55 +02:00
Esben Sparre Andreasen
6e022f66c4 JS: formatting of Express and NodeJSLib.qll 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen
59b7b0757a JS: make Express' res/req extend Node's res/req 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen
29f9103b39 JS: classify single-line JSON files as generated 2019-06-12 09:05:12 +02:00
semmle-qlci
7790ac45bd Merge pull request #1409 from esben-semmle/js/more-command-injection 
Approved by xiemaisi
 2019-06-11 11:59:18 +01:00