hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-20 22:27:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
526 Commits 1,758 Branches 167 Tags
05ef589b79b0ceeeb845d905ac3efc3e5df022fa
Commit Graph

97 Commits

Author SHA1 Message Date
Max Schaefer
25224cc4a0 Revert "TypeScript: disable queries that rely on token information" 
This reverts commit 003b600e24.
 2018-10-22 11:06:11 +01:00
Esben Sparre Andreasen
2e49cd117a JS: avoid flagging early returns in js/user-controlled-bypass 
(cherry picked from commit ffbbb807f4)
 2018-10-19 08:30:03 +01:00
Asger F
f9634040b0 TypeScript: add test case with mixed rescanned tokens 
(cherry picked from commit 057af7c865)
 2018-10-19 08:30:03 +01:00
Asger F
39c788f4f1 TypeScript: test case for tokens starting with ">" 
(cherry picked from commit d3a1df644c)
 2018-10-19 08:30:03 +01:00
Asger F
2abe34b2f9 TypeScript: test case for whitespace before a rescanned token 
(cherry picked from commit a199035a05)
 2018-10-19 08:30:03 +01:00
Asger F
cbf06ae74d TypeScript: test case for tokenization of template literals 
(cherry picked from commit 9146cc26bd)
 2018-10-19 08:30:03 +01:00
Asger F
4d7e762629 TS: test case for type expansion through type parameter bound 
(cherry picked from commit 8bc92bd534)
 2018-10-19 08:30:03 +01:00
Max Schaefer
5167d43fbc JavaScript: Refactor AnalyzedPropertyWrite::writes to enable correct modelling of variable exports. 
(cherry picked from commit 080f974663)
 2018-10-19 08:30:03 +01:00
Max Schaefer
2b7d69aaf4 JavaScript: Add support for Google Cloud Spanner. 
(cherry picked from commit cd284b2f97)
 2018-10-19 08:30:03 +01:00
Max Schaefer
5e75a62f5c JavaScript: Add test case for type inference in the presence of non-toplevel imports. 
(cherry picked from commit 8b7bb8cecc)
 2018-10-19 08:30:03 +01:00
semmle-qlci
b17aeb689c Merge pull request #118 from esben-semmle/js/request-forgery 
Approved by asger-semmle
 2018-09-11 16:28:59 +01:00
Asger F
0a4a5da1f0 JavaScript: update output of CFG test 2018-09-11 12:15:01 +01:00
Asger F
3d444f3dc6 JavaScript: fix CFG for EnhancedForStmt 2018-09-11 12:15:01 +01:00
semmle-qlci
62e9946fe2 Merge pull request #150 from asger-semmle/ts-asi-bug 
Approved by xiemaisi
 2018-09-05 21:22:29 +01:00
Esben Sparre Andreasen
f63a3b3f39 JS: add missing abstract modifier 2018-09-05 09:20:45 +02:00
Esben Sparre Andreasen
2306afdebf JS: use extensible architecture for Electron- and NodeClientRequest 2018-09-05 09:20:45 +02:00
Esben Sparre Andreasen
0da14fccbd JS: renaming UrlRequests.qll -> ClientRequests.qll 2018-09-05 09:20:45 +02:00
Esben Sparre Andreasen
6d78350fee JS: s/URLRequest/ClientRequest, merge with NodeJSLib::ClientRequest 2018-09-05 09:20:45 +02:00
Asger F
7bd53e72dc TypeScript: fix alerts in ambient code 2018-09-04 13:55:48 +01:00
Asger F
003b600e24 TypeScript: disable queries that rely on token information 2018-09-04 13:18:37 +01:00
Esben Sparre Andreasen
f5a6af54e6 JS: add security query: js/request-forgery 2018-09-04 09:25:42 +02:00
Esben Sparre Andreasen
2104cf55e3 JS: add models of URL requests 2018-09-04 09:25:42 +02:00
Max Schaefer
759d98661c Merge pull request #117 from esben-semmle/js/push-sort-taint-steps 
JS: support `push` and `sort` taint steps for arrays
