hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,894 Commits 1,671 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

5031 Commits

Author SHA1 Message Date
Asger F
f3c80c738e JS: Unify access paths for captured variables 2019-04-18 11:27:15 +01:00
Asger F
e543097c45 JS: Add test 2019-04-18 11:26:39 +01:00
Max Schaefer
a61ca489f1 Merge pull request #1258 from asger-semmle/prototype-pollution 
JS: prototype pollution query template
 2019-04-17 12:58:05 +01:00
semmle-qlci
f36eafce3f Merge pull request #1246 from xiemaisi/js/hardcoded-password 
Approved by asger-semmle
 2019-04-17 08:54:09 +01:00
Asger F
48ca4ae0d8 JS: prototype pollution query template 2019-04-16 17:40:41 +01:00
semmle-qlci
ff25a3ee5a Merge pull request #1243 from asger-semmle/access-path-refinements 
Approved by xiemaisi
 2019-04-16 09:57:51 +01:00
Esben Sparre Andreasen
c80ee3df01 Mergeback: rc/1.20 into Semmle/master 2019-04-16 08:46:15 +02:00
Max Schaefer
4c9edafef3 Merge pull request #1211 from esben-semmle/js/type-tracking-for-incomplete-hostname-regexp 
JS: type tracking for js/incomplete-hostname-regexp
 2019-04-15 12:19:46 +01:00
Max Schaefer
1d5bb97121 JavaScript: Refine PasswordInConfigurationFile to avoid FPs. 
We now exclude passwords that look like they might be filled in via
templating or shell substitution.
 2019-04-15 12:10:21 +01:00
Max Schaefer
ce53a7d575 Merge pull request #1175 from psygnisfive/NullSensitiveContext 
[JS] Null Sensitive Context (new library)
 2019-04-15 08:50:14 +01:00
Rebecca Valentine
fb40548be5 fixes semicolon issues 2019-04-12 10:56:31 -07:00
Rebecca Valentine
a66d1c0e09 fixes test errors 2019-04-12 10:39:34 -07:00
Asger F
b8ec7083d4 JS: Update isBarrier test output 2019-04-12 16:35:01 +01:00
Asger F
b36075ca46 JS: step through refinements in AccessPaths 2019-04-12 11:12:50 +01:00
Asger F
720555be45 JS: Add test case 2019-04-12 11:11:26 +01:00
Esben Sparre Andreasen
9c65277b53 JS: reformulate js/incomplete-hostname-regexp with type tracking 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
5a7101481c JS: make message for js/incomplete-hostname-regexp more informative 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
d643904faf JS: improve tests for fixup js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
fd429ce639 JS: whitelist delimiter unwrapping for js/incomplete-sanitization 2019-04-12 08:38:44 +02:00
Esben Sparre Andreasen
a0ed362310 JS: add test case for js/incomplete-sanitization 2019-04-12 08:37:47 +02:00
semmle-qlci
ccbb7ce04b Merge pull request #1224 from asger-semmle/cheerio 
Approved by esben-semmle
 2019-04-11 15:21:44 +01:00
semmle-qlci
a1cc2fbed3 Merge pull request #1233 from xiemaisi/js/amd-type-inference 
Approved by asger-semmle
 2019-04-11 15:20:00 +01:00
semmle-qlci
ed5fd96603 Merge pull request #1227 from asger-semmle/typescript3.4 
Approved by xiemaisi
 2019-04-11 10:39:57 +01:00
Max Schaefer
301dab0e40 JavaScript: Improve AMD support in type inference. 
Now leverages the recently introduced logic for resolving AMD imports
based on unique matching paths.
 2019-04-10 09:47:54 -07:00
Max Schaefer
20312fc3bf JavaScript: Improve socket.io model. 
Recognise `io` imports and use type-tracking to better track handlers.
 2019-04-10 08:02:40 -07:00
Asger F
bfa6208a58 TS: Fix test output 2019-04-10 15:44:37 +01:00
Asger F
c1c7ebfc48 TS: Support const type assertions 2019-04-10 12:54:42 +01:00
Asger F
d5ae69d40a TS: Support readonly type expressions 2019-04-10 12:26:46 +01:00
Asger F
8304ce1e16 TS: Update test output with new toString value 2019-04-10 11:34:27 +01:00
Asger F
bd1d9ed810 JS: Add test 2019-04-09 12:21:54 +01:00
Esben Sparre Andreasen
e7adb62288 Merge pull request #1221 from asger-semmle/contextual-typing 
TS: Extract contextual type for object/array literals
 2019-04-09 10:43:01 +02:00
semmle-qlci
92acd322fc Merge pull request #1218 from esben-semmle/js/whitelist-typeconfusion-lt1-checks 
Approved by asger-semmle
 2019-04-09 01:11:34 +01:00
Asger F
db9fd3f721 TS: update test change 2019-04-08 15:17:40 +01:00
semmle-qlci
f54366bf95 Merge pull request #1214 from asger-semmle/taint-addexpr-phi 
Approved by esben-semmle, xiemaisi
 2019-04-08 11:55:06 +01:00
Esben Sparre Andreasen
52d86471af JS: whitelist another emptiness check for the type-confusion query 2019-04-08 09:52:27 +02:00
semmle-qlci
662ad4b2ca Merge pull request #1205 from asger-semmle/prefix-sanitizer 
Approved by esben-semmle
 2019-04-08 08:29:04 +01:00
Asger F
50c2921625 TS: Use contextual typing for literals 2019-04-05 18:43:51 +01:00
Asger F
d7bfeeefd0 TS: add test case with nested literals 2019-04-05 18:40:24 +01:00
Asger F
80f413177a Merge branch 'master' into shelljs 2019-04-05 14:44:32 +01:00
Asger F
e55330b820 JS: Fix flow through += 2019-04-05 13:55:48 +01:00
semmle-qlci
063dbeeff3 Merge pull request #1198 from esben-semmle/js/more-express-route-handlers 
Approved by xiemaisi
 2019-04-05 09:47:51 +01:00
Esben Sparre Andreasen
60ba74a210 JS: Express cleanup and generalization 2019-04-04 21:42:08 +02:00
Esben Sparre Andreasen
c94ca46366 JS: add more Express tests 2019-04-04 21:42:08 +02:00
Asger F
43f6b8fa70 JS: Add test 2019-04-04 11:44:56 +01:00
Asger F
3da76cb798 JS: add model of ShellJS 2019-04-04 11:44:56 +01:00
Asger F
3bc7371fd6 JS: be less conservative about incomplete nodes in prefix sanitizers 2019-04-03 15:20:03 +01:00
Esben Sparre Andreasen
3c608fe11e Merge branch 'master' into js/improve-createServer 2019-04-03 12:37:33 +02:00
semmle-qlci
1da828fa80 Merge pull request #1195 from esben-semmle/js/firebase-express-requests 
Approved by xiemaisi
 2019-04-03 11:36:02 +01:00
Esben Sparre Andreasen
f23a5a5fee JS: model firebase-functions/https.onRequest 2019-04-03 08:01:45 +02:00
Esben Sparre Andreasen
0b733b4f23 JS: treat the last argument to https.createServer as a route handler 2019-04-02 14:38:31 +02:00