hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

96 Commits

Author SHA1 Message Date
semmle-qlci
f00863fb58 Merge pull request #383 from esben-semmle/js/unused-eval-variable 
Approved by xiemaisi
 2018-10-31 10:42:55 +00:00
Asger F
2c11844c5b Revert "Merge pull request #380 from asger-semmle/generalize-useless-conditional" 
This reverts commit 28f3b686a7, reversing
changes made to dc3c5a684c.
 2018-10-31 10:38:38 +00:00
Max Schaefer
c75d785684 JavaScript: Fix modelling of _.partial. 
Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array;
cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial.
 2018-10-31 06:31:59 -04:00
Asger F
0bc30003af JS: add change note 2018-10-31 10:28:31 +00:00
Asger F
1568d5dadd JS: add change note 2018-10-30 14:25:05 +00:00
Esben Sparre Andreasen
eb7add6f15 JS: change note for js/unused-local-variable eval whitelisting 2018-10-30 13:08:24 +01:00
Asger F
7285562c72 JS: add change note 2018-10-26 12:09:10 +01:00
Esben Sparre Andreasen
9c2ca9a7fa JS: make js/unused-local-variable flag import statements 2018-10-18 11:49:45 +02:00
semmle-qlci
1da873e819 Merge pull request #315 from esben-semmle/js/conditional-bypass-early-return 
Approved by xiemaisi
 2018-10-17 08:25:55 +01:00
Esben Sparre Andreasen
870811a509 JS: change note for improved ClientRequests (overdue) 2018-10-16 08:51:32 +02:00
Esben Sparre Andreasen
ffbbb807f4 JS: avoid flagging early returns in js/user-controlled-bypass 2018-10-16 08:39:59 +02:00
semmle-qlci
1e7696664e Merge pull request #302 from xiemaisi/js/google-spanner 
Approved by esben-semmle
 2018-10-16 06:48:43 +01:00
Max Schaefer
cd284b2f97 JavaScript: Add support for Google Cloud Spanner. 2018-10-11 09:30:39 +01:00
Esben Sparre Andreasen
358b6c3413 JS: change "remote request" to "network request" 2018-10-10 15:34:39 +02:00
Esben Sparre Andreasen
e93545d16e JS: address more review comments 2018-10-10 15:28:42 +02:00
Esben Sparre Andreasen
6b8fd49fba JS: add change notes for two new queries 2018-10-10 12:17:46 +02:00
Asger F
9fb73f41c9 JS: rename ReactComponent::getAThisAccess -> getAThisNode 2018-10-09 08:54:44 +01:00
Asger F
e551ff3818 JS: add change note 2018-10-09 08:54:14 +01:00
Asger F
d2af4ab94a Merge pull request #227 from xiemaisi/js/taint-kinds 
JavaScript: Add support for state-based taint tracking.
 2018-10-08 15:09:12 +01:00
semmle-qlci
bea86e52fb Merge pull request #275 from xiemaisi/js/workaround-for-nested-imports 
Approved by asger-semmle
 2018-10-04 08:25:52 +01:00
Max Schaefer
335adee69c JavaScript: Add change note. 2018-10-03 16:03:12 +01:00
Max Schaefer
220fcb59bd JavaScript: Add change note. 2018-10-03 13:08:31 +01:00
semmle-qlci
e9adc63d91 Merge pull request #260 from xiemaisi/js/confusing-precedence 
Approved by esben-semmle, mc-semmle
 2018-10-03 09:07:18 +01:00
Max Schaefer
425d2bfba7 Merge pull request #266 from esben-semmle/js/improve-dead-store-of-local 
JS: support noop parentheses in js/useless-assignment-to-local
 2018-10-02 16:19:56 +01:00
Max Schaefer
768368498f JavaScript: Introduce new query UnclearOperatorPrecedence. 2018-10-02 08:46:51 +01:00
Max Schaefer
a63b7fc215 JavaScript: Introduce new library predicate for computing whitespace around binary operators. 2018-10-02 08:46:11 +01:00
semmle-qlci
829a5cc451 Merge pull request #259 from asger-semmle/open-redirect-expr 
Approved by xiemaisi
 2018-10-02 08:32:48 +01:00
Esben Sparre Andreasen
595fe217dd JS: support noop parentheses in js/useless-assignment-to-local 
The syntatic recognizer `isNullOrUndef` did not handle expressions
that were wrapped in parentheses.

This eliminates some results here:
https://lgtm.com/projects/g/vuejs/vue/alerts?mode=tree&ruleFocus=7900088
 2018-10-02 09:31:32 +02:00
Asger F
9f07b1011d JS: bugfix in server-side redirect query 2018-10-01 12:34:13 +01:00
Asger F
8d3ac39b65 JS: change note 2018-09-27 10:21:57 +01:00
semmle-qlci
a93939b827 Merge pull request #230 from esben-semmle/js/ad-hoc-whitelisting 
Approved by xiemaisi
 2018-09-26 14:14:25 +01:00
Esben Sparre Andreasen
7c006d4530 Merge pull request #222 from xiemaisi/js/identity-replacement 
JavaScript: Add new query flagging identity replacements.
 2018-09-26 09:25:19 +02:00
Esben Sparre Andreasen
097a2811e1 JS: change notes for AdHocWhitelistCheckSanitizer 2018-09-26 09:20:40 +02:00
Max Schaefer
1ab11109f9 JavaScript: Add new query flagging identity replacements. 2018-09-25 11:27:11 +01:00
Asger F
4797924bea JS: review comments 2018-09-21 14:46:21 +01:00
Asger F
d2a04d32be JS: add change note 2018-09-21 13:20:02 +01:00
Esben Sparre Andreasen
2cedc81774 JS: polish js/enabling-electron-renderer-node-integration meta info 2018-09-19 13:45:42 +02:00
semmle-qlci
89f2dbf8db Merge pull request #195 from esben-semmle/js/reflected-xss-through-filenames 
Approved by asger-semmle
 2018-09-19 12:42:22 +01:00
Esben Sparre Andreasen
bb48421d77 JS: address doc review comments 2018-09-17 11:08:35 +02:00
Esben Sparre Andreasen
5781b518bc JS: change notes for js/stored-xss 2018-09-14 15:30:44 +02:00
Asger F
a3562aa4a7 Merge pull request #193 from esben-semmle/js/reduce-precision-of-remote-property-injection 
JS: lower @precision of js/remote-property-injection
 2018-09-14 11:14:13 +01:00
semmle-qlci
abbadf24f0 Merge pull request #192 from esben-semmle/js/additional-array-taint-steps 
Approved by asger-semmle
 2018-09-14 10:02:36 +01:00
Esben Sparre Andreasen
81aeda69e1 JS: lower @precision of js/remote-property-injection 2018-09-14 07:37:47 +02:00
Esben Sparre Andreasen
cb2bd9e0ae JS: change notes for additional array taint steps 2018-09-13 21:36:53 +02:00
Esben Sparre Andreasen
52013f3071 JS: change notes for improved js/unbound-event-handler-receiver 2018-09-13 08:43:01 +02:00
Esben Sparre Andreasen
b9d825b379 JS: better matching of String.prototype.search in js/regex-injection 2018-09-05 08:35:00 +02:00