 2018-09-03 09:20:35 +01:00
Max Schaefer
20bff709b1 Merge pull request #136 from esben-semmle/js/composed-function-taint 
JS: model composed functions (RC)
 2018-09-03 08:18:20 +01:00
Max Schaefer
7e3adec789 Merge pull request #135 from esben-semmle/js/pick-get-taint-steps 
JS: model property projection calls (RC)
 2018-09-03 08:17:42 +01:00
Esben Sparre Andreasen
90b3902244 JS: add a taint step for property projection 2018-08-30 09:39:02 +02:00
Esben Sparre Andreasen
df97132519 JS: add model for property projection 2018-08-30 09:39:02 +02:00
Esben Sparre Andreasen
86ab9adb06 JS: support push and sort taint steps for arrays 2018-08-30 09:14:06 +02:00
Esben Sparre Andreasen
dc72788746 JS: add a model of some function composition libraries 2018-08-30 08:17:01 +02:00
semmle-qlci
d22a65a66b Merge pull request #108 from esben-semmle/js/classify-generated-data-files 
Approved by xiemaisi
 2018-08-29 14:15:55 +01:00
Esben Sparre Andreasen
02d56306c9 JS: classify generated data files 2018-08-27 15:06:00 +02:00
Dave Bartolomeo
d920fc7d94 Force LF line endings for .ql, .qll, and .qlref files 2018-08-24 11:58:58 -07:00
semmle-qlci
55ceb9be8b Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers 
Approved by xiemaisi
 2018-08-24 08:37:41 +01:00
Max Schaefer
2187b0c245 Merge pull request #89 from esben-semmle/js/sharpen-type-confusion 
JS: remove emptiness checks from the type confusion `x.length` sinks
 2018-08-23 08:04:09 +01:00
Esben Sparre Andreasen
20b48a2d24 JS: support relational indexof comparison sanitizers 2018-08-22 15:58:47 +02:00
Esben Sparre Andreasen
218c0cb51a JS: address review comments 2018-08-22 13:54:07 +02:00
Esben Sparre Andreasen
fef257b1ec JS: remove emptiness checks from the type confusion x.length sinks 2018-08-22 13:25:22 +02:00
Asger F
35aa2e6fbb TypeScript: update test output 2018-08-22 10:18:38 +01:00
Asger F
4eeaf63a3a TypeScript: update related test output 2018-08-22 10:18:38 +01:00
Asger F
d26aa04642 TypeScript: support optional and rest elements in static tuple type 2018-08-22 10:18:38 +01:00
Asger F
96005d2147 TypeScript: support unknown static type 2018-08-22 10:18:38 +01:00
Asger F
9a9bbac99e TypeScript: support syntax for unknown types 2018-08-22 10:18:38 +01:00
Asger F
4a9eb0fd3f TypeScript: Add tests for OptionalTypeExpr and RestTypeExpr 2018-08-22 10:18:38 +01:00
Asger F
241ce10da4 TypeScript: support syntax for rest elements in tuple types 2018-08-22 10:18:38 +01:00
Asger F
204b2a3002 TypeScript: support syntax for optional tuple type elements 2018-08-22 10:18:38 +01:00
semmle-qlci
7e7e30c01c Merge pull request #73 from esben-semmle/js/cleartext-logging-query 
Approved by xiemaisi
 2018-08-22 08:04:36 +01:00
semmle-qlci
7661a98909 Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference 
Approved by xiemaisi
 2018-08-22 08:02:27 +01:00
Esben Sparre Andreasen
2b9f5c3fa2 JS: remove check for test-environment in js/clear-text-logging 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
3636708d30 JS: extract and expose StringConcatenationTaintStep in TaintTracking 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
6f5fb2a9fe JS: update queries and tests for improved type inference 2018-08-21 22:07:38 +02:00