hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-12 02:09:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,309 Commits 1,754 Branches 167 Tags
1aba111a00f62d4af94cb087ce88771cd8ade8bc
Commit Graph

563 Commits

Author SHA1 Message Date
Asger F
1aba111a00 JS: Use ::Range pattern for abstract classes 2019-02-15 14:28:07 +00:00
Asger F
c8823fa7cf JS: change charpred of ClosureModule to be AST-based 2019-02-15 14:28:06 +00:00
Asger F
d1607f7c47 JS: remove SourceNode supertype from ClosureNamespaceAccess 2019-02-15 14:28:06 +00:00
Asger F
8801431352 JS: elaborate qldoc for isTopLevelExpr 2019-02-15 14:28:06 +00:00
Asger F
fa34f8f414 JS: replace dataflow -> data flow 2019-02-15 14:28:06 +00:00
Asger F
701e662bc4 JS: rename more predicates for consistency 2019-02-15 14:28:06 +00:00
Asger F
23bd9e62f0 JS: Add ClosureNamespaceAccess 2019-02-15 14:28:06 +00:00
Asger F
939eab2c82 JS: refactor expressions to dataflow nodes 2019-02-15 14:28:06 +00:00
Asger F
8d78731ff0 JS: rename getNamespaceId to getClosureNamespace 2019-02-15 14:28:06 +00:00
semmle-qlci
92a6e7e04c Merge pull request #932 from asger-semmle/cookbook-prepare 
Approved by xiemaisi
 2019-02-13 18:20:09 +00:00
Max Schaefer
5b2df068d3 Merge pull request #921 from asger-semmle/class-node-absval 
JS: use type inference to back up function-style classes
 2019-02-13 10:12:20 +00:00
Anders Schack-Mulligen
15a6044445 Javascript: Autoformat qlls 2019-02-12 14:41:31 +01:00
Asger F
3290c174c3 JS: Add DataFlow::Node.getAFunctionValue 2019-02-12 13:38:46 +00:00
Asger F
2fd1ee60a2 JS: add DataFlow::Node.getIntValue() 2019-02-12 13:38:46 +00:00
Asger F
0fd9d157f8 JS: add DataFlow::Node.getStringValue() 2019-02-12 13:38:45 +00:00
semmle-qlci
c133362660 Merge pull request #910 from xiemaisi/js/regexp-taint 
Approved by esben-semmle
 2019-02-12 13:15:16 +00:00
semmle-qlci
ac3f413b87 Merge pull request #920 from xiemaisi/js/field-as-prop-write 
Approved by asger-semmle
 2019-02-12 10:48:13 +00:00
semmle-qlci
10b00254ec Merge pull request #915 from asger-semmle/closure-uri-methods 
Approved by xiemaisi
 2019-02-11 10:51:07 +00:00
Max Schaefer
10ef945b51 JavaScript: Restrict InstanceFieldAsPropWrite to fields with initializers. 2019-02-11 08:17:53 +00:00
Asger F
74a9c4b500 JS: use type inference to back up function-style classes 2019-02-08 16:42:24 +00:00
Asger F
f6e0ccfcf0 JS: model URI and XHR methods from closure library 2019-02-08 15:18:27 +00:00
semmle-qlci
937049e060 Merge pull request #891 from xiemaisi/js/simplify-sensitive-actions 
Approved by esben-semmle
 2019-02-08 14:12:47 +00:00
semmle-qlci
7e298cfbbe Merge pull request #900 from esben-semmle/js/defuse-default 
Approved by xiemaisi
 2019-02-08 11:28:32 +00:00
Asger F
bfe88e9784 JS: make Closure::moduleImport handle member access. 2019-02-08 10:51:07 +00:00
Max Schaefer
b314c546e1 JavaScript: Track taint through RegExp.prototype.replace. 2019-02-08 09:57:07 +00:00
Max Schaefer
25d06ad0cf JavaScript: Treat regexp replacements of HTML metacharacters as sanitizers for XSS queries. 2019-02-08 09:57:06 +00:00
Max Schaefer
18c23ecfd4 JavaScript: Introduce shared library for modelling XSS-relevant concepts. 
