hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
semmle-qlci
8a43fdc806 Merge pull request #1448 from xiemaisi/js/fix-access-paths-perf-regression 
Approved by esben-semmle
 2019-06-13 10:13:27 +01:00
semmle-qlci
bffc3307b5 Merge pull request #1450 from esben-semmle/js/classify-json-js-as-generated 
Approved by xiemaisi
 2019-06-13 09:45:37 +01:00
semmle-qlci
7332446ee1 Merge pull request #1444 from esben-semmle/js/express-node-inheritance 
Approved by xiemaisi
 2019-06-12 21:43:44 +01:00
semmle-qlci
913544600a Merge pull request #1449 from xiemaisi/js/fix-http-response-sink-perf-regression 
Approved by esben-semmle
 2019-06-12 21:36:23 +01:00
Max Schaefer
60964efce5 JavaScript: Avoid bad context pushing in ReflectedXss::HttpResponseSink. 2019-06-12 16:20:35 +01:00
Esben Sparre Andreasen
3f11ae7eaa Merge remote-tracking branch 'rc/1.21' into master 2019-06-12 12:57:55 +02:00
Esben Sparre Andreasen
6e022f66c4 JS: formatting of Express and NodeJSLib.qll 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen
59b7b0757a JS: make Express' res/req extend Node's res/req 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen
29f9103b39 JS: classify single-line JSON files as generated 2019-06-12 09:05:12 +02:00
semmle-qlci
7790ac45bd Merge pull request #1409 from esben-semmle/js/more-command-injection 
Approved by xiemaisi
 2019-06-11 11:59:18 +01:00
Max Schaefer
70cf32c889 JavaScript: Add a few more tests. 2019-06-11 08:44:14 +01:00
Esben Sparre Andreasen
299d4c6e93 JS: add additional SystemCommandExecutors 2019-06-11 09:38:10 +02:00
Max Schaefer
b32a037ff2 JavaScript: Refactor a few access path computation predicates. 2019-06-10 11:15:52 +01:00
Max Schaefer
398ee0c133 JavaScript: Add tests for data-flow tutorial. 2019-06-07 14:33:26 +01:00
Max Schaefer
16c33b54b6 JavaScript: Recognise references to the process global. 2019-06-06 11:48:18 +01:00
Max Schaefer
d233cea79d JavaScript: Lower precision of PasswordInConfigurationFile. 
In spite of recent improvements, this query is still too noisy to show
by default.
 2019-06-05 08:09:19 +01:00
Max Schaefer
d723ab76d8 JavaScript: Fix getDelimiterMatchingRegexp to work on multi-line strings. 2019-06-05 08:09:19 +01:00
Max Schaefer
a4876270ec JavaScript: Tweak PasswordInConfigurationFile alerts. 
Only highlight first line, and include the password in the alert
message.
 2019-06-05 08:09:19 +01:00
Max Schaefer
c09b859aa7 JavaScript: Add three missing @metricType annotations. 2019-06-04 17:17:14 +01:00
semmle-qlci
1fa975b4c9 Merge pull request #1393 from xiemaisi/js/concretify 
Approved by esben-semmle
 2019-06-04 11:34:47 +01:00
semmle-qlci
80ff63a3bb Merge pull request #1387 from esben-semmle/js/unanchored-url-regex 
Approved by mc-semmle, xiemaisi
 2019-06-03 17:27:08 +01:00
Esben Sparre Andreasen
04868e5b97 JS: format qhelp examples 2019-06-03 17:05:19 +02:00
Esben Sparre Andreasen
9e0a97e82f JS: address qhelp review comments 2019-06-03 16:39:39 +02:00
Esben Sparre Andreasen
bf51c54338 JS: add RegExpPatternSource::getAParse to hide the subclasses 2019-06-03 14:23:22 +02:00
Esben Sparre Andreasen
7b652214c5 JS: address docstring comments 2019-06-03 13:59:39 +02:00
Max Schaefer
d8a101df6d JavaScript: Shrink Configurations.qll some more. 2019-06-03 10:32:25 +01:00
Esben Sparre Andreasen
14644270ac JS: fix comment typo 2019-06-03 08:32:35 +02:00
Esben Sparre Andreasen
7018a38691 JS: improve tests and regexp for js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
3289c629f7 JS: address minor review comments 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
0fa73b8331 JS: add query js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
69db54a03a JS: add anchors to js/incomplete-hostname-regexp examples 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
3358e49698 JS: refactor the predicate RegExp::regexp to three classes. 
This preserves the ad hoc message formatting in IncompleteHostnameRegExp.ql
 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
98ae2597bb JS: refactor IncompleteHostnameRegExp::regexp to RegExp.qll 2019-06-03 08:27:49 +02:00
Max Schaefer
c560096b17 JavaScript: Make Script and CodeInAttribute concrete. 2019-05-31 12:04:14 +01:00
Max Schaefer
74688bb600 Merge pull request #1341 from esben-semmle/js/sync-suites 
JS: Add queries to the manual suite for LGTM constistency
 2019-05-31 08:18:08 +01:00
Max Schaefer
3097037a6f Merge pull request #1290 from esben-semmle/js/semver-lib 
JS: add SemVer library
 2019-05-31 08:09:24 +01:00
semmle-qlci
0fa06e5c8d Merge pull request #1180 from asger-semmle/tainted-path-squashed 
Approved by xiemaisi
 2019-05-30 17:20:19 +01:00
Max Schaefer
3c8aea26da JavaScript: Update expected test output. 2019-05-30 15:05:43 +01:00
Max Schaefer
5ac408d641 JavaScript: Remove a few more configurations from AllConfigurations.qll. 
This works around BDD node exhaustion we get due to the complex type
hierarchy caused by importing many configurations at once. I've also
renamed the library accordingly.
 2019-05-30 13:13:16 +01:00
Asger F
72c0925967 TS: Bump to TypeScript 3.5.1 2019-05-30 11:40:25 +01:00
Max Schaefer
38a38ab780 JavaScript: Make autobuilder fail if no JS/TS code was seen. 
In particular, the autobuilder will no longer succeed for projects that
contain HTML or YAML files but no JS/TS code. Further down the line,
this prevents LGTM.com from classifying such projects as "JavaScript"
projects.
 2019-05-28 14:43:59 +01:00
semmle-qlci
9fb61d5f26 Merge pull request #1371 from xiemaisi/js/index-xml 
Approved by asger-semmle
 2019-05-28 14:30:43 +01:00
semmle-qlci
ead59baa0e Merge pull request #1369 from xiemaisi/js/fix-autobuild-test 
Approved by asger-semmle
 2019-05-28 12:27:17 +01:00
semmle-qlci
bd15994bb4 Merge pull request #1367 from xiemaisi/js/configuration-api-consistency 
Approved by esben-semmle
 2019-05-28 12:26:58 +01:00
Asger F
ef1ad0d3b7 JS: Summary expected output (not taint-tracking config anymore) 2019-05-28 12:05:51 +01:00
Asger F
9f43844f1e JS: Remove obsolete code 2019-05-28 11:54:57 +01:00
Asger F
8d60ae7200 JS: Avoid unnecessary casts 2019-05-28 11:54:42 +01:00
Asger F
9f1617a6a8 JS: Update TaintedPath.expected (4x paths) 2019-05-28 11:22:08 +01:00
Asger F
6617747185 JS: Update DataFlowTracking output for booleanOps.js 2019-05-28 11:19:23 +01:00
Max Schaefer
7f8f126338 JavaScript: Add support for XML extraction. 2019-05-28 09:44:24 +01:00