hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
8fac3a1403 add IsEmptyGuard to TaintTracking 2020-05-26 00:09:08 +02:00
Jonas Jensen
6fc9e1d84c C++/JavaScript: Improve CodeDuplication.qll QLDoc 
I took most of the docs from the corresponding predicates in
JavaScript's `CodeDuplication.qll`. Where JavaScript had a corresponding
predicate but didn't have QLDoc, I added new QLDoc to both.
 2020-05-25 18:59:48 +02:00
Max Schaefer
573fdaa424 JavaScript: Track require through local data flow. 2020-05-24 20:00:10 +01:00
semmle-qlci
b9ecf1a304 Merge pull request #3447 from erik-krogh/LibCmdInjection 
Approved by asgerf, mchammer01
 2020-05-22 17:10:57 +01:00
Esben Sparre Andreasen
e172d55ecb Update javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.js 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-22 13:33:34 +02:00
Asger Feldthaus
823ed3bbdf JS: Wrap node --version call in retry loop 2020-05-22 10:40:16 +01:00
Asger Feldthaus
6f0356b229 Revert "JS: Remove timeout for node --version check" 
This reverts commit ec7c9489dc.
 2020-05-22 10:40:07 +01:00
Asger Feldthaus
75be3b7ecb JS: Add test case for missed captured flow 2020-05-21 16:14:13 +01:00
Erik Krogh Kristensen
b297837969 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-05-21 14:32:02 +02:00
Esben Sparre Andreasen
b31f83a5af JS: fixup expected output 2020-05-21 13:47:16 +02:00
Esben Sparre Andreasen
e588e59f9b JS: fixup 2020-05-21 13:42:28 +02:00
Esben Sparre Andreasen
c400b45cd6 JS: make the Fastify model support isUserControlledObject 2020-05-21 13:42:28 +02:00
Esben Sparre Andreasen
894033df8a JS: de-boilerplate the fastify model: address expr/dataflow comments 2020-05-21 13:42:28 +02:00
Esben Sparre Andreasen
74fc33e2a8 JS: make the qldoc check happy 2020-05-21 13:42:27 +02:00
Esben Sparre Andreasen
a76c70d2d7 JS: model fastify 2020-05-21 13:42:27 +02:00
Asger Feldthaus
ec7c9489dc JS: Remove timeout for node --version check 2020-05-20 17:12:24 +01:00
semmle-qlci
8df7b7c42a Merge pull request #3525 from erik-krogh/ZipTaint 
Approved by asgerf
 2020-05-20 16:45:02 +01:00
Erik Krogh Kristensen
a23cde1354 autoformat 2020-05-20 15:36:46 +02:00
Erik Krogh Kristensen
5a3eec87c0 rename isTaintedPathStep to isPosixPathStep 2020-05-20 13:44:14 +02:00
Erik Krogh Kristensen
97c199e10d update docstring 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-20 13:40:12 +02:00
semmle-qlci
c15d22d9f8 Merge pull request #3516 from asger-semmle/js/typescript-3.9.2 
Approved by erik-krogh
 2020-05-20 11:31:57 +01:00
semmle-qlci
2bbc1c2af0 Merge pull request #3478 from erik-krogh/PromiseAll 
Approved by asgerf, esbena
 2020-05-20 11:03:05 +01:00
semmle-qlci
29b8a0db92 Merge pull request #3508 from asger-semmle/js/shared-data-flow-node 
Approved by esbena
 2020-05-20 10:58:09 +01:00
Erik Krogh Kristensen
33e0f25f3c use NodeJSLib::Path instead of DataFlow::moduleMember 2020-05-20 10:30:23 +02:00
Erik Krogh Kristensen
7c51dff0f7 share implementation between TaintedPath and ZipSlip 2020-05-20 10:10:04 +02:00
Erik Krogh Kristensen
5b569a4d6d add a sanitizer for chained replace-calls 2020-05-19 19:16:58 +02:00
Asger Feldthaus
9d006327df JS: Update qldoc for ValueNode 2020-05-19 15:57:07 +01:00
semmle-qlci
26dfca80f6 Merge pull request #3510 from max-schaefer/cull-boring-queries 
Approved by asgerf, esbena
 2020-05-19 15:41:53 +01:00
Asger Feldthaus
b39e0ec091 JS: Update output due to whitelisting change 2020-05-19 15:30:36 +01:00
Max Schaefer
a803120414 Lower precision for a number of queries. 
These queries are currently run by default, but don't have their results displayed.

Looking through results on LGTM.com, they are either false positives (e.g., `BitwiseSignCheck` which flags many perfectly harmless operations and `CompareIdenticalValues` which mostly flags NaN checks) or harmless results that developers are unlikely to care about (e.g., `EmptyArrayInit` or `MisspelledIdentifier`).

With this PR, the only queries that are still run but not displayed are security queries, where different considerations may apply.
 2020-05-19 13:43:17 +01:00
Erik Krogh Kristensen
b71919299b Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-19 14:03:03 +02:00
Esben Sparre Andreasen
76bce40a8b JS: test fixups 2020-05-19 13:12:34 +02:00
Asger F
875c3706e3 Update javascript/ql/src/semmle/javascript/CFG.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-19 12:08:51 +01:00
Asger Feldthaus
3f30564d93 JS: Autoformat 2020-05-19 12:05:32 +01:00
Asger Feldthaus
525b9871e0 JS: Update benign test output changes 2020-05-19 11:07:08 +01:00
Asger Feldthaus
b5b93f33bc JS: Bump to TypeScript 3.9.2 2020-05-19 11:07:08 +01:00
Erik Krogh Kristensen
0275ea955b update expected output 2020-05-19 10:29:07 +02:00
Erik Krogh Kristensen
a4450c36f6 autoformat 2020-05-19 10:26:36 +02:00
Erik Krogh Kristensen
5a5192b890 add testing for complex path sanitizer in ZipSlip 2020-05-19 10:17:15 +02:00
semmle-qlci
0c081a8e87 Merge pull request #3497 from esbena/js/yield-and-local-objects 
Approved by asgerf, erik-krogh
 2020-05-19 09:02:22 +01:00
semmle-qlci
0d762066f5 Merge pull request #3504 from erik-krogh/unique 
Approved by esbena
 2020-05-19 08:35:08 +01:00
Asger Feldthaus
91b9e95010 JS: Fix join ordering in analysis of add expressions 2020-05-18 22:45:59 +01:00
Asger Feldthaus
6a37e4b7a3 JS: Cache clobberedProp 2020-05-18 22:45:59 +01:00
Asger Feldthaus
5213c511b9 JS: Improve perf of GlobalVarUse.isIncomplete 2020-05-18 22:45:59 +01:00
Asger Feldthaus
7d9923038e JS: Fix perf issue from overriding isIncomplete 2020-05-18 22:45:59 +01:00
Asger Feldthaus
e58683769d JS: Fix bad join order in exploratoryBoundInvokeStep 2020-05-18 22:45:59 +01:00
Asger Feldthaus
9581bb52cb JS: Update test output 2020-05-18 22:45:59 +01:00
Asger Feldthaus
430bf2da8a JS: Fix whitelisting in UselessConditional 2020-05-18 22:45:56 +01:00
Asger Feldthaus
1d994b017f JS: Update type inference 2020-05-18 22:42:12 +01:00
Asger Feldthaus
d5d08da545 JS: Update getEnclosingExpr 2020-05-18 22:42:12 +01:00