hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
73,211 Commits 1,672 Branches 157 Tags
00688ebd798d2ec5ea88e11c1109b82332fb02d1
Commit Graph

130 Commits

Author SHA1 Message Date
Napalys Klicius
61e00861e5 Merge pull request #18008 from Napalys/napalys/ES2024-group-functions 
JS: Added support for [Object, Map].groupBy ES2024 feature
 2024-11-21 19:03:57 +01:00
Napalys
afc2d3e6d2 JS: Add: String.protytpe.toWellFormed to StringManipulationTaintStep 2024-11-20 17:42:25 +01:00
Napalys Klicius
a957e00fe5 Merge branch 'main' into napalys/ES2024-group-functions 2024-11-20 14:03:31 +01:00
Napalys
58faa2d71e JS: Add: dataflow step for static method of groupBy from Map. 2024-11-20 13:34:11 +01:00
Napalys
6344f83e4b JS: Add: tests for taint tracking in groupBy functions 2024-11-20 13:22:53 +01:00
Napalys
213ce225e0 JS: Add: taint step for Object.groupBy function, fixed test cases from 8ae05d8be4 2024-11-18 12:58:07 +01:00
Napalys
c02ad65fdc JS: Add: taint step for Map.groupBy function 2024-11-18 12:50:06 +01:00
Napalys
bed1f25b3f JS: Fix: Now Array.prototype.with is properly flagged as taint step 2024-11-15 10:35:34 +01:00
Napalys Klicius
6fa3ff39a0 Merge branch 'main' into napalys/toSpliced-support 2024-11-14 16:56:32 +01:00
Napalys
84234d59b9 JS: Fix: Ensure toSpliced with spread operator is flagged 2024-11-13 17:21:34 +01:00
Napalys
cf90430ec0 JS: Add: Missing test case for splice spread operator 2024-11-13 17:07:17 +01:00
Napalys
2df3d1b251 JS: Fix: Ensure toSpliced is flagged by taint tracking in test suite (ed44358143) 2024-11-13 15:58:20 +01:00
Napalys
b4c84d3d3c Added taint step for toSpliced, handles test from a65f80ef76 2024-11-13 12:41:41 +01:00
Napalys
7427a24ca1 Added test case for Array.prototype.toReversed, which is currently not flagged as a taint sink. 2024-11-12 12:02:37 +01:00
Napalys
3f0a54c2e8 Added support for Array.prototype.toSorted function 2024-11-12 12:02:04 +01:00
Napalys
81bc7cd19f Refactored SortTaintStep to ArrayInPlaceManipulationTaintStep to support both sort and reverse functions. Fixed newly added test case. from 8026a99db7 2024-11-11 08:32:03 +01:00
Asger F
18db769d6d JS: Update expected output 2024-02-14 10:45:51 +01:00
Asger F
bafe5e3d8e JS: Add test case (with old expected data) 2024-02-14 10:45:51 +01:00
erik-krogh
7ca0996912 add a taint-tracking tests for calls to tagged template strings 2023-10-06 21:39:42 +02:00
erik-krogh
a57981ea69 apply suggestions from review 2022-08-23 10:18:14 +02:00
erik-krogh
45e78a355f ensure call-apply.js is seen as a module 2022-08-23 10:11:46 +02:00
erik-krogh
2f11f3760e simplify getALibraryInputParameter by adding more general dataflow for the arguments object 2022-08-22 08:32:43 +02:00
Erik Krogh Kristensen
11b039c1f1 add tests 2022-08-22 08:29:28 +02:00
Erik Krogh Kristensen
1717d17fb3 add flow step for Array.prototype.at 2022-05-24 12:41:27 +02:00
Asger Feldthaus
cff8dc0537 JS: Improve flow through Array.prototype.reduce 2022-04-07 09:57:31 +02:00
Asger Feldthaus
8753632193 JS: Fix bug in reachableFromStoreBase 2022-03-17 17:30:46 +01:00
Asger Feldthaus
b336c29283 JS: Track functions with methods 2021-12-10 09:38:29 +01:00
Asger Feldthaus
4ef2a5f4f1 JS: Add test 2021-12-10 09:38:29 +01:00
Erik Krogh Kristensen
d2c74480b9 add taint step through flatten libraries 2021-07-15 12:36:07 +02:00
Erik Krogh Kristensen
77f4d56cd9 add taint step through array-union, array-uniq, and uniq 2021-07-15 12:32:29 +02:00
Erik Krogh Kristensen
5ff7d208b7 add taint step through arrify 2021-07-15 11:24:50 +02:00
CodeQL CI
f9b539e5b9 Merge pull request #6253 from asgerf/js/more-precise-capture-steps 
Approved by erik-krogh
 2021-07-13 07:42:07 -07:00
CodeQL CI
c87fe95d52 Merge pull request #6258 from erik-krogh/case 
Approved by asgerf
 2021-07-13 05:44:49 -07:00
Erik Krogh Kristensen
d22ebadcf2 add support for many more case changing libraries 2021-07-12 14:09:34 +02:00
Erik Krogh Kristensen
a5d1325d3f add support for the change-case library 2021-07-12 13:37:06 +02:00
Erik Krogh Kristensen
bef7e61e76 add support for the fast-json-stringify library 2021-07-12 11:13:01 +02:00
Erik Krogh Kristensen
40aa970db3 add support for the strip-json-comments library 2021-07-12 11:08:50 +02:00
Erik Krogh Kristensen
23c3be6860 add support for the json-cycle library 2021-07-12 11:03:39 +02:00
Erik Krogh Kristensen
f99a33598f add support for the safe-stable-stringify library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
d6300bced3 add support for the replicator library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
babf657d9d add support for the teleport-javascript library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
9261b7f859 add support for the flatted library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
0bfff1eb7e add support for the json5 library 2021-07-12 10:51:42 +02:00
Erik Krogh Kristensen
cb3bd4901b add taint step through the json2csv library 2021-07-12 10:51:42 +02:00
Asger Feldthaus
457ce14ca6 JS: Summarize steps into captured variables 2021-07-02 13:42:42 +02:00
Asger Feldthaus
093ff41170 JS: Update tests 2021-07-02 13:31:17 +02:00
Asger Feldthaus
8befb03cb9 JS: Add test case with spurious call/return flow 2021-07-02 13:17:32 +02:00
Erik Krogh Kristensen
0adc001df0 add taint-step for serialize-javascript 2021-06-06 22:48:53 +02:00
Erik Krogh Kristensen
902a4368a1 assume that all pipe elements that return something, return outputs 2021-04-28 12:36:07 +02:00
Erik Krogh Kristensen
2f14a6218a generalize RxJS pipes 2021-04-28 12:26:02 +02:00