hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-25 16:47:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
63,679 Commits 1,759 Branches 168 Tags
2172c4863f83c70ff10d082f55b065251feefb8e
Commit Graph

149 Commits

Author SHA1 Message Date
Remco Vermeulen
133a243298 Add support for XML attributes in the data flow graph 2023-12-14 11:33:53 -08:00
erik-krogh
e8f9e366d5 remove redundant imports for JS 2023-12-08 16:56:54 +01:00
Erik Krogh Kristensen
85bb14f04f Merge pull request #14405 from erik-krogh/tagCall 
JS: recognize tagged template literals as `DataFlow::CallNode`
 2023-10-11 11:25:34 +02:00
Erik Krogh Kristensen
6377e92067 Update javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-10-11 09:52:48 +02:00
erik-krogh
c2942b37a7 JS: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
erik-krogh
56e9eda2b9 fix performance by caching getArgument 2023-10-07 13:06:45 +02:00
erik-krogh
18e6a5491c recognize tagged templates as DataFlow::CallNode 2023-10-06 21:14:00 +02:00
Asger F
0841677b14 JS: Add isSanitizerX variants in TaintTracking 2023-07-11 11:14:37 +02:00
Asger F
d53beb3784 JS: Embed check for in/out barriers in edge barrier check 2023-07-11 11:04:28 +02:00
Asger F
4964d811a5 JS: Add interface for isBarrier in/out 2023-07-11 11:04:28 +02:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
Kasper Svendsen
efdaffedee JS: Make implicit this receivers explicit 2023-05-03 10:49:46 +02:00
Asger F
869c6d27fe JS: Add implied receiver steps 2023-04-17 08:20:18 +02:00
Anders Schack-Mulligen
8d97fe9ed3 JavaScript: Autoformat 2023-03-10 09:41:20 +01:00
erik-krogh
943bdeca6d make appliesTo recursive 2023-02-14 14:16:45 +01:00
erik-krogh
9549cac3e5 add an additional barrier guard that finds "=== true" versions of previous barrier guards 2023-02-14 14:15:23 +01:00
Tony Torralba
3b6dae41cd JavaScript: Remove omittable exists variables 2023-01-10 13:37:21 +01:00
erik-krogh
b3a9c1ca06 Py/JS/RB: Use instanceof in more places 2022-12-12 16:06:57 +01:00
Asger F
80777b8c50 JS: handle rephined variables in local access paths 2022-12-05 15:11:50 +01:00
erik-krogh
e98d1df5f4 add dataflow support 2022-11-15 22:07:25 +01:00
erik-krogh
fc38bf0429 Merge branch 'main' into aliasFlow 2022-11-07 09:46:48 +01:00
erik-krogh
21e7e27e1f push more context into load/store steps from the exploratory flow-analysis 2022-10-26 10:52:47 +02:00
Asger F
414bd40c41 JS: Do not track returned values out of the enclosing function 2022-10-26 09:29:49 +02:00
Asger F
ecf7ed38e0 JS: Performance tweak 2022-10-10 16:08:21 +02:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
tyage
7205903a36 Using implicit this 2022-10-04 18:06:30 +09:00
tyage
9df0720da9 refactoring 2022-10-04 17:05:49 +09:00
tyage
8a7f23a8ea support VarRef 2022-10-04 14:45:39 +09:00
tyage
b95566b02a make json stringify tainted with arg's property 2022-09-29 17:46:09 +09:00
erik-krogh
dcdff7a995 Merge branch 'main' into aliasFlow 2022-09-22 16:01:31 +02:00
erik-krogh
58851aefd6 don't mention classes that don't exist in TaintTracking.qll 2022-09-19 13:37:06 +02:00
erik-krogh
843fce4bcd expand localFieldStep to use access-paths, and build access-paths in more cases 2022-09-13 21:43:06 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Erik Krogh Kristensen
9893650f7c Merge pull request #8604 from erik-krogh/httpNode 
JS: refactor most library models away from AST nodes
 2022-09-09 10:04:17 +02:00
Erik Krogh Kristensen
90bc8a5038 run the explicit-this patch on javascript/ 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
5b61db9fd3 refactor miscellaneous expression uses to dataflow nodes 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
6697dd1396 rewrite some expression based predicates in TaintTracking.qll 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
aa9261f1b1 convert the AngularJS model to use DataFlow nodes 2022-09-05 16:11:54 +02:00
Asger F
56bbba2241 JS: Sync with JS 2022-09-03 13:51:02 +02:00
erik-krogh
52b9ff81c5 Merge branch 'main' into dynCall 2022-08-29 15:30:01 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
erik-krogh
a57981ea69 apply suggestions from review 2022-08-23 10:18:14 +02:00
erik-krogh
2fd09d34de improve performance of global dataflow by inlining a step predicate 2022-08-22 08:35:19 +02:00
erik-krogh
2f11f3760e simplify getALibraryInputParameter by adding more general dataflow for the arguments object 2022-08-22 08:32:43 +02:00
Erik Krogh Kristensen
31c09ba678 implement flow for .apply() by adding a ReflectiveParametersNode data-flow node 2022-08-22 08:29:28 +02:00
Erik Krogh Kristensen
e93ff8672c Merge pull request #10075 from erik-krogh/depOld 
delete old deprecations
 2022-08-17 21:21:57 +02:00
erik-krogh
b2e3d8bb86 remove some more legacy code that existed to support deprecated code 2022-08-17 13:32:39 +02:00
erik-krogh
478e0bf5a3 delete old code that only existed to support a deleted deprecated feature 2022-08-16 23:35:48 +02:00
erik-krogh
5586c9a17e delete old deprecations 2022-08-16 22:27:15 +02:00