hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Asger Feldthaus
12cc228946 JS: Update getFallbackTypeAnnotation 2020-05-18 22:42:12 +01:00
Asger Feldthaus
b06cd6db30 JS: Update Node.isIncomplete 2020-05-18 22:42:12 +01:00
Asger Feldthaus
5568f0e182 JS: Pass local arguments to parameter value node, not SSA node 2020-05-18 22:34:42 +01:00
Asger Feldthaus
dc2d6a5fd9 JS: Make ValueNode the ParameterNode with a step to the SSA node 2020-05-18 22:34:42 +01:00
Asger Feldthaus
37ddccfa15 JS: Merge DestructuringPatternNode into ValueNode 2020-05-18 22:29:33 +01:00
Asger Feldthaus
b3161b1c41 JS: Factor TNode into a separate file 2020-05-18 22:29:33 +01:00
Asger Feldthaus
d9123833af JS: Avoid misoptimization in mayReturnImplicitValue 2020-05-18 22:29:33 +01:00
Asger Feldthaus
eddbdffe62 JS: Add more tests for implicit returns 2020-05-18 22:29:33 +01:00
Asger Feldthaus
6a63f5b677 JS: Avoid bad join order in ImplicitProcessImport 2020-05-18 22:29:32 +01:00
Asger Feldthaus
c869812563 JS: Add UselessConditional test 2020-05-18 22:29:32 +01:00
Erik Krogh Kristensen
aa396a39d3 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 20:57:51 +00:00
Erik Krogh Kristensen
fc7e9eb8c8 add test for non-tracked aliasing 2020-05-18 22:40:41 +02:00
Erik Krogh Kristensen
b8ba31aaa0 autoformat 2020-05-18 21:06:19 +02:00
Erik Krogh Kristensen
0758413cc7 revert change to import 2020-05-18 21:06:19 +02:00
Erik Krogh Kristensen
742abf8751 refactor package export into a library, and add tests for the library 2020-05-18 21:06:14 +02:00
Erik Krogh Kristensen
d7b852f408 use count aggregate to count 2020-05-18 21:03:26 +02:00
Erik Krogh Kristensen
202b8a56b7 apply the unique aggregate where trivially applicable 2020-05-18 20:37:38 +02:00
Asger F
96d6115452 Merge branch 'master' into js/sql-type-tracking 2020-05-18 15:58:42 +01:00
Erik Krogh Kristensen
70a28f60e3 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 14:05:37 +00:00
Asger F
a9983fdb49 Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 13:23:22 +01:00
Max Schaefer
6797fec1a3 JavaScript: Add more models of packages that execute commands over SSH. 2020-05-18 12:08:14 +01:00
Esben Sparre Andreasen
a9ba6ac659 JS: make LocalObjects::isEscape aware of yield 2020-05-18 12:43:46 +02:00
Erik Krogh Kristensen
0f82370f4e rename getHighLight() -> getAlertLocation() 2020-05-18 12:28:28 +02:00
Erik Krogh Kristensen
2b1724291b adjust qhelp to focus on user-controlled data 2020-05-18 12:27:20 +02:00
Erik Krogh Kristensen
d18808698a adjust qhelp to focus on the execFile API 2020-05-18 12:22:46 +02:00
Esben Sparre Andreasen
aa87008775 JS: typo fixups 2020-05-18 12:19:46 +02:00
Erik Krogh Kristensen
9c294513c7 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-18 12:18:20 +02:00
semmle-qlci
14664be467 Merge pull request #3468 from p0/imp/nodejs-vm-sinks 
Approved by esbena
 2020-05-18 11:10:13 +01:00
Esben Sparre Andreasen
b3691cd0e9 JS: change MembershipTest to MembershipCandidate 2020-05-18 11:51:00 +02:00
Erik Krogh Kristensen
c6276ddd1c update expected output after restricting precise array tracking to Promise.all 2020-05-18 11:49:07 +02:00
Asger Feldthaus
a18e0b37cf JS: simplify sequelize model 2020-05-18 09:34:17 +01:00
Asger F
f52c827966 Apply suggestions from code review 
Base type of EscapingSanitizer

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 09:31:09 +01:00
Asger F
ffb22c061a Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 09:28:22 +01:00
Erik Krogh Kristensen
bd3c4d4077 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 07:51:19 +00:00
Esben Sparre Andreasen
ddb545c182 JS: introduce MembershipTests.qll and use in two locations 2020-05-18 09:50:00 +02:00
semmle-qlci
6041d52936 Merge pull request #3424 from asger-semmle/js/express-param-handler 
Approved by esbena
 2020-05-18 08:48:24 +01:00
semmle-qlci
135eae9895 Merge pull request #3483 from esbena/js/fix-qhelp-FNs 
Approved by asgerf
 2020-05-18 08:47:05 +01:00
semmle-qlci
0230b79efc Merge pull request #3391 from erik-krogh/SplitFPs 
Approved by esbena
 2020-05-18 08:46:26 +01:00
Erik Krogh Kristensen
8717f7bd0d restrict precise array elements to Promise.all() 2020-05-17 15:58:59 +02:00
Erik Krogh Kristensen
2d6e3a5784 support outdir in tsconfig.json 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
c8cf958c8a add test cases for js/shell-command-constructed-from-input 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
59001bbdf4 add qhelp for js/shell-command-constructed-from-input 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
5e647da0de add js/shell-command-constructed-from-input query 2020-05-17 10:32:15 +02:00
Erik Krogh Kristensen
a1a6826278 support non-SourceNode in IndirectCommandArgument#argumentList 2020-05-16 23:15:37 +02:00
Erik Krogh Kristensen
a6cd91bb49 add support for mz/fs and mz/child_process 2020-05-16 23:15:33 +02:00
Erik Krogh Kristensen
bb8905b46e add "valid" to the AdHocWhitelistCheckSanitizer 2020-05-16 22:43:36 +02:00
semmle-qlci
8d41ce1630 Merge pull request #3480 from erik-krogh/moreSlip 
Approved by esbena
 2020-05-16 21:17:27 +01:00
Asger Feldthaus
897a3e39c9 JS: Autoformat 2020-05-16 09:37:16 +01:00
Asger Feldthaus
0171c9e10c JS: Autoformat 2020-05-16 09:25:18 +01:00
Asger Feldthaus
d279845a43 JS: Minor fixes 2020-05-16 09:24:53 +01:00