codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
semmle-qlci	0dcb189e67	Merge pull request #2162 from xiemaisi/js/remove-deprecated-queries Approved by esben-semmle	2019-10-22 07:15:58 +01:00
Esben Sparre Andreasen	5a983cb535	JS: add query js/shell-command-injection-from-environment	2019-10-21 23:31:55 +02:00
Erik Krogh Kristensen	2e0244cda6	address review feedback	2019-10-21 20:32:45 +02:00
Max Schaefer	55fb86d618	JavaScript: Remove deprecated queries. These queries have all been deprecated since 1.17 (released in July 2018). I think it's time to say goodbye.	2019-10-21 14:42:02 +01:00
Erik Krogh Kristensen	9eda120de4	implement a new query to detect unreachable overloaded methods in TypeScript	2019-10-21 13:34:42 +02:00
Asger F	8aa34e6a54	JS: Add XSS test case for new PostMessageEventHandler cases	2019-10-21 11:32:22 +01:00
Esben Sparre Andreasen	e1d7434be4	JS: add query js/useless-regexp-character-escape	2019-10-16 00:15:54 +02:00
Max Schaefer	dca808126f	Merge pull request #2032 from erik-krogh/lessSpaces JS: remove false positive in js/missing-space-in-concatenation	2019-10-14 14:25:40 +01:00
Erik Krogh Kristensen	28056791a5	add .getALocalSource() when testing for lodash-members	2019-10-14 14:14:26 +02:00
Erik Krogh Kristensen	a7c1c34e1e	fix test output, and add new test for array callbacks	2019-10-11 17:14:58 +02:00
semmle-qlci	7ba04768cd	Merge pull request #2098 from asger-semmle/ts-computed-field-name-context Approved by esben-semmle	2019-10-10 12:06:46 +01:00
Esben Sparre Andreasen	0e79d3db46	Merge pull request #2065 from erik-krogh/noReturn JS: use of returnless function	2019-10-09 13:44:39 +02:00
Asger F	07df479b94	JS: IllegalInvocation: be more convservative	2019-10-09 12:16:11 +01:00
Asger F	ad8667d6db	JS: IllegalInvocation regression test	2019-10-09 12:16:11 +01:00
Asger F	d3f587c12a	JS: Restrict class values flowing through globals	2019-10-09 12:16:11 +01:00
Asger F	dbfd0ae03b	JS: InconsistentNew regression test	2019-10-09 12:16:11 +01:00
semmle-qlci	c8e5be74d5	Merge pull request #2093 from asger-semmle/ts-unused-var-fix Approved by erik-krogh	2019-10-08 13:51:46 +01:00
Asger F	8146619913	JS: Set context of computed field names to enclosing ctor	2019-10-08 13:51:12 +01:00
Asger F	2235072841	JS: Add tests	2019-10-08 13:51:12 +01:00
Erik Krogh Kristensen	0933235132	whitelist calls to functions that always throw an exception	2019-10-08 11:54:57 +02:00
Erik Krogh Kristensen	1bbe1ecdba	the js/use-of-returnless-function query now support multiple callees	2019-10-08 11:54:57 +02:00
Erik Krogh Kristensen	7025ba36c0	refactor of js/use-of-returnless-function	2019-10-08 11:54:57 +02:00
Erik Krogh Kristensen	dedae5ba1d	refactor isExplicitConditional into a library file, and use it from js/use-of-returnless-function	2019-10-08 11:54:56 +02:00
Erik Krogh Kristensen	bda37b6d6f	refactor of benignContext predicate based on code review	2019-10-08 11:54:56 +02:00
Erik Krogh Kristensen	bed14244ae	add query for detecting uses return-values from functions that does not return a value	2019-10-08 11:53:14 +02:00
Asger F	316580334a	TS: Fix extraction of default-exported class	2019-10-07 16:46:59 +01:00
Erik Krogh Kristensen	3a55880d51	update expected output for js/suspicious-method-name-declaration	2019-10-07 15:18:37 +02:00
Erik Krogh Kristensen	b741a65e9b	documentation changes based on review Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>	2019-10-04 14:42:16 +02:00
Erik Krogh Kristensen	c0b7538cf0	made the blacklist for methods named "function" work again	2019-10-02 14:56:41 +02:00
Erik Krogh Kristensen	584b9d4e30	update expected test output	2019-10-01 15:53:37 +02:00
Erik Krogh Kristensen	1e2aad5a29	fix pointer in .qlref, and update expected test results	2019-10-01 14:56:00 +02:00
Erik Krogh Kristensen	aa1368741b	rename suspicious-method-name to suspicious-method-name-declaration	2019-10-01 14:37:07 +02:00
Erik Krogh Kristensen	0320f0f26b	add query for detecting suspisous method names in TypeScript	2019-09-30 13:05:50 +02:00
Erik Krogh Kristensen	7fb8f8453d	fix for when the concatenation root is in parentheses	2019-09-26 16:35:38 +02:00
Erik Krogh Kristensen	69365ccd03	remove false positive in missingSpaceInAppend by requring the presence of a word-like fragment	2019-09-26 12:59:05 +02:00
Max Schaefer	d4fca84898	JavaScript: Improve XSS sanitizer detection. We now use local data flow to detect more regexp-based sanitizers.	2019-09-23 17:07:06 +01:00
semmle-qlci	825a3d2917	Merge pull request #1954 from asger-semmle/type-tracking-through-captured-vars Approved by xiemaisi	2019-09-23 12:10:30 +01:00
semmle-qlci	e2c941c577	Merge pull request #1916 from erik-krogh/taintedLength Approved by asger-semmle, xiemaisi	2019-09-23 11:47:48 +01:00
Max Schaefer	149ae5d7ab	JavaScript: Fix IllegalInvocation. This fixes false positives that arise when a call such as `f.apply` can either be interpreted as a reflective invocation of `f`, or a normal call to method `apply` of `f`.	2019-09-23 07:44:14 +01:00
Asger F	1ce0a48996	JS: Update tests	2019-09-20 15:41:36 +01:00
semmle-qlci	6f2e485ace	Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible Approved by esben-semmle	2019-09-19 12:45:45 +01:00
Max Schaefer	3970ead7ab	JavaScript: Add support for `rate-limiter-flexible` package.	2019-09-18 12:25:33 +01:00
Esben Sparre Andreasen	ac6554b7da	Merge branch 'master' into js/improve-getAResponseDataNode	2019-09-17 13:18:41 +02:00
Esben Sparre Andreasen	a5645e168a	JS: exclude keys from whitelist	2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen	0e2d2f8662	JS: whitelist some hardcoded dummy-passwords in two queries	2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen	aa3f4a7048	JS: change passwords in tests	2019-09-16 10:09:59 +02:00
Erik Krogh Kristensen	9dc9adda64	fix capitalization in test case Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>	2019-09-13 14:54:18 +01:00
Erik Krogh Kristensen	3fb64abb09	fix consistency and spelling in the documentation suggestions from the documentation team Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>	2019-09-13 14:52:11 +01:00
Erik Krogh Kristensen	c4f27ed4cc	rename TaintedLength to LoopBoundInjection	2019-09-13 11:12:01 +01:00
Erik Krogh Kristensen	5b2b60f132	change DOS to DoS, and other small documentation fixes Co-Authored-By: Max Schaefer <max@semmle.com>	2019-09-13 10:26:01 +01:00

... 42 43 44 45 46 ...

2691 Commits