hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

40 Commits

Author SHA1 Message Date
Asger Feldthaus
a4a6e3beb3 JS: Update dataflow tests 2020-10-29 10:38:09 +00:00
Erik Krogh Kristensen
3e532c235b aggregate the tests in library-tests/DataFlow into a single .ql file 2020-10-20 14:08:53 +02:00
Erik Krogh Kristensen
e6bfffaed3 update basic-block on ExceptionalFunctionReturnNode and FunctionReturnNode 2020-08-25 20:09:41 +02:00
Erik Krogh Kristensen
840f30f7bc add basic-block test to dataflow tests 2020-08-25 20:09:36 +02:00
Erik Krogh Kristensen
0004c28fe8 introduce and use FunctionReturnNode 2020-08-07 17:32:25 +02:00
Esben Sparre Andreasen
75451e349a JS: teach the dataflow library identity functions Object.freeze/seal 2020-07-01 15:27:28 +02:00
Esben Sparre Andreasen
33c52761d4 JS: more dataflow and global access path testing 2020-07-01 15:26:25 +02:00
Max Schaefer
7ddf5ced23 JavaScript: Update expected output for unrelated tests. 2020-05-26 10:49:30 +01:00
Max Schaefer
9d3a9d71f1 JavaScript: Add basic support for reasoning about reflective parameter accesses. 
Currently, only `arguments[c]` for a constant value `c` is supported.

This allows us to detect the prototype-pollution vulnerabilities in (old versions of) `extend`, `jquery`, and `node.extend`.
 2020-05-26 09:59:29 +01:00
Max Schaefer
a39e8b4802 JavaScript: Add test for FlowSteps::argumentPassing predicate. 2020-05-26 09:51:06 +01:00
Asger Feldthaus
7d9923038e JS: Fix perf issue from overriding isIncomplete 2020-05-18 22:45:59 +01:00
Asger Feldthaus
9581bb52cb JS: Update test output 2020-05-18 22:45:59 +01:00
Asger Feldthaus
c070416fbe JS: Update test output 2020-04-09 12:24:11 +01:00
Asger Feldthaus
816968d102 JS: Rename test files to avoid clash 2020-03-26 11:59:57 +00:00
Erik Krogh Kristensen
0c080a82be fix expected output 2019-11-07 14:31:09 +01:00
Erik Krogh Kristensen
232e875274 add test for getEnclosingExpr 2019-11-07 14:29:31 +01:00
semmle-qlci
3a7f9a588d Merge pull request #2267 from max-schaefer/js/qltest-extractor-options 
Approved by asger-semmle
 2019-11-07 11:36:45 +00:00
Max Schaefer
725059deea JavaScript: Remove --source-type module extractor options. 2019-11-06 13:01:59 +00:00
Max Schaefer
79f1079460 JavaScript: Add options files with --experimental extractor options. 2019-11-06 13:01:23 +00:00
Max Schaefer
a4bf361f64 JavaScript: Remove remaining --experimental extractor options. 2019-11-06 12:54:44 +00:00
Asger F
d8ac0abb7f JS: Add test 2019-11-05 10:06:21 +00:00
Asger F
afcdc12e7b JS: Use ValueNode, not SSA node, to model NamedImportSpecifier 2019-09-09 10:51:17 +01:00
Asger F
1e5f0a4e2f JS: Update DataFlow tests 2019-08-30 18:19:19 +01:00
Asger F
e9c03c9820 JS: Implement getBasicBlock() for exceptional nodes 2019-07-18 10:01:28 +01:00
semmle-qlci
a6b7f2d1f6 Merge pull request #1561 from xiemaisi/js/await-sourcenode 
Approved by asger-semmle
 2019-07-08 09:44:05 +01:00
Max Schaefer
91a718cfe5 JavaScript: Fix data flow out of reflective calls. 
We were previously missing a data-flow edge from reflected calls to the corresponding reflective call, that is, for `f.call(...)` we didn't have a flow edge from the implicit call to `f` to the result of `f.call(...)`.
 2019-07-04 08:29:04 +01:00
Max Schaefer
bfb236f56d JavaScript: Add more default source nodes. 
In particular, `await`, `yield` and dynamic `import` expressions are now source nodes, as well as a few other experimental and legacy language features involving non-local flow.
 2019-07-02 08:10:28 +01:00
Asger F
180b5443ba JS: Update output of incomplete.ql 2019-05-21 17:02:43 +01:00
Esben Sparre Andreasen
42d3012f81 JS: let RegExpLiteral be a DataFlow::SourceNode 2019-04-01 09:19:25 +02:00
semmle-qlci
014d4b9ed0 Merge pull request #934 from asger-semmle/module-import 
Approved by xiemaisi
 2019-02-25 09:46:52 +00:00
Asger F
be10f24de7 JS: make moduleImport() work for named imports 2019-02-12 17:22:06 +00:00
Asger F
2fd1ee60a2 JS: add DataFlow::Node.getIntValue() 2019-02-12 13:38:46 +00:00
Esben Sparre Andreasen
f956e570cb JS: support default destructuring values in the dataflow graph 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
f333419bb4 JS: add defuse+dataflow tests for destructuring and default values 2019-02-07 11:24:46 +01:00
Anders Schack-Mulligen
e58094c732 Javascript: Autoformat. 2019-01-11 11:02:42 +01:00
Esben Sparre Andreasen
2d7f09d321 JS(ql): support nullish coalescing operators 2018-11-26 10:31:19 +01:00
Asger F
f07aa5bb2c JS: ensure parameters always have a dataflow node 2018-10-31 10:28:31 +00:00
Asger F
fd58039753 JS: update additional QL test output 2018-10-09 08:54:14 +01:00
Esben Sparre Andreasen
6f5fb2a9fe JS: update queries and tests for improved type inference 2018-08-21 22:07:38 +02:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00