hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,769 Commits 1,672 Branches 157 Tags
0f9113905536d145c72b52bc69c20c43ed50f08d
Commit Graph

2505 Commits

Author SHA1 Message Date
Asger F
c327ee5d4f JS: Update TRAP 2019-11-15 09:27:19 +00:00
Asger F
591fffc5cc JS: Add test case for wide constants in char class 2019-11-15 09:27:19 +00:00
Asger F
68d23bcf8c JS: Extract surrogate pairs as one constant node 2019-11-15 09:27:19 +00:00
Asger F
6e1c995f2f JS: Merge consecutive constants in RegExps 2019-11-15 09:27:19 +00:00
Asger F
0e1246c0e5 JS: Extract RegExp ASTs from string literals 2019-11-15 09:27:18 +00:00
Asger F
0cf191f70d JS: Bump extractor version string 2019-11-15 09:27:18 +00:00
Esben Sparre Andreasen
8e6a19b3d3 JS: add DefaultParsedCommandLineArgumentsAsSource 2019-11-15 08:42:02 +01:00
Esben Sparre Andreasen
2ea7d141c8 Merge pull request #2310 from max-schaefer/js/insufficient-url-scheme-check 
JavaScript: Add query `IncompleteUrlSchemeCheck`
 2019-11-14 22:13:02 +01:00
semmle-qlci
0638907825 Merge pull request #2324 from esbena/js/torrent-as-remote-source 
Approved by max-schaefer
 2019-11-14 20:28:07 +00:00
Max Schaefer
3b1e6c362c JavaScript: Address review comments. 2019-11-14 17:11:59 +00:00
Esben Sparre Andreasen
cc768345d0 JS: add security tests for malicious torrents 2019-11-14 13:54:19 +01:00
Esben Sparre Andreasen
bea59ec8ad JS: add some parsed torrent properties as remote flow sources 2019-11-14 13:54:19 +01:00
semmle-qlci
67963a5b9d Merge pull request #2258 from asger-semmle/js-ignore-codesql-databases 
Approved by esbena
 2019-11-14 08:34:23 +00:00
Dave Bartolomeo
e89ecc19e3 Merge pull request #2302 from max-schaefer/test-qlpacks 
Add `qlpack.yml` files for test folders.
 2019-11-13 12:21:19 -07:00
Erik Krogh Kristensen
538690eee6 remove duplicate reflectiveCallNode method, and removing redundant getExpr() method 2019-11-13 15:53:21 +01:00
semmle-qlci
b11a7427c2 Merge pull request #2270 from erik-krogh/reflectiveExpr 
Approved by max-schaefer
 2019-11-13 13:08:40 +00:00
Max Schaefer
f804d316d7 Update javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-13 12:24:19 +00:00
Max Schaefer
ab583b7994 JavaScript: Add query IncompleteUrlSchemeCheck.ql. 2019-11-13 10:27:18 +00:00
Max Schaefer
155cea7b5b Revert "JavaScript: Improve double-escaping query" 2019-11-12 22:54:12 +00:00
semmle-qlci
6c9f92666e Merge pull request #2285 from asger-semmle/dataflow-syntax-examples 
Approved by max-schaefer
 2019-11-12 16:50:29 +00:00
Max Schaefer
5b2e32b051 Add qlpack.yml files for test folders. 2019-11-12 15:03:02 +00:00
Erik Krogh Kristensen
6f6c4c4fcc fix tests after change from tabs to spaces 2019-11-12 08:48:01 +01:00
Erik Krogh Kristensen
67b38ed301 correctly weed out benign calls inside attributes 2019-11-11 15:30:33 +01:00
Felicity Chapman
c4f958d396 Merge pull request #2263 from sauyon/master 
Update links to OWASP cheat sheet
 2019-11-11 08:51:52 +00:00
Asger F
a2ff4e9494 JS: member -> property 2019-11-08 16:23:59 +00:00
Asger F
2a473fb9e7 Update javascript/ql/src/semmle/javascript/dataflow/Nodes.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-08 16:15:08 +00:00
Asger F
4ad03a9061 Update javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-08 16:14:53 +00:00
Asger F
53d470da2f JS: Add syntax examples to DataFlow classes 2019-11-08 15:51:26 +00:00
semmle-qlci
d9c7549dbe Merge pull request #2279 from max-schaefer/js/touchstone-files 
Approved by asger-semmle
 2019-11-08 14:33:23 +00:00
Esben Sparre Andreasen
9b346b1d52 Merge pull request #2260 from max-schaefer/js/_min 
JavaScript: Classify files with names ending in `_min` as minified.
