codeql

mirror of https://github.com/github/codeql.git synced 2026-06-06 05:57:07 +02:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	6ea548c58c	Remove pseudo-properties	2022-08-11 19:01:39 +00:00
Erik Krogh Kristensen	43a82004b2	Merge pull request #9798 from erik-krogh/backtrackers JS: use small steps in TypeBackTracker correctly	2022-07-14 10:28:07 +02:00
Erik Krogh Kristensen	fd10947ca0	use small steps in TypeBackTracker correctly	2022-07-13 10:29:57 +02:00
Erik Krogh Kristensen	a49d34cf0f	Merge branch 'main' into missDocParam	2022-07-13 09:58:04 +02:00
Erik Krogh Kristensen	112caa3f5d	rewrite qldoc based on review	2022-06-28 13:23:44 +02:00
Erik Krogh Kristensen	34e7589844	sanitize non-strings from unsafe-html-construction	2022-06-27 13:53:44 +02:00
Asger F	a0d3a6b5b1	JS: Add withoutPropStep and model 'await' steps with it	2022-06-20 20:16:07 +02:00
Erik Krogh Kristensen	2a97dd9f6f	add support for Object.hasOwn(obj, key)	2022-05-24 13:59:25 +02:00
Erik Krogh Kristensen	d58fe8e193	add explicit this	2022-05-24 10:59:13 +02:00
CodeQL CI	e099b94cc4	Merge pull request #9081 from asgerf/js/global-step-refactor Approved by erik-krogh	2022-05-09 06:30:37 -07:00
Erik Krogh Kristensen	53b26eba17	Merge pull request #8724 from erik-krogh/postMessage JS: promote the `js/missing-origin-verification` query	2022-05-09 12:28:58 +02:00
Asger F	c4d597d60f	JS: Enumerate type-tracking steps through global access paths	2022-05-05 12:59:10 +02:00
Erik Krogh Kristensen	b4d4b51bc7	Merge pull request #8147 from erik-krogh/cacheReg JS: cache RegExpCreationNode::getAReference	2022-05-04 16:25:25 +02:00
Stephan Brandauer	ee280cda32	Improve docs after PR comment Co-authored-by: Asger F <asgerf@github.com>	2022-04-27 16:24:20 +02:00
Stephan Brandauer	4964f2df9a	add flow step to rest parameters	2022-04-27 16:03:19 +02:00
Erik Krogh Kristensen	6738270b65	Merge pull request #8229 from erik-krogh/parenSan JS: step through parentheses in barrier functions	2022-04-26 10:30:21 +02:00
Erik Krogh Kristensen	9c5f3e9406	remove leftover debug comments	2022-04-20 18:42:46 +02:00
Asger Feldthaus	fec2837c1e	JS: Ensure accessors do not appear to be calls	2022-04-20 11:14:42 +02:00
Asger Feldthaus	37a76f4441	JS: PropWrite is not a SourceNode	2022-04-20 11:14:41 +02:00
Asger Feldthaus	7d5c80433d	JS: Handle accessor-calls to static accessors	2022-04-20 11:14:41 +02:00
Asger Feldthaus	37b3a6e5c0	JS: Add ClassNode.getStaticMember	2022-04-20 11:14:41 +02:00
Erik Krogh Kristensen	2d6d304d7c	add `InclusionTest` to `PostMessageEventSanitizer`	2022-04-12 14:12:36 +02:00
Erik Krogh Kristensen	48ef3b106f	fix mistake in inlining	2022-03-29 23:39:22 +02:00
Erik Krogh Kristensen	090c5c39f6	add explicit this	2022-03-29 22:44:03 +02:00
Erik Krogh Kristensen	cebba05b8b	rename getAClassReferenceStep to getAClassReferenceRec	2022-03-29 22:44:03 +02:00
Erik Krogh Kristensen	be6c122b27	improve the join order of getAClassReference	2022-03-29 22:44:02 +02:00
Asger Feldthaus	8753632193	JS: Fix bug in reachableFromStoreBase	2022-03-17 17:30:46 +01:00
Erik Krogh Kristensen	efba220b45	JS: fix most `ql/missing-parameter-qldoc` issues	2022-03-16 22:56:52 +01:00
Erik Krogh Kristensen	3067231b1a	Merge pull request #8253 from erik-krogh/domWrite JS: merge hasDominatingWrite and hasDominatingAssignment	2022-03-15 13:37:00 +01:00
Erik Krogh Kristensen	7d6700a943	Merge branch 'main' into depMore	2022-03-14 11:49:18 +01:00
Erik Krogh Kristensen	54760081dc	add pointers to the qldoc of deprecated predicates	2022-03-14 10:10:38 +01:00
Erik Krogh Kristensen	8f86b067e7	deprecate the unused localTaintStep and stringStep predicates	2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen	69353bb014	patch upper-case acronyms to be PascalCase	2022-03-11 11:10:33 +01:00
Erik Krogh Kristensen	df9533f46e	Merge pull request #8347 from erik-krogh/depBeGone remove all deprecations that are over a year old	2022-03-11 10:01:07 +01:00
Erik Krogh Kristensen	41778328c2	Update javascript/ql/lib/semmle/javascript/dataflow/Sources.qll Co-authored-by: Stephan Brandauer <kaeluka@github.com>	2022-03-10 14:16:28 +01:00
Erik Krogh Kristensen	c2743177af	JS: delete the TrackedNodes.qll, it had no public interface left	2022-03-10 11:34:17 +01:00
Erik Krogh Kristensen	6a28ddd9ec	JS: un-deprecate deleted deprecated class that defined taint-steps	2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen	59db0e7