codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Max Schaefer	4992970181	JavaScript: Fix an auto-build test.	2019-05-28 09:44:24 +01:00
Max Schaefer	86e96c6dc3	JavaScript: Introduce `is{Barrier,Sanitizer}Edge` predicate. This name is more intuitive than the previous binary `is{Barrier,Sanitizer}` predicates, and is consistent with the other languages.	2019-05-28 08:08:14 +01:00
Max Schaefer	d9b3e461ba	Merge pull request #1351 from asger-semmle/js-incomplete-nodes JS: Mark some more nodes as incomplete	2019-05-28 07:59:23 +01:00
Max Schaefer	bad5465aad	Merge pull request #1360 from asger-semmle/customize-window-document JS: Make some DOM concepts customizable	2019-05-28 07:58:44 +01:00
Esben Sparre Andreasen	fd4c749e27	JS: change FrameworkLibraryInstance Script/TopLevel inheritance This is theoretically a breaking change, but it preserves the semantics of all queries in this repository, as far as I can see.	2019-05-28 08:31:23 +02:00
Esben Sparre Andreasen	1b1e9ed51a	JS: cache matchMarkerComment	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	189ac6c2bd	JS: add js/prototype-pollution to the security suite	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	eb13ab52cf	JS: sharpen js/prototype-pollution with version analysis	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	c143e31fb5	JS: rename getDefaultNode to getImportedModuleNode	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	0660db37f6	JS: introduce SemVer matching library	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	7d57d1915a	JS: introduce `DataFlow::DependencyModuleImport`	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	1cea29d89f	JS: improve prototype pollution tests	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	af3f0b1d04	JS: add test for missing support for package-lock.json	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	ef6f4c7a5e	JS: update docstring	2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen	f74653be46	JS: extract `getDefaultNode` from `DefaultRange`	2019-05-27 22:32:32 +02:00
Max Schaefer	1bf7bcf010	Merge pull request #1356 from asger-semmle/tainted-path-cherry-picked JS: Refactor LabelledBarrierGuard	2019-05-23 12:26:35 +01:00
Asger F	6bb011a4cc	JS: Stop using data/taint as flow labels in TaintedPath	2019-05-23 10:16:41 +01:00
Asger F	0823f6c935	JS: fix use of dataOrTaint()	2019-05-23 10:16:41 +01:00
Asger F	37fa2446d4	JS: review comments	2019-05-23 10:16:31 +01:00
Asger F	07d508d1bf	JS: Track taint through .replace()	2019-05-23 09:23:48 +01:00
Asger F	1ec3475457	JS: All of TaintedPath	2019-05-23 09:23:47 +01:00
semmle-qlci	fac620d6f3	Merge pull request #1357 from asger-semmle/jump-to-namespace Approved by xiemaisi	2019-05-23 09:00:24 +01:00
Asger F	9046fd15f7	JS: Update expected output of XSS query (benign)	2019-05-23 08:56:01 +01:00
Asger F	2fc0ab5595	JS: Stop using the AST-based isDocumentURL internally	2019-05-23 08:55:21 +01:00
Asger F	8b7dbf8b0f	JS: Align DOM::locationRef with isDocumentURL	2019-05-23 08:45:08 +01:00
Asger F	8590042a7e	JS: customizable window, document, DOM value	2019-05-22 15:49:56 +01:00
Asger F	153e778f7f	JS: Remove jump-to-namespace	2019-05-22 14:42:48 +01:00
Asger F	deb217326d	JS: Update our own queries	2019-05-22 13:13:08 +01:00
Asger F	61ef73b0f7	JS: Add change note and deprecation member	2019-05-22 12:23:29 +01:00
Asger F	6246eb2fe3	JS: Refactor LabeledSantizerGuard	2019-05-22 12:08:03 +01:00
semmle-qlci	dc8123db8e	Merge pull request #1355 from xiemaisi/js/data-flow-api-fiddling Approved by asger-semmle	2019-05-22 10:40:32 +01:00
semmle-qlci	c100c70a65	Merge pull request #1348 from xiemaisi/js/add-external-link-cwe Approved by esben-semmle	2019-05-22 08:12:51 +01:00
semmle-qlci	114ba0e722	Merge pull request #1349 from EdoDodo/js-performance Approved by xiemaisi	2019-05-21 17:50:01 +01:00
Asger F	180b5443ba	JS: Update output of incomplete.ql	2019-05-21 17:02:43 +01:00
Asger F	de2f323172	JS: Mark unused parameter nodes as incomplete	2019-05-21 16:53:39 +01:00
Asger F	69dbbcf1c8	JS: Mark destructuring nodes as incomplete	2019-05-21 16:52:35 +01:00
Asger F	faa47029d5	JS: Mark exceptional nodes as incomplete	2019-05-21 13:51:59 +01:00
Asger F	68ae409947	JS: Test for mismatch between taint and type inference	2019-05-21 13:26:02 +01:00
Edoardo Pirovano	9d2580f778	JS: Fix performance regression of query.	2019-05-21 12:26:11 +01:00
semmle-qlci	8cd3cb501a	Merge pull request #1346 from xiemaisi/js/revert-1078 Approved by esben-semmle	2019-05-21 12:19:57 +01:00
Max Schaefer	cf22761ccc	JavaScript: Add CWE-1022 to TargetBlank.	2019-05-21 12:16:32 +01:00
semmle-qlci	fe920ecfaa	Merge pull request #1331 from asger-semmle/destructuring-assignment-fix Approved by xiemaisi	2019-05-21 11:32:36 +01:00
semmle-qlci	2b5b8751ea	Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps Approved by esben-semmle, xiemaisi	2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen	3af3c5413b	Merge pull request #1318 from asger-semmle/prototype-pollution-query2 Move prototype pollution query into suite	2019-05-21 12:23:41 +02:00
Max Schaefer	924664afcf	JavaScript: Manually revert #1078 . In its present form, `getAnUndefinedReturn` does not handle `finally` blocks correctly. For example, in this snippet ``` try { return 42; } finally { cleanup(); } ``` the call to `cleanup` is erroneously considered an undefined return. We currently don't use the predicate anywhere, so it seems best to back it out for the time being.	2019-05-21 08:26:58 +01:00
semmle-qlci	56ab013114	Merge pull request #1340 from xiemaisi/js/es2019 Approved by asger-semmle	2019-05-20 16:47:09 +01:00
Asger F	ba69e19e95	JS: Address doc review	2019-05-20 16:46:27 +01:00
Max Schaefer	7b7f92c19e	JavaScript: Introduce `SSA::definition` and `SSA::variable`.	2019-05-20 16:22:01 +01:00
Max Schaefer	fb744a6c53	JavaScript: Introduce `Parameter.getVariable()`.	2019-05-20 16:01:12 +01:00
Max Schaefer	2cb33f6088	JavaScript: Introduce `DataFlow::ExprNode` and `exprNode` for consistency with other languages.	2019-05-20 15:55:03 +01:00

... 84 85 86 87 88 ...

5849 Commits