 2019-11-08 13:52:33 +01:00
semmle-qlci
867ed16777 Merge pull request #2276 from asger-semmle/inclusion-test 
Approved by max-schaefer
 2019-11-08 10:57:11 +00:00
Max Schaefer
d7831d2680 JavaScript: Short-circuit bad-header check on empty files. 2019-11-08 10:30:53 +00:00
Max Schaefer
e8510fe71a TypeScript: Skip Touchstone files. 2019-11-08 09:17:05 +00:00
Asger F
812ee34bbc JS: Use Files.exists() instead 2019-11-07 15:53:29 +00:00
semmle-qlci
e65271dfad Merge pull request #2251 from asger-semmle/barrier-guard-improvements 
Approved by esbena
 2019-11-07 15:50:23 +00:00
semmle-qlci
f79c2a7630 Merge pull request #2224 from asger-semmle/access-paths-with-source-node-root 
Approved by max-schaefer
 2019-11-07 15:46:14 +00:00
Asger F
8544850945 JS: Generalize StringOps::Includes to ::InclusionTest 2019-11-07 14:35:17 +00:00
Erik Krogh Kristensen
0c080a82be fix expected output 2019-11-07 14:31:09 +01:00
Erik Krogh Kristensen
232e875274 add test for getEnclosingExpr 2019-11-07 14:29:31 +01:00
Erik Krogh Kristensen
e4f6f41634 add DataFlow::getEnclosingExpr to get the an Expr from a potentially reflective call 2019-11-07 14:29:31 +01:00
semmle-qlci
3a7f9a588d Merge pull request #2267 from max-schaefer/js/qltest-extractor-options 
Approved by asger-semmle
 2019-11-07 11:36:45 +00:00
Max Schaefer
e314869e5c JavaScript: Classify files with names ending in _min as minified. 
We already do the same for `-min` and `.min`. [Here](https://github.com/antoniogarrote/rdfstore-js/blob/master/dist/rdfstore_min.js) is a real-world example.
 2019-11-07 10:33:47 +00:00
Sauyon Lee
0040c9fb4c Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00
Max Schaefer
54e40a8977 JavaScript: Move --html all extractor options into options file. 2019-11-06 16:30:01 +00:00
Asger F
d9beb54dde Merge pull request #2102 from erik-krogh/deferredModel 
JS: add Deferred model in js/use-of-returnless-function
 2019-11-06 14:30:03 +00:00
semmle-qlci
f73caac88d Merge pull request #2254 from asger-semmle/for-of-propread 
Approved by max-schaefer
 2019-11-06 13:44:55 +00:00
Max Schaefer
725059deea JavaScript: Remove --source-type module extractor options. 2019-11-06 13:01:59 +00:00
Max Schaefer
3ad5af7cef JavaScript: Move --extract-program-text extractor options into options files. 2019-11-06 13:01:55 +00:00
Max Schaefer
6b817203fd JavaScript: Move --tolerate-parse-errors extractor options into options file. 2019-11-06 13:01:28 +00:00
Max Schaefer
5681565d4a JavaScript: Move --html elements extractor options into options file. 2019-11-06 13:01:28 +00:00