hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-10 17:44:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
59,650 Commits 1,739 Branches 164 Tags
16df2c31bb4ac690bbed061365ea61acd323bd8e
Commit Graph

1328 Commits

Author SHA1 Message Date
Asger F
16df2c31bb Create DataFlowImplConsistency.qll 2023-10-13 12:42:41 +02:00
Asger F
3ef478669b JS: Collapse some cached stages 2023-10-13 12:42:41 +02:00
Asger F
9fef8803ed JS: Avoid BarrierGuardNode's range from depending on Configuration 2023-10-13 12:42:41 +02:00
Asger F
e31ae3a1bf JS: Model JSON.stringify with "deep" read operators 2023-10-13 12:42:41 +02:00
Asger F
0c2e52baba JS: Summary/steps for iterators and generators 2023-10-13 12:42:41 +02:00
Asger F
da3a0de814 JS: Port String#replace to flow summary 2023-10-13 12:42:41 +02:00
Asger F
f0c2afe39e JS: Add flow summaries for maps and sets 2023-10-13 12:42:40 +02:00
Asger F
5054c43b18 JS: Add flow summaries/steps for promises and async/await 2023-10-13 12:42:40 +02:00
Asger F
4319b07798 JS: Add flow summaries for Arrays 2023-10-13 12:42:40 +02:00
Asger F
a31e251529 JS: Add flow summaries for core methods 2023-10-13 12:42:40 +02:00
Asger F
46fec8ea7e JS: Add AdditionalFlowInternal 
This provides access to more features than we want to expose publicly at the moment, but is useful for modelling certain language features.
 2023-10-13 12:42:40 +02:00
Asger F
3f20d71a9b JS: Add legacy post-update step 
This is to ensure getALocalSource() can be replaced by getPostUpdateNode() as the base of a store
 2023-10-13 12:42:40 +02:00
Asger F
6037ff553c JS: Add LegacyPreUpdateStep 
This contributes to both LegacyFlowStep and SharedTypeTrackingStep.

That is, this is for steps that are used by type-tracking and the old data flow library, but not the new data flow library.
 2023-10-13 12:42:40 +02:00
Asger F
27c7d5004a JS: Do the same for additional taint steps 2023-10-13 12:42:40 +02:00
Asger F
1afe06e3a5 JS: Add "additional" and "legacy" steps 
See the comment at the top of AdditionalFlowSteps.qll
 2023-10-13 12:42:40 +02:00
Asger F
c24a0e00f5 JS: Move SharedTaintStep to AdditionalTaintSteps.qll 
NOTE that this commit only moves around code. There are no changes.
 2023-10-13 12:42:40 +02:00
Asger F
5bccc652c8 JS: Move SharedFlowStep to AdditionalFlowSteps.qll 
NOTE that this commit only moves around code. There are no changes.
 2023-10-13 12:42:40 +02:00
Asger F
293899d648 JS: Add 'Awaited' token 2023-10-13 12:42:40 +02:00
Asger F
32070abb27 JS: Implicitly treat array steps as taint steps 2023-10-13 12:42:40 +02:00
Asger F
60101f5e6a JS: Instantiate flow summary library 2023-10-13 12:42:40 +02:00
Asger F
8dc0800526 JS: Add the shared FlowSummaryImpl.qll file 2023-10-13 12:42:40 +02:00
Asger F
f316da78d2 JS: Add FunctionSelfReferenceNode 2023-10-13 12:42:40 +02:00
Asger F
760873c01c JS: Basic instantiation of shared library 2023-10-13 12:42:40 +02:00
Asger F
3455463e71 JS: Add instantiation boilerplate 
Note that this commit won't compile on its own, but putting the boilerplate in its own commit
 2023-10-13 12:42:40 +02:00
Asger F
c839822eb9 JS: Add PostUpdateNode 2023-10-13 12:42:40 +02:00
Asger F
01952f17bf JS: Add some missing getContainer() predicates 2023-10-13 12:42:40 +02:00
Asger F
21300eef4c JS:Add ConstructorThisArgumentNode 2023-10-13 12:42:40 +02:00
Asger F
b499c6075a JS: Add Contents.qll 2023-10-13 12:42:40 +02:00
Asger F
79e7aae9f6 JS: Add TEarlyStageNode 2023-10-13 12:42:39 +02:00
Asger F
51ef0e5836 JS: Move TNode into a cached module 2023-10-13 12:42:39 +02:00
Erik Krogh Kristensen
85bb14f04f Merge pull request #14405 from erik-krogh/tagCall 
JS: recognize tagged template literals as `DataFlow::CallNode`
 2023-10-11 11:25:34 +02:00
Erik Krogh Kristensen
6377e92067 Update javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-10-11 09:52:48 +02:00
erik-krogh
f48b47c656 JavaScript: add import that populate the shared abstract classes 2023-10-09 09:14:55 +02:00
erik-krogh
c2942b37a7 JS: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
erik-krogh
0d992a3d1f delete old deprecated aliases of various regex libraries 2023-10-09 09:14:54 +02:00
erik-krogh
56e9eda2b9 fix performance by caching getArgument 2023-10-07 13:06:45 +02:00
erik-krogh
18e6a5491c recognize tagged templates as DataFlow::CallNode 2023-10-06 21:14:00 +02:00
Asger F
162c477236 JS: Add AmdModuleDefinition::Range 2023-10-04 20:38:37 +02:00
Anders Schack-Mulligen
855c89667d JavaScript: Use shared FileSystem library. 2023-09-28 08:58:55 +02:00
erik-krogh
a7d92b3473 add JS support the using keyword 2023-08-24 20:30:26 +02:00
Asger F
dec6039469 JS: Follow immediate predecessors in path resolution 2023-08-23 09:53:51 +02:00
yoff
7f2f6f14e7 Merge pull request #13729 from yoff/python/model-aws-lambdas 
Python/JavaScript: Shared module for serverless functions
 2023-08-16 15:14:08 +02:00
Asger F
c38cbe859d Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Jeongsoo Lee
4529d8b75a Add support for log injection in MaD 2023-07-28 22:37:56 +00:00
Asger F
d57276ca35 Merge pull request #13719 from asgerf/js/barrier-inout 
JS: Replace barrier edges with barrier nodes
 2023-07-13 16:36:52 +02:00
Asger F
f3fab587a9 JS: Add Fuzzy token in identifying access path 2023-07-13 14:01:06 +02:00
Asger F
7c9e1ad6ec JS: Fix accidental recursion in Vue model 
The API graph entry point depended on API::Node.

This was due to depending on the the TComponent newtype which has a branch that depends on API::Node
 2023-07-13 13:41:21 +02:00
Rasmus Lerchedahl Petersen
02c41f3dcf JavaScript: Use shared library for serverless 2023-07-12 16:46:34 +02:00
Asger F
c7abd4c2af JS: Remove the unused edge-sanitizer hook in UnvalidatedDynamicMethodCall 2023-07-12 09:26:37 +02:00
Asger F
1a395c5b34 JS: Use sanitizerOut in PrototypePollutingAssignment 2023-07-11 15:24:10 +02:00