hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Max Schaefer
87e62f0bd5 JavaScript: Teach PostMessageStar to reason about partially tainted objects. 2019-01-31 08:59:47 +00:00
Max Schaefer
aeb8cc62b2 JavaScript: Reclassify PostMessageStar as CWE-201. 2019-01-31 08:08:52 +00:00
Asger F
720f442ea5 JS: Rename to StaticClassMemberAsPropWrite 2019-01-30 15:49:21 +00:00
semmle-qlci
fc5b9dd55e Merge pull request #837 from asger-semmle/hardcoded-empty-string 
Approved by esben-semmle
 2019-01-30 13:40:39 +00:00
semmle-qlci
24c8a47bb1 Merge pull request #841 from asger-semmle/private-higher-order-call 
Approved by esben-semmle
 2019-01-30 13:34:04 +00:00
Max Schaefer
17ce21c481 JavaScript: Remove an unused import in TrapTests.java. 2019-01-30 12:29:20 +00:00
Max Schaefer
5eba486d34 JavaScript: Clear per-function CFG caches after each function. 2019-01-30 12:29:20 +00:00
Esben Sparre Andreasen
cfc53ade69 JS: add more tests for js/incomplete-url-substring-sanitization 2019-01-30 12:57:03 +01:00
Felicity Chapman
54242f4009 Merge pull request #849 from jf205/locations 
Update links to QL help topics in GH repo files (SD-2999)
 2019-01-30 11:06:22 +00:00
Max Schaefer
769e407c24 JavaScript: Add new query PostMessageStar. 2019-01-30 10:26:43 +00:00
james
7cc1442ecb Update link text 2019-01-30 09:44:07 +00:00
Esben Sparre Andreasen
321b3f1ab5 JS: use ports to sharpen js/incomplete-url-substring-sanitization 2019-01-30 10:18:00 +01:00
james
81137aa7b4 update links to locations in .ql files 2019-01-30 08:02:02 +00:00
james
9d1a050f35 update links to locations in .qll files 2019-01-30 08:01:49 +00:00
Taus
9adb19f3a9 Merge branch 'master' into python-incomplete-url-sanitize 2019-01-29 14:17:37 +01:00
Max Schaefer
e9500e8b75 JavaScript: Update trap tests. 2019-01-29 13:01:03 +00:00
Max Schaefer
6013b918fc JavaScript: Extract tokens and comments before AST. 
This allows us to discard token/comment information sooner, thereby reducing heap pressure for very large files.
 2019-01-29 13:00:17 +00:00
Max Schaefer
aa54d67301 JavaScript: Update trap tests. 2019-01-29 12:59:42 +00:00
Max Schaefer
99a4f34b7a JavaScript: Omit numlines for functions. 2019-01-29 12:59:33 +00:00
Max Schaefer
a480c6ecaa JavaScript: Implement LoC counting for functions in QL. 2019-01-29 12:58:44 +00:00
Max Schaefer
c09c35a737 JavaScript: Update trap tests. 2019-01-29 12:58:41 +00:00
Max Schaefer
d6c3ae2fb4 JavaScript: Fix bug in extraction of next_token. 2019-01-29 12:58:32 +00:00
Max Schaefer
ea429f4fbe JavaScript: Add test case exposing bug in getNextToken. 2019-01-29 12:50:31 +00:00
Asger F
9e87bf37ea JS: make higherOrderCall private 2019-01-29 11:50:46 +00:00
Asger F
60cef60c1d JS: ensure PropWrites exist for all instance members 2019-01-29 10:12:54 +00:00
Esben Sparre Andreasen
0d1f4270d6 JS: introduce SsaVarAccessWithNonLocalAnalysis 2019-01-29 10:20:36 +01:00
Esben Sparre Andreasen
2683a9b43a JS: add testss for js/trivial-conditional 2019-01-29 10:19:03 +01:00
Max Schaefer
e2f27014b5 JavaScript: Introduce suspiciousCredentials predicate (from C# library). 2019-01-29 09:14:43 +00:00
Max Schaefer
a8dd97a2c9 JavaScript: Pull reasoning about encode/encrypt-like calls into library. 2019-01-29 09:14:23 +00:00
Max Schaefer
1fe4c44b36 JavaScript: Bring a few doc comments into line with style guide. 2019-01-29 09:13:53 +00:00
semmle-qlci
a5aee9ed0f Merge pull request #833 from esben-semmle/js/sharpen-cond 
Approved by xiemaisi
 2019-01-29 08:03:06 +00:00
Asger F
5815aa1e8b JS: add test case to PropWrite tests 2019-01-28 15:43:52 +00:00
Asger F
383cadb25b JS: add PropWrite for instance fields with initializer 2019-01-28 15:40:30 +00:00
Asger F
7a4af4af6d JS: add PropWrite instance for parameter fields 2019-01-28 15:40:30 +00:00
Asger F
dacde5da12 JS: restrict ClassMemberAsPropWrite to static members 2019-01-28 15:40:25 +00:00
Asger F
3245142203 JS: Dont flag empty string as hardcoded username 2019-01-28 13:01:52 +00:00
semmle-qlci
962416ffc2 Merge pull request #805 from asger-semmle/callback-taint-source 
Approved by xiemaisi
 2019-01-28 08:45:37 +00:00
semmle-qlci
8b029a2d9f Merge pull request #827 from xiemaisi/js/duplicate-toplevel-percent 
Approved by esben-semmle
 2019-01-28 08:40:23 +00:00
Esben Sparre Andreasen
ef3b107cc1 JS: sharpen the js/trivial-conditional whitelist 2019-01-25 18:19:45 +01:00
Mark Shannon
3850f87879 Make qhelp for 'Incomplete URL substring sanitization' consistent across languages. 2019-01-25 16:47:23 +00:00
semmle-qlci
d8947a71a5 Merge pull request #735 from asger-semmle/string-ops 
Approved by xiemaisi
 2019-01-25 15:15:19 +00:00
Asger F
ccbfaa7c9e JS: explain return step more thoroughly 2019-01-25 15:12:24 +00:00
Max Schaefer
254fafc6ce JavaScript: Round down percentage in DuplicateToplevel.ql. 
All the other duplication queries already do this.
 2019-01-25 22:44:07 +08:00
Max Schaefer
39191ed6f1 JavaScript: Add more statements to test cases for DuplicateToplevel. 
Now both `a.js` and `b.js` have ten (non-block) statements, which allows for more interesting tests.
 2019-01-25 22:42:51 +08:00
semmle-qlci
247d615c01 Merge pull request #802 from Semmle/xiemaisi-patch-5-1 
Approved by asger-semmle
 2019-01-25 12:32:43 +00:00
Asger F
8294aeea74 JS: fix doc comments 2019-01-25 11:12:07 +00:00
Asger F
c48b529846 JS: autoformat 2019-01-25 11:06:31 +00:00
Asger F
3bbe542ef4 JS: fix whitespace 2019-01-25 11:06:17 +00:00
Max Schaefer
e6672aaf70 Merge pull request #804 from esben-semmle/js/sharpen-unneeded-defensive 
JS: better handling of nested expressions in js/unneeded-defensive-code
 2019-01-25 11:23:51 +08:00
imsolost
e1aa3def25 removed extra parenthesis around argument for set state arrow function 2019-01-23 17:05:32 -08:00