hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
39,499 Commits 1,671 Branches 157 Tags
097d5189e9bbaecfd0e239e5198ac8e8ac14f2f6
Commit Graph

90 Commits

Author SHA1 Message Date
Max Schaefer
cc8d68082e JavaScript: Show ZipSlip results by default. 2019-03-14 08:50:47 +00:00
Felicity Chapman
7da36081b2 Minor text updates for consistency 2019-03-13 09:03:29 +00:00
Felicity Chapman
5c29a2641c Sort table alphabetically 2019-03-13 08:51:49 +00:00
Jason Reed
126e207bd0 JS: Add change note. 2019-03-06 09:46:41 +00:00
semmle-qlci
9a2a328243 Merge pull request #1025 from xiemaisi/js/fix-exports-assign 
Approved by asger-semmle
 2019-03-04 21:25:56 +00:00
Max Schaefer
3cabc12be3 JavaScript: Teach InvalidExport to never flag module.exports = exports = ... and similar. 
This was previously flagged if `exports` wasn't used any further. While it's true that the assignment to `exports` is redundant in this case, the assignment is also flagged by DeadStorOfLocal, so there is no point in InvalidExport flagging it as well.
 2019-03-04 09:53:37 +00:00
Max Schaefer
83e0f3bc8d Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 
JS: Captured Nodes, type inference + a query
 2019-03-01 10:48:52 +00:00
Max Schaefer
a6f3305edc Merge pull request #1006 from asger-semmle/express-end 
JS: Treat res.end() as alias for res.send() in Express
 2019-03-01 10:30:06 +00:00
Asger F
2dc7f32ca3 JS: add Express to list of updated frameworks 2019-02-28 15:28:42 +00:00
semmle-qlci
6602b4dbda Merge pull request #992 from xiemaisi/js/socket.io 
Approved by asger-semmle
 2019-02-27 18:43:40 +00:00
Max Schaefer
37a3085466 Merge pull request #993 from asger-semmle/getacallee 
JS: document new behavior of overriding InvokeNode.getACallee()
 2019-02-27 09:00:59 +00:00
Asger F
eaf3f52372 JS: document new behavior of overriding InvokeNode.getACallee() 2019-02-26 16:09:19 +00:00
Max Schaefer
cc6ca8bc62 JavaScript: Add change note. 2019-02-26 15:53:29 +00:00
Max Schaefer
0635e1ba02 JavaScript: Update change note. 
I've eliminated the clumsily worded "client-side code" and "server-side code" distinction, not least because Electron fits neither of those categories.
 2019-02-23 21:46:39 +00:00
Esben Sparre Andreasen
c84d898727 JS: change notes for js/unused-property and js/unused-variable 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
bfbf686d7b JS: fixup changenote for js/unbound-event-handler-receiver 2019-02-21 21:44:28 +01:00
Max Schaefer
41eb1ff9d0 JavaScript: Drop precision of AmbiguousIdAttribute to 'high'. 2019-02-12 16:31:29 +00:00
Max Schaefer
25f95d9fb1 JavaScript: Be more conservative about templates in AmbiguousIdAttribute. 
Previously, we only excluded attributes where the value of the attribute itself suggests templating happening. Now we exclude all attributes in documents where _any_ attribute value suggests templating.
 2019-02-12 16:31:01 +00:00
Max Schaefer
6ce77ea1ef JavaScript: Add change note. 2019-02-08 09:57:07 +00:00
Asger F
e4b230ba60 Revert "Merge pull request #897 from Semmle/revert-817-closure-modules" 
This reverts commit 95185345fd, reversing
changes made to b8be66ec48.
