codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Asger F	9fa9729470	JS: Shift line numbers in SemiAnchoredRegExp testcase	2019-11-15 09:27:19 +00:00
Asger F	8bc89ee254	JS: Update semi-anchored regex query	2019-11-15 09:27:19 +00:00
Asger F	c21d095d38	JS: Restrict RegExp queries to actual regular expressions	2019-11-15 09:27:19 +00:00
Asger F	e0bdc777b9	JS: Make ReDoS check string-based regexes	2019-11-15 09:27:19 +00:00
Asger F	97e5da1046	JS: Update ReDoS query	2019-11-15 09:27:19 +00:00
Asger F	591fffc5cc	JS: Add test case for wide constants in char class	2019-11-15 09:27:19 +00:00
Asger F	68d23bcf8c	JS: Extract surrogate pairs as one constant node	2019-11-15 09:27:19 +00:00
Esben Sparre Andreasen	8e6a19b3d3	JS: add DefaultParsedCommandLineArgumentsAsSource	2019-11-15 08:42:02 +01:00
Esben Sparre Andreasen	2ea7d141c8	Merge pull request #2310 from max-schaefer/js/insufficient-url-scheme-check JavaScript: Add query `IncompleteUrlSchemeCheck`	2019-11-14 22:13:02 +01:00
Erik Krogh Kristensen	7137a64b7d	Added query for detecting XSS that happens through an exception	2019-11-14 17:04:00 +01:00
Esben Sparre Andreasen	cc768345d0	JS: add security tests for malicious torrents	2019-11-14 13:54:19 +01:00
Esben Sparre Andreasen	bea59ec8ad	JS: add some parsed torrent properties as remote flow sources	2019-11-14 13:54:19 +01:00
Dave Bartolomeo	e89ecc19e3	Merge pull request #2302 from max-schaefer/test-qlpacks Add `qlpack.yml` files for test folders.	2019-11-13 12:21:19 -07:00
semmle-qlci	b11a7427c2	Merge pull request #2270 from erik-krogh/reflectiveExpr Approved by max-schaefer	2019-11-13 13:08:40 +00:00
Max Schaefer	ab583b7994	JavaScript: Add query `IncompleteUrlSchemeCheck.ql`.	2019-11-13 10:27:18 +00:00
Max Schaefer	155cea7b5b	Revert "JavaScript: Improve double-escaping query"	2019-11-12 22:54:12 +00:00
Max Schaefer	5b2e32b051	Add `qlpack.yml` files for test folders.	2019-11-12 15:03:02 +00:00
Erik Krogh Kristensen	6f6c4c4fcc	fix tests after change from tabs to spaces	2019-11-12 08:48:01 +01:00
Erik Krogh Kristensen	67b38ed301	correctly weed out benign calls inside attributes	2019-11-11 15:30:33 +01:00
Esben Sparre Andreasen	9b346b1d52	Merge pull request #2260 from max-schaefer/js/_min JavaScript: Classify files with names ending in `_min` as minified.	2019-11-08 13:52:33 +01:00
semmle-qlci	e65271dfad	Merge pull request #2251 from asger-semmle/barrier-guard-improvements Approved by esbena	2019-11-07 15:50:23 +00:00
semmle-qlci	f79c2a7630	Merge pull request #2224 from asger-semmle/access-paths-with-source-node-root Approved by max-schaefer	2019-11-07 15:46:14 +00:00
Erik Krogh Kristensen	0c080a82be	fix expected output	2019-11-07 14:31:09 +01:00
Erik Krogh Kristensen	232e875274	add test for getEnclosingExpr	2019-11-07 14:29:31 +01:00
semmle-qlci	3a7f9a588d	Merge pull request #2267 from max-schaefer/js/qltest-extractor-options Approved by asger-semmle	2019-11-07 11:36:45 +00:00
