codeql

mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00

Author	SHA1	Message	Date
semmle-qlci	1fe5a9e7e7	Merge pull request #2236 from max-schaefer/js/data-flow-exploration Approved by erik-krogh, esbena	2019-11-05 12:15:00 +00:00
semmle-qlci	794d5bda6d	Merge pull request #2116 from erik-krogh/arrayCBRet Approved by max-schaefer	2019-11-05 11:32:13 +00:00
Asger F	c373be0dee	JS: Update TaintBarriers test	2019-11-05 10:26:04 +00:00
Asger F	d8ac0abb7f	JS: Add test	2019-11-05 10:06:21 +00:00
Asger F	d8f3a2c550	JS: Add lvalue of for..of loop as a PropRead	2019-11-05 10:01:18 +00:00
semmle-qlci	eb6e8866fa	Merge pull request #2247 from max-schaefer/odasa-8149 Approved by asger-semmle, esbena	2019-11-05 09:40:54 +00:00
Erik Krogh Kristensen	bdb81c268c	change tense	2019-11-04 18:56:03 +01:00
Erik Krogh Kristensen	8ebfe15f0d	apply doc feedback from mchammer01 Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>	2019-11-04 18:54:43 +01:00
Erik Krogh Kristensen	6cac9619d3	add missing not Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2019-11-04 18:44:13 +01:00
Max Schaefer	016808b92e	JavaScript: Address review comments.	2019-11-04 17:00:12 +00:00
Max Schaefer	770a4703c9	Merge pull request #2237 from asger-semmle/typescript3.7-rc TS: Add support for TypeScript 3.7	2019-11-04 16:36:11 +00:00
Esben Sparre Andreasen	7f55e3f336	JS: classify Doxygen-generated files as "generated"	2019-11-04 09:57:41 +01:00
Asger F	79dbdac8fa	TS: Support declare modifier for fields	2019-11-04 07:54:38 +00:00
Asger F	9bc45f351c	TS: Fix typo in stats file	2019-11-04 07:54:38 +00:00
Asger F	341c11523c	TS: Add recursive type alias tests (already works)	2019-11-04 07:54:38 +00:00
Asger F	b81931e402	TS: Support assertion types	2019-11-04 07:54:38 +00:00
Asger F	4e7b987fa3	TS: Rename IsTypeExpr -> PredicateTypeExpr	2019-11-04 07:54:38 +00:00
Asger F	f50f3b48c4	TS: Add test for ?? operator (already works)	2019-11-04 07:54:38 +00:00
Asger F	869fe4558f	TS: Support optional chaining	2019-11-04 07:54:38 +00:00
Asger F	f76006e490	JS: Delete duplicate test case (typo)	2019-11-04 07:54:38 +00:00
Asger F	36b6c32f4f	TS: Update expected output	2019-11-04 07:54:37 +00:00
Asger F	f48d16fcb7	JS: Support barrier guards that are reflective calls	2019-11-01 15:23:38 +00:00
Asger F	d6158427c5	JS: Generalize SanitizerFunction to data flow configs and flow labels	2019-11-01 15:23:38 +00:00
Asger F	e2b0ec5696	JS: Handle multiple and/or operators in SanitizerFunction	2019-11-01 15:23:38 +00:00
semmle-qlci	e8e2f7bb20	Merge pull request #2240 from max-schaefer/js/indirect-command-argument-data-flow Approved by esbena	2019-11-01 11:00:22 +00:00
semmle-qlci	d03aecaa98	Merge pull request #2235 from max-schaefer/js/issue-2233 Approved by esbena	2019-10-31 14:17:58 +00:00
Max Schaefer	03c9a40ba3	JavaScript: Add libraries for forward and backward data-flow exploration.	2019-10-31 12:37:31 +00:00
Max Schaefer	8aae1f443f	JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments.	2019-10-31 12:13:55 +00:00
Max Schaefer	311cbd824c	JavaScript: Recognize ":" pseudo-directive.	2019-10-31 11:39:09 +00:00
semmle-qlci	2a3980222b	Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes Approved by asger-semmle	2019-10-31 10:47:30 +00:00
Max Schaefer	3bbded57d3	JavaScript: Autoformat.	2019-10-30 14:49:18 +00:00
Max Schaefer	bb0771b36c	JavaScript: Deal with escape-unescape-escape (and similar) chains.	2019-10-30 14:49:01 +00:00
Max Schaefer	8c133ff61d	JavaScript: Deal with (un-)escaping on captured variables.	2019-10-30 14:46:50 +00:00
Max Schaefer	a8214ce7ee	JavaScript: Fix regexes for escaping schemes.	2019-10-30 14:15:59 +00:00
Max Schaefer	5349e0f881	JavaScript: Recognise wrapped chains of replacements.	2019-10-30 13:14:38 +00:00
Max Schaefer	02d16b1dc9	JavaScript: Recognise wrapped string replacement functions.	2019-10-30 13:01:17 +00:00
Max Schaefer	aaeca32519	JavaScript: Recognize string escaping using `.replace` with a callback.	2019-10-30 12:45:32 +00:00
Max Schaefer	bd1c99d8a4	JavaScript: Recognise `JSON.stringify` and `JSON.parse` as escaper/unescaper.	2019-10-30 12:38:05 +00:00
semmle-qlci	a778efe71e	Merge pull request #2216 from asger-semmle/xss-encodeURIComponent Approved by max-schaefer	2019-10-30 11:49:31 +00:00
Max Schaefer	63f24476e9	JavaScript: Refactor `DoubleEscaping.ql`.	2019-10-30 10:59:14 +00:00
Max Schaefer	b42026a90a	JavaScript: Update expected output.	2019-10-29 15:36:24 +00:00
Max Schaefer	530fa2c11c	JavaScript: Collapse edges instead of hiding nodes. Instead of skipping over initial and final nodes, we now introduce edges from source and to sink nodes that circumvent these nodes entirely.	2019-10-29 15:30:24 +00:00
Max Schaefer	dc1d1c2f22	JavaScript: Update expected output.	2019-10-29 15:30:06 +00:00
Max Schaefer	278ea90049	JavaScript: Collapse flow labels at start/end nodes to avoid duplication.	2019-10-29 15:24:40 +00:00
Max Schaefer	316962233c	JavaScript: Factor out `MidPathNode` into its own class.	2019-10-29 15:24:40 +00:00
Max Schaefer	7c56c9f999	JavaScript: Move suppression of hidden nodes into `edges` predicate. They should really only be hidden for display purposes.	2019-10-29 15:19:26 +00:00
Max Schaefer	3373742077	JavaScript: Turn `PathNode::getASuccessorInternal` and `PathNode::getAHiddenSuccessor` into top-level predicates.	2019-10-29 15:19:26 +00:00
Max Schaefer	b6f4785645	JavaScript: Rename `MkPathNode` to `MkMidNode`.	2019-10-29 15:19:26 +00:00
Max Schaefer	d71faaa5f9	JavaScript: Introduce `PathNode::wraps`.	2019-10-29 15:19:26 +00:00
Max Schaefer	98e0932de5	JavaScript: Make `Configuration::isLive` nullary. This makes it more obvious to the evaluator that it is a good predicate to pick as a sentinel, and in practice we mostly just have one configuration in scope anyway.	2019-10-29 15:19:26 +00:00

... 80 81 82 83 84 ...

6131 Commits