hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-16 07:54:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,748 Commits 1,680 Branches 158 Tags
08fa3141cdafde38630c7e126e05b47a77918dec
Commit Graph

3561 Commits

Author SHA1 Message Date
semmle-qlci
26dfca80f6 Merge pull request #3510 from max-schaefer/cull-boring-queries 
Approved by asgerf, esbena
 2020-05-19 15:41:53 +01:00
Max Schaefer
a803120414 Lower precision for a number of queries. 
These queries are currently run by default, but don't have their results displayed.

Looking through results on LGTM.com, they are either false positives (e.g., `BitwiseSignCheck` which flags many perfectly harmless operations and `CompareIdenticalValues` which mostly flags NaN checks) or harmless results that developers are unlikely to care about (e.g., `EmptyArrayInit` or `MisspelledIdentifier`).

With this PR, the only queries that are still run but not displayed are security queries, where different considerations may apply.
 2020-05-19 13:43:17 +01:00
semmle-qlci
0c081a8e87 Merge pull request #3497 from esbena/js/yield-and-local-objects 
Approved by asgerf, erik-krogh
 2020-05-19 09:02:22 +01:00
semmle-qlci
0d762066f5 Merge pull request #3504 from erik-krogh/unique 
Approved by esbena
 2020-05-19 08:35:08 +01:00
Erik Krogh Kristensen
202b8a56b7 apply the unique aggregate where trivially applicable 2020-05-18 20:37:38 +02:00
Asger F
96d6115452 Merge branch 'master' into js/sql-type-tracking 2020-05-18 15:58:42 +01:00
Asger F
a9983fdb49 Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 13:23:22 +01:00
Max Schaefer
6797fec1a3 JavaScript: Add more models of packages that execute commands over SSH. 2020-05-18 12:08:14 +01:00
Esben Sparre Andreasen
a9ba6ac659 JS: make LocalObjects::isEscape aware of yield 2020-05-18 12:43:46 +02:00
semmle-qlci
14664be467 Merge pull request #3468 from p0/imp/nodejs-vm-sinks 
Approved by esbena
 2020-05-18 11:10:13 +01:00
Asger Feldthaus
a18e0b37cf JS: simplify sequelize model 2020-05-18 09:34:17 +01:00
Asger F
f52c827966 Apply suggestions from code review 
Base type of EscapingSanitizer

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 09:31:09 +01:00
Asger F
ffb22c061a Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 09:28:22 +01:00
semmle-qlci
6041d52936 Merge pull request #3424 from asger-semmle/js/express-param-handler 
Approved by esbena
 2020-05-18 08:48:24 +01:00
semmle-qlci
135eae9895 Merge pull request #3483 from esbena/js/fix-qhelp-FNs 
Approved by asgerf
 2020-05-18 08:47:05 +01:00
semmle-qlci
0230b79efc Merge pull request #3391 from erik-krogh/SplitFPs 
Approved by esbena
 2020-05-18 08:46:26 +01:00
semmle-qlci
8d41ce1630 Merge pull request #3480 from erik-krogh/moreSlip 
Approved by esbena
 2020-05-16 21:17:27 +01:00
Asger Feldthaus
897a3e39c9 JS: Autoformat 2020-05-16 09:37:16 +01:00
Asger Feldthaus
0171c9e10c JS: Autoformat 2020-05-16 09:25:18 +01:00
Asger Feldthaus
d279845a43 JS: Minor fixes 2020-05-16 09:24:53 +01:00
Asger Feldthaus
5249e84359 JS: Type track spanner model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
d225715828 JS: Type track mssql model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
6dcee5a0ef JS: Type track sqlite model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
84cd02cf01 JS: Type track pg model 2020-05-15 17:27:27 +01:00
Asger Feldthaus
f7771f17d1 JS: Type track mysql model 2020-05-15 17:27:27 +01:00
Asger Feldthaus
3e9849b7c4 JS: Type track sequelize model 2020-05-15 17:27:24 +01:00
Esben Sparre Andreasen
1c5bffc095 JS: fix some FNs in the qhelp examples 2020-05-15 12:40:38 +02:00
Asger Feldthaus
d84f1b47c2 JS: Refactor RequestInputAccess to use source nodes 2020-05-15 09:59:28 +01:00
Asger Feldthaus
da974f1527 JS: Add test with dynamic access to req.query 2020-05-15 09:59:28 +01:00
Asger Feldthaus
659e2ff709 JS: Tweak evaluation of route handler params 2020-05-15 09:59:27 +01:00
Asger F
b9995b784d Update javascript/ql/src/semmle/javascript/frameworks/ConnectExpressShared.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-15 09:59:27 +01:00
Asger Feldthaus
a982cdc39c JS: Autoformat 2020-05-15 09:59:27 +01:00
Asger Feldthaus
bfbe70a7a9 JS: Fixes 2020-05-15 09:59:27 +01:00
Asger Feldthaus
82d3a7eb23 JS: Go back to disjunction 😭 2020-05-15 09:59:27 +01:00
Asger Feldthaus
c45d84f8f3 JS: Update getRouteHandlerParameter and router tracking 2020-05-15 09:59:27 +01:00
Asger Feldthaus
9cacfab7c6 JS: Recognize Express param value callback as RemoteFlowSource 2020-05-15 09:59:26 +01:00
Erik Krogh Kristensen
6d79bab7e4 rename Fs to FS 2020-05-15 10:54:08 +02:00
semmle-qlci
a536069059 Merge pull request #3408 from esbena/js/unsafe-html-expansion 
Approved by asgerf, mchammer01
 2020-05-15 08:24:12 +01:00
Erik Krogh Kristensen
e7d1b12ac8 add test 2020-05-14 20:31:23 +02:00
Erik Krogh Kristensen
6d2bffef72 add fs.open/openSync as ZipSlip sinks 2020-05-14 20:31:13 +02:00
Erik Krogh Kristensen
2d675262b2 use the generalized fs module in more places 2020-05-14 20:31:00 +02:00
semmle-qlci
c06680a496 Merge pull request #3470 from asger-semmle/js/cache-module-import 
Approved by esbena
 2020-05-14 17:20:04 +01:00
semmle-qlci
23532ae49a Merge pull request #3467 from erik-krogh/tarSlip 
Approved by esbena
 2020-05-14 14:06:42 +01:00
semmle-qlci
57f44c5a81 Merge pull request #2886 from asger-semmle/js/call-graph-exploration 
Approved by erik-krogh, esbena
 2020-05-14 14:01:23 +01:00
semmle-qlci
384df88df1 Merge pull request #3359 from erik-krogh/MayHavePropName 
Approved by esbena
 2020-05-14 13:52:45 +01:00
Asger Feldthaus
e491431f4e JS: Autoformat 2020-05-14 13:29:33 +01:00
Pavel Avgustinov
3cc13db3a0 NodeJSLib: Restore backwards-compatibility. 2020-05-14 12:51:09 +01:00
Asger Feldthaus
1cdb51741f JS: Dont use deprecated API in test case 2020-05-14 11:08:31 +01:00
Pavel Avgustinov
ab2d059ed4 JavaScript: Model extra sinks in vm module 2020-05-14 10:01:40 +01:00
Erik Krogh Kristensen
b12e21edcc add test for new zipslip sanitizer 2020-05-14 10:11:37 +02:00