Max Schaefer	e314869e5c	JavaScript: Classify files with names ending in `_min` as minified. We already do the same for `-min` and `.min`. [Here](https://github.com/antoniogarrote/rdfstore-js/blob/master/dist/rdfstore_min.js) is a real-world example.	2019-11-07 10:33:47 +00:00
Max Schaefer	54e40a8977	JavaScript: Move `--html all` extractor options into `options` file.	2019-11-06 16:30:01 +00:00
Asger F	d9beb54dde	Merge pull request #2102 from erik-krogh/deferredModel JS: add Deferred model in js/use-of-returnless-function	2019-11-06 14:30:03 +00:00
semmle-qlci	f73caac88d	Merge pull request #2254 from asger-semmle/for-of-propread Approved by max-schaefer	2019-11-06 13:44:55 +00:00
Max Schaefer	725059deea	JavaScript: Remove `--source-type module` extractor options.	2019-11-06 13:01:59 +00:00
Max Schaefer	3ad5af7cef	JavaScript: Move `--extract-program-text` extractor options into `options` files.	2019-11-06 13:01:55 +00:00
Max Schaefer	6b817203fd	JavaScript: Move `--tolerate-parse-errors` extractor options into `options` file.	2019-11-06 13:01:28 +00:00
Max Schaefer	5681565d4a	JavaScript: Move `--html elements` extractor options into `options` file.	2019-11-06 13:01:28 +00:00
Max Schaefer	8fdf6298b9	JavaScript: Remove `--platform node` extractor options.	2019-11-06 13:01:28 +00:00
Max Schaefer	4848372435	JavaScript: Replace `--externs` extractor flag with `/** @externs */` comment.	2019-11-06 13:01:28 +00:00
Max Schaefer	1fa8c43a8c	JavaScript: Remove a redundant extractor option.	2019-11-06 13:01:28 +00:00
Max Schaefer	79f1079460	JavaScript: Add `options` files with `--experimental` extractor options.	2019-11-06 13:01:23 +00:00
Max Schaefer	a4bf361f64	JavaScript: Remove remaining `--experimental` extractor options.	2019-11-06 12:54:44 +00:00
Asger F	81723ab92a	JS: Update GlobalAccessPaths test	2019-11-06 11:58:06 +00:00
Asger F	bc35f24f31	JS: Generalize access paths to arbitrary root nodes	2019-11-06 11:58:06 +00:00
semmle-qlci	04f0c22f24	Merge pull request #2203 from erik-krogh/ignorePureFunction Approved by max-schaefer, mchammer01	2019-11-06 09:09:11 +00:00
Max Schaefer	3e92d0ffb5	JavaScript: Remove redundant `--experimental` extractor options.	2019-11-05 15:59:24 +00:00
Erik Krogh Kristensen	16b63b3d01	move deferred model to the query where it is used	2019-11-05 15:45:17 +01:00
Erik Krogh Kristensen	7045cd2648	Merge remote-tracking branch 'upstream/master' into deferredModel	2019-11-05 15:08:47 +01:00
semmle-qlci	794d5bda6d	Merge pull request #2116 from erik-krogh/arrayCBRet Approved by max-schaefer	2019-11-05 11:32:13 +00:00
Asger F	c373be0dee	JS: Update TaintBarriers test	2019-11-05 10:26:04 +00:00
Asger F	d8ac0abb7f	JS: Add test	2019-11-05 10:06:21 +00:00
semmle-qlci	eb6e8866fa	Merge pull request #2247 from max-schaefer/odasa-8149 Approved by asger-semmle, esbena	2019-11-05 09:40:54 +00:00
Max Schaefer	770a4703c9	Merge pull request #2237 from asger-semmle/typescript3.7-rc TS: Add support for TypeScript 3.7	2019-11-04 16:36:11 +00:00
Esben Sparre Andreasen	7f55e3f336	JS: classify Doxygen-generated files as "generated"	2019-11-04 09:57:41 +01:00

... 36 37 38 39 40 ...

3044 Commits