hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,698 Commits 1,673 Branches 157 Tags
12cc228946a0da2c80dabe36301942cce72b59ce
Commit Graph

3565 Commits

Author SHA1 Message Date
Asger Feldthaus
12cc228946 JS: Update getFallbackTypeAnnotation 2020-05-18 22:42:12 +01:00
Asger Feldthaus
b06cd6db30 JS: Update Node.isIncomplete 2020-05-18 22:42:12 +01:00
Asger Feldthaus
5568f0e182 JS: Pass local arguments to parameter value node, not SSA node 2020-05-18 22:34:42 +01:00
Asger Feldthaus
dc2d6a5fd9 JS: Make ValueNode the ParameterNode with a step to the SSA node 2020-05-18 22:34:42 +01:00
Asger Feldthaus
37ddccfa15 JS: Merge DestructuringPatternNode into ValueNode 2020-05-18 22:29:33 +01:00
Asger Feldthaus
b3161b1c41 JS: Factor TNode into a separate file 2020-05-18 22:29:33 +01:00
Asger Feldthaus
d9123833af JS: Avoid misoptimization in mayReturnImplicitValue 2020-05-18 22:29:33 +01:00
Asger Feldthaus
eddbdffe62 JS: Add more tests for implicit returns 2020-05-18 22:29:33 +01:00
Asger Feldthaus
6a63f5b677 JS: Avoid bad join order in ImplicitProcessImport 2020-05-18 22:29:32 +01:00
Asger Feldthaus
c869812563 JS: Add UselessConditional test 2020-05-18 22:29:32 +01:00
Asger F
96d6115452 Merge branch 'master' into js/sql-type-tracking 2020-05-18 15:58:42 +01:00
Asger F
a9983fdb49 Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 13:23:22 +01:00
Max Schaefer
6797fec1a3 JavaScript: Add more models of packages that execute commands over SSH. 2020-05-18 12:08:14 +01:00
semmle-qlci
14664be467 Merge pull request #3468 from p0/imp/nodejs-vm-sinks 
Approved by esbena
 2020-05-18 11:10:13 +01:00
Asger Feldthaus
a18e0b37cf JS: simplify sequelize model 2020-05-18 09:34:17 +01:00
Asger F
f52c827966 Apply suggestions from code review 
Base type of EscapingSanitizer

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 09:31:09 +01:00
Asger F
ffb22c061a Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 09:28:22 +01:00
semmle-qlci
6041d52936 Merge pull request #3424 from asger-semmle/js/express-param-handler 
Approved by esbena
 2020-05-18 08:48:24 +01:00
semmle-qlci
135eae9895 Merge pull request #3483 from esbena/js/fix-qhelp-FNs 
Approved by asgerf
 2020-05-18 08:47:05 +01:00
semmle-qlci
0230b79efc Merge pull request #3391 from erik-krogh/SplitFPs 
Approved by esbena
 2020-05-18 08:46:26 +01:00
semmle-qlci
8d41ce1630 Merge pull request #3480 from erik-krogh/moreSlip 
Approved by esbena
 2020-05-16 21:17:27 +01:00
Asger Feldthaus
897a3e39c9 JS: Autoformat 2020-05-16 09:37:16 +01:00
Asger Feldthaus
0171c9e10c JS: Autoformat 2020-05-16 09:25:18 +01:00
Asger Feldthaus
d279845a43 JS: Minor fixes 2020-05-16 09:24:53 +01:00
Asger Feldthaus
5249e84359 JS: Type track spanner model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
d225715828 JS: Type track mssql model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
6dcee5a0ef JS: Type track sqlite model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
84cd02cf01 JS: Type track pg model 2020-05-15 17:27:27 +01:00
Asger Feldthaus
f7771f17d1 JS: Type track mysql model 2020-05-15 17:27:27 +01:00
Asger Feldthaus
3e9849b7c4 JS: Type track sequelize model 2020-05-15 17:27:24 +01:00
Esben Sparre Andreasen
1c5bffc095 JS: fix some FNs in the qhelp examples 2020-05-15 12:40:38 +02:00
Asger Feldthaus
d84f1b47c2 JS: Refactor RequestInputAccess to use source nodes 2020-05-15 09:59:28 +01:00
Asger Feldthaus
da974f1527 JS: Add test with dynamic access to req.query 2020-05-15 09:59:28 +01:00
Asger Feldthaus
659e2ff709 JS: Tweak evaluation of route handler params 2020-05-15 09:59:27 +01:00
Asger F
b9995b784d Update javascript/ql/src/semmle/javascript/frameworks/ConnectExpressShared.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-15 09:59:27 +01:00
Asger Feldthaus
a982cdc39c JS: Autoformat 2020-05-15 09:59:27 +01:00
Asger Feldthaus
bfbe70a7a9 JS: Fixes 2020-05-15 09:59:27 +01:00
Asger Feldthaus
82d3a7eb23 JS: Go back to disjunction 😭 2020-05-15 09:59:27 +01:00
Asger Feldthaus
c45d84f8f3 JS: Update getRouteHandlerParameter and router tracking 2020-05-15 09:59:27 +01:00
Asger Feldthaus
9cacfab7c6 JS: Recognize Express param value callback as RemoteFlowSource 2020-05-15 09:59:26 +01:00
Erik Krogh Kristensen
6d79bab7e4 rename Fs to FS 2020-05-15 10:54:08 +02:00
semmle-qlci
a536069059 Merge pull request #3408 from esbena/js/unsafe-html-expansion 
Approved by asgerf, mchammer01
 2020-05-15 08:24:12 +01:00
Erik Krogh Kristensen
e7d1b12ac8 add test 2020-05-14 20:31:23 +02:00
Erik Krogh Kristensen
6d2bffef72 add fs.open/openSync as ZipSlip sinks 2020-05-14 20:31:13 +02:00
Erik Krogh Kristensen
2d675262b2 use the generalized fs module in more places 2020-05-14 20:31:00 +02:00
semmle-qlci
c06680a496 Merge pull request #3470 from asger-semmle/js/cache-module-import 
Approved by esbena
 2020-05-14 17:20:04 +01:00
semmle-qlci
23532ae49a Merge pull request #3467 from erik-krogh/tarSlip 
Approved by esbena
 2020-05-14 14:06:42 +01:00
semmle-qlci
57f44c5a81 Merge pull request #2886 from asger-semmle/js/call-graph-exploration 
Approved by erik-krogh, esbena
 2020-05-14 14:01:23 +01:00
semmle-qlci
384df88df1 Merge pull request #3359 from erik-krogh/MayHavePropName 
Approved by esbena
 2020-05-14 13:52:45 +01:00
Asger Feldthaus
e491431f4e JS: Autoformat 2020-05-14 13:29:33 +01:00