 2019-02-07 11:58:38 +00:00
Max Schaefer
812cba0fe3 Merge pull request #828 from esben-semmle/js/vue-support-1 
JS: basic Vue support
 2019-02-07 08:00:17 +00:00
Asger F
e46e2b2515 Revert "JS: Add support for Closure modules" 2019-02-06 17:30:45 +00:00
semmle-qlci
b13c11017c Merge pull request #885 from asger-semmle/async-waterfall 
Approved by xiemaisi
 2019-02-06 16:30:17 +00:00
Esben Sparre Andreasen
235625d03a Merge branch 'master' into js/vue-support-1 2019-02-06 16:57:16 +01:00
semmle-qlci
09825f28ed Merge pull request #817 from asger-semmle/closure-modules 
Approved by esben-semmle, xiemaisi
 2019-02-06 15:51:53 +00:00
semmle-qlci
a2691b32b5 Merge pull request #851 from xiemaisi/js/post-message-star 
Approved by esben-semmle
 2019-02-06 09:57:04 +00:00
Esben Sparre Andreasen
fb19032038 JS: change notes for Vue support 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
a78dd422b6 JS: add query js/vue/arrow-method-on-vue-instance 2019-02-06 09:38:00 +01:00
Asger F
ddd72190cb JS: change note 2019-02-05 16:59:29 +00:00
Asger F
9fd4e81f20 JS: add change note 2019-02-04 14:21:34 +00:00
semmle-qlci
222738072d Merge pull request #840 from esben-semmle/js/propagate-sound-avalue 
Approved by xiemaisi
 2019-02-01 09:23:43 +00:00
Max Schaefer
aeb8cc62b2 JavaScript: Reclassify PostMessageStar as CWE-201. 2019-01-31 08:08:52 +00:00
semmle-qlci
fc5b9dd55e Merge pull request #837 from asger-semmle/hardcoded-empty-string 
Approved by esben-semmle
 2019-01-30 13:40:39 +00:00
Max Schaefer
769e407c24 JavaScript: Add new query PostMessageStar. 2019-01-30 10:26:43 +00:00
Esben Sparre Andreasen
5d5900a534 JS: change notes for improved interprocedural type inference 2019-01-29 10:21:36 +01:00
semmle-qlci
a5aee9ed0f Merge pull request #833 from esben-semmle/js/sharpen-cond 
Approved by xiemaisi
 2019-01-29 08:03:06 +00:00
Asger F
5d4192ce0a JS: change note 2019-01-28 13:04:28 +00:00
Esben Sparre Andreasen
239fe6e419 fixup! JS: sharpen the js/trivial-conditional whitelist 2019-01-28 10:18:03 +01:00
Esben Sparre Andreasen
ef3b107cc1 JS: sharpen the js/trivial-conditional whitelist 2019-01-25 18:19:45 +01:00
Max Schaefer
e6672aaf70 Merge pull request #804 from esben-semmle/js/sharpen-unneeded-defensive 
JS: better handling of nested expressions in js/unneeded-defensive-code
 2019-01-25 11:23:51 +08:00
Esben Sparre Andreasen
9e4613094a JS: sharpen js/unneeded-defensive-code for negations and sequences 2019-01-21 09:00:35 +01:00
Asger F
a1c7f32fb6 JS: change note 2019-01-16 11:14:00 +00:00
semmle-qlci
5bc17923b1 Merge pull request #665 from asger-semmle/js-property-concat-sanitizer 
Approved by esben-semmle, xiemaisi
 2019-01-16 08:44:55 +00:00
semmle-qlci
cf3a4ac956 Merge pull request #767 from esben-semmle/js/unknown-bound-event-handler-receiver 
Approved by xiemaisi
 2019-01-16 08:36:11 +00:00
semmle-qlci
8655e5ae17 Merge pull request #768 from xiemaisi/js/call-summaries 
Approved by asger-semmle
 2019-01-16 08:35:31 +00:00
Max Schaefer
0877ec845a JavaScript: Add change note. 2019-01-15 09:03:11 +00:00
Asger F
ad6add383c JS: improve concatenation-sanitizer for property injection 2019-01-14 15:34:01 +00:00
Esben Sparre Andreasen
7f5dd1a4e8 JS: change notes for improved js/unbound-event-handler-receiver 2019-01-14 08:48:15 +01:00
Esben Sparre Andreasen
9af6a81a58 JS: change note for ODASA-7636 fix 2019-01-11 08:37:01 +01:00
Max Schaefer
89447846f1 JavaScript: Add change note. 2019-01-09 09:24:22 +00:00