As its first application, this library makes it possible for `StoredXss` to reuse the `Source` classes of `DomBasedXss` and `ReflectedXss` without having to pull in their libraries (which contain their `Configuration` classes, causing `StoredXss` to recompute all flow information for the other two queries).
 2019-02-08 09:53:51 +00:00
Max Schaefer
0be81dacdc JavaScript: Add classification of sensitive expressions. 
We now classify sensitive expressions into four categories (secret, id, password, certificate). This allows queries more fine-grained control over what kinds of sensitive data they want to deal with: for clear-text storage, for instance, user ids aren't so much of a problem.
 2019-02-08 08:43:22 +00:00
Max Schaefer
326b93bf84 JavaScript: Clean up classification of sensitive strings. 2019-02-08 08:43:22 +00:00
Asger F
e4b230ba60 Revert "Merge pull request #897 from Semmle/revert-817-closure-modules" 
This reverts commit 95185345fd, reversing
changes made to b8be66ec48.
 2019-02-07 11:58:38 +00:00
Esben Sparre Andreasen
5ad83360be JS: move default parameter values to the DefUse graph 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
f956e570cb JS: support default destructuring values in the dataflow graph 2019-02-07 11:41:36 +01:00
Esben Sparre Andreasen
687b7f0a7f JS: exclude direct flow from the RHS in a destructuring assignment 2019-02-07 11:41:36 +01:00
Max Schaefer
812cba0fe3 Merge pull request #828 from esben-semmle/js/vue-support-1 
JS: basic Vue support
 2019-02-07 08:00:17 +00:00
Asger F
e46e2b2515 Revert "JS: Add support for Closure modules" 2019-02-06 17:30:45 +00:00
semmle-qlci
b8be66ec48 Merge pull request #887 from asger-semmle/jsdoc-accessors 
Approved by xiemaisi
 2019-02-06 16:30:48 +00:00
semmle-qlci
b13c11017c Merge pull request #885 from asger-semmle/async-waterfall 
Approved by xiemaisi
 2019-02-06 16:30:17 +00:00
Esben Sparre Andreasen
235625d03a Merge branch 'master' into js/vue-support-1 2019-02-06 16:57:16 +01:00
semmle-qlci
09825f28ed Merge pull request #817 from asger-semmle/closure-modules 
Approved by esben-semmle, xiemaisi
 2019-02-06 15:51:53 +00:00
semmle-qlci
a2691b32b5 Merge pull request #851 from xiemaisi/js/post-message-star 
Approved by esben-semmle
 2019-02-06 09:57:04 +00:00
Esben Sparre Andreasen
f15af70c02 JS: use HTML::ScriptElement::getScript in Vue 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
5e2b1c026a JS: introduce HTML::ScriptElement::getScript() 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
ea175b2a9f JS: introduce Vue XSS sinks 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
a6cfee5f26 JS: prevent inlining of three auxiliary Vue methods 2019-02-06 09:37:23 +01:00
Esben Sparre Andreasen
ddf9ca2505 JS: introduce base Vue model 2019-02-06 09:37:23 +01:00
Asger F
46b996a936 JS: autoformat ¯\_(ツ)_/¯ 2019-02-05 16:52:06 +00:00
Asger F
cad5a064cd JS: recognize a-sync-waterfall package 2019-02-05 16:38:47 +00:00
Asger F
51360d8772 JS: add Parameter.getJSDocTag 2019-02-05 11:35:16 +00:00
Asger F
8f3b0f584a JS: Extract predicates for ES2015/closure modules 2019-02-04 14:21:34 +00:00
Asger F
df88534b36 JS: use PropWrite in exports() predicate 2019-02-04 14:21:34 +00:00