hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,671 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

3044 Commits

Author SHA1 Message Date
semmle-qlci
fd2e8486e4 Merge pull request #1862 from asger-semmle/prototype-pollution-angular-merge 
Approved by esben-semmle
 2019-09-05 12:50:58 +01:00
semmle-qlci
e6bfe2bd5d Merge pull request #1873 from asger-semmle/type-inf-consistency 
Approved by xiemaisi
 2019-09-05 12:46:59 +01:00
Esben Sparre Andreasen
a9665f53b8 JS: whitelist quote stripping for js/incomplete-sanitization 2019-09-05 09:47:49 +01:00
Asger F
27567e41c5 JS: Add angular.fromJson as JSON parser 2019-09-04 16:14:51 +01:00
Asger F
5aa948cd17 JS: Add angular.merge sink to prototype pollution query 2019-09-04 16:14:51 +01:00
Asger F
9f8bf90424 JS: Update Express test 2019-09-04 11:43:21 +01:00
Asger F
c06fd451d6 JS: Handle router chaining in type tracking predicate 2019-09-04 11:43:21 +01:00
semmle-qlci
e4d59c361a Merge pull request #1856 from asger-semmle/ts-base-types 
Approved by xiemaisi
 2019-09-03 10:12:30 +01:00
Asger F
2006826101 JS: Avoid breaking local object analysis 2019-09-02 16:45:06 +01:00
Asger F
9f2f10fa15 JS: Make type inference flow go through ssa definition node 2019-09-02 16:45:06 +01:00
Asger F
8737dbb73d JS: Add test 2019-09-02 14:31:40 +01:00
Max Schaefer
91e46cd6fd JavaScript: Fix parsing of asynchronous generator methods. 2019-09-02 09:56:42 +01:00
semmle-qlci
6d55d1f7c0 Merge pull request #1707 from asger-semmle/canonical-name-call-graph 
Approved by xiemaisi
 2019-09-02 09:45:24 +01:00
Asger F
89b91af6db JS: Make getDocumentation handle chain assignments 2019-08-30 18:20:54 +01:00
Asger F
1b6cc4ebcc JS: Update test 2019-08-30 18:19:19 +01:00
Asger F
1e5f0a4e2f JS: Update DataFlow tests 2019-08-30 18:19:19 +01:00
Asger F
5512846e6f JS: Update TypeTracking test 2019-08-30 18:19:19 +01:00
Asger F
bd6768e2c8 JS: Fix closure namespace prefix and update tests 2019-08-30 18:19:19 +01:00
Asger F
313579c258 JS: Restrict flow to access paths assigned in a unique file 2019-08-30 18:19:18 +01:00
Asger F
48b70c4f1d JS: Add type-tracking test case 2019-08-30 18:19:18 +01:00
Asger F
f219598281 JS: Update DeclarationFiles test 2019-08-30 16:02:42 +01:00
Asger F
fa3532ca8c TS: Handle locally defined packages 2019-08-30 16:02:42 +01:00
Asger F
d8cda5e268 JS: Add Firebase test with types 2019-08-30 16:02:41 +01:00
Max Schaefer
b6220998d1 JavaScript: Restrict setAttribute sink to potentially dangerous attribute names. 2019-08-30 11:57:29 +01:00
Max Schaefer
78ce290de3 JavaScript: Fix DomMethodCallExpr.interpretsArgumentsAsHTML. 2019-08-28 11:22:03 +01:00
semmle-qlci
fc59dd6819 Merge pull request #1788 from asger-semmle/additional-type-tracking-step 
Approved by xiemaisi
 2019-08-24 11:55:16 +01:00
Pavel Avgustinov
cc854dd937 Merge branch 'master' of github.com:Semmle/ql into attribute 2019-08-23 09:55:35 +01:00
Asger F
45d4b83fc8 TS: Extract type args to tagged template exprs 2019-08-22 18:07:29 +01:00
Asger F
fd7cfedf4b JS: Add AdditionalTypeTrackingStep 2019-08-21 13:44:03 +01:00
Pavel Avgustinov
ca951f1669 Add jquery-datatables license to make it clear which option we choose 2019-08-17 16:31:18 +01:00
semmle-qlci
6c3d1d676b Merge pull request #1694 from asger-semmle/concatenation-operand 
Approved by xiemaisi
 2019-08-08 12:41:30 +01:00
Asger F
5e87d5c751 JS: Update syntactic heuristics 2019-08-07 10:53:17 +01:00
Asger F
f173e3024a JS: Add getConstantStringParts() and HTML concat node 2019-08-07 10:53:17 +01:00
Asger F
f101944c92 JS: Expand on the StringOps::Concatenation API 2019-08-07 10:53:17 +01:00
Asger F
2df0b08b26 JS: Add test with header access 2019-08-06 15:43:39 +01:00
Asger F
c4006be0e8 JS: Add more axios tests 2019-08-06 15:28:53 +01:00
Asger F
af7b942eec JS: Add newline in test 2019-08-06 15:28:53 +01:00
Asger F
4fb3fd992d JS: Address comments 2019-08-06 15:28:53 +01:00
Asger F
7fb6615970 JS: Test for XhrIo 2019-08-06 15:28:53 +01:00
Asger F
4eb072a376 JS: Test for 'superagent' package 2019-08-06 15:28:53 +01:00
Asger F
ce4f098625 JS: Test for 'got' package 2019-08-06 15:28:52 +01:00
Asger F
f88a7162c5 JS: Test for fetch 2019-08-06 15:28:52 +01:00
Asger F
b8c1714ba9 JS: Test for 'axios' package 2019-08-06 15:28:52 +01:00
Asger F
4f6b6d12e0 JS: Test for 'request' package 2019-08-06 15:28:52 +01:00
Asger F
93be5ab715 JS: Test for XMLHttpRequest 2019-08-06 15:28:52 +01:00
Asger F
250a5997e2 JS: Add test query for getAResponseDataNode 2019-08-06 15:28:52 +01:00
Asger F
d1179be757 JS: Move ClientRequest tests into shared ql file 2019-08-06 15:28:52 +01:00
Asger F
5397da7579 JS: Handle implicit return in getImmediatePredecessor 2019-08-02 20:35:22 +01:00
Asger F
8e1893d0ed JS: Update range analysis to use getImmediatePredecessor 2019-08-02 20:35:22 +01:00
Asger F
9e949d0f44 JS: Add taint step through destructuring for-of loop 2019-08-02 20:35:21 +01:00