hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-12 10:19:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,212 Commits 1,754 Branches 167 Tags
10ef945b51574e04ea5b0a973d06f7e5dd16a0ed
Commit Graph

539 Commits

Author SHA1 Message Date
Max Schaefer
10ef945b51 JavaScript: Restrict InstanceFieldAsPropWrite to fields with initializers. 2019-02-11 08:17:53 +00:00
semmle-qlci
937049e060 Merge pull request #891 from xiemaisi/js/simplify-sensitive-actions 
Approved by esben-semmle
 2019-02-08 14:12:47 +00:00
semmle-qlci
7e298cfbbe Merge pull request #900 from esben-semmle/js/defuse-default 
Approved by xiemaisi
 2019-02-08 11:28:32 +00:00
Max Schaefer
0be81dacdc JavaScript: Add classification of sensitive expressions. 
We now classify sensitive expressions into four categories (secret, id, password, certificate). This allows queries more fine-grained control over what kinds of sensitive data they want to deal with: for clear-text storage, for instance, user ids aren't so much of a problem.
 2019-02-08 08:43:22 +00:00
Max Schaefer
326b93bf84 JavaScript: Clean up classification of sensitive strings. 2019-02-08 08:43:22 +00:00
Asger F
e4b230ba60 Revert "Merge pull request #897 from Semmle/revert-817-closure-modules" 
This reverts commit 95185345fd, reversing
changes made to b8be66ec48.
 2019-02-07 11:58:38 +00:00
Esben Sparre Andreasen
5ad83360be JS: move default parameter values to the DefUse graph 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
f956e570cb JS: support default destructuring values in the dataflow graph 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
687b7f0a7f JS: exclude direct flow from the RHS in a destructuring assignment 2019-02-07 11:41:36 +01:00
Max Schaefer
812cba0fe3 Merge pull request #828 from esben-semmle/js/vue-support-1 
JS: basic Vue support
 2019-02-07 08:00:17 +00:00
Asger F
e46e2b2515 Revert "JS: Add support for Closure modules" 2019-02-06 17:30:45 +00:00
semmle-qlci
b8be66ec48 Merge pull request #887 from asger-semmle/jsdoc-accessors 
Approved by xiemaisi
 2019-02-06 16:30:48 +00:00
semmle-qlci
b13c11017c Merge pull request #885 from asger-semmle/async-waterfall 
Approved by xiemaisi
 2019-02-06 16:30:17 +00:00
Esben Sparre Andreasen
235625d03a Merge branch 'master' into js/vue-support-1 2019-02-06 16:57:16 +01:00
semmle-qlci
09825f28ed Merge pull request #817 from asger-semmle/closure-modules 
Approved by esben-semmle, xiemaisi
 2019-02-06 15:51:53 +00:00
semmle-qlci
a2691b32b5 Merge pull request #851 from xiemaisi/js/post-message-star 
Approved by esben-semmle
 2019-02-06 09:57:04 +00:00
Esben Sparre Andreasen
f15af70c02 JS: use HTML::ScriptElement::getScript in Vue 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
5e2b1c026a JS: introduce HTML::ScriptElement::getScript() 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
ea175b2a9f JS: introduce Vue XSS sinks 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
a6cfee5f26 JS: prevent inlining of three auxiliary Vue methods 2019-02-06 09:37:23 +01:00
Esben Sparre Andreasen
ddf9ca2505 JS: introduce base Vue model 2019-02-06 09:37:23 +01:00
Asger F
46b996a936 JS: autoformat ¯\_(ツ)_/¯ 2019-02-05 16:52:06 +00:00
Asger F
cad5a064cd JS: recognize a-sync-waterfall package 2019-02-05 16:38:47 +00:00
Asger F
51360d8772 JS: add Parameter.getJSDocTag 2019-02-05 11:35:16 +00:00
Asger F
8f3b0f584a JS: Extract predicates for ES2015/closure modules 2019-02-04 14:21:34 +00:00
Asger F
df88534b36 JS: use PropWrite in exports() predicate 2019-02-04 14:21:34 +00:00
Asger F
c707935841 JS: add Closure::moduleImport and Closure::moduleMember 2019-02-04 14:21:34 +00:00
Asger F
82c0756248 JS: autoformat 2019-02-04 14:21:34 +00:00
Asger F
2ae926462c JS: Move closure code into a module 2019-02-04 14:21:34 +00:00
Asger F
6bcae5e7c2 JS: address comments 2019-02-04 14:21:34 +00:00
Asger F
6a63c3f149 JS: raise precision of global accesses 2019-02-04 14:21:34 +00:00
Asger F
9589ccd40d JS: support imports/exports for closure library code 2019-02-04 14:21:34 +00:00
semmle-qlci
e195ac996e Merge pull request #868 from xiemaisi/js/discard-tokens-early 
Approved by esben-semmle
 2019-02-04 11:32:03 +00:00
Max Schaefer
9bfde9553d Merge pull request #839 from asger-semmle/field-propwrite 
JS: add PropWrites cases for instance fields initialization
 2019-02-01 10:56:25 +00:00
semmle-qlci
222738072d Merge pull request #840 from esben-semmle/js/propagate-sound-avalue 
Approved by xiemaisi
 2019-02-01 09:23:43 +00:00
Max Schaefer
b87abc9602 JavaScript: Extend suspiciousCredentials predicate to recognise authKey and similar. 2019-01-31 09:03:23 +00:00
Max Schaefer
87e62f0bd5 JavaScript: Teach PostMessageStar to reason about partially tainted objects. 2019-01-31 08:59:47 +00:00
Asger F
720f442ea5 JS: Rename to StaticClassMemberAsPropWrite 2019-01-30 15:49:21 +00:00
semmle-qlci
fc5b9dd55e Merge pull request #837 from asger-semmle/hardcoded-empty-string 
Approved by esben-semmle
 2019-01-30 13:40:39 +00:00
semmle-qlci
24c8a47bb1 Merge pull request #841 from asger-semmle/private-higher-order-call 
Approved by esben-semmle
 2019-01-30 13:34:04 +00:00
Max Schaefer
769e407c24 JavaScript: Add new query PostMessageStar. 2019-01-30 10:26:43 +00:00
james
7cc1442ecb Update link text 2019-01-30 09:44:07 +00:00
james
9d1a050f35 update links to locations in .qll files 2019-01-30 08:01:49 +00:00
Max Schaefer
a480c6ecaa JavaScript: Implement LoC counting for functions in QL. 2019-01-29 12:58:44 +00:00
Asger F
9e87bf37ea JS: make higherOrderCall private 2019-01-29 11:50:46 +00:00
Asger F
60cef60c1d JS: ensure PropWrites exist for all instance members 2019-01-29 10:12:54 +00:00
Esben Sparre Andreasen
0d1f4270d6 JS: introduce SsaVarAccessWithNonLocalAnalysis 2019-01-29 10:20:36 +01:00
Max Schaefer
e2f27014b5 JavaScript: Introduce suspiciousCredentials predicate (from C# library). 2019-01-29 09:14:43 +00:00
Max Schaefer
a8dd97a2c9 JavaScript: Pull reasoning about encode/encrypt-like calls into library. 2019-01-29 09:14:23 +00:00
Max Schaefer
1fe4c44b36 JavaScript: Bring a few doc comments into line with style guide. 2019-01-29 09:13:53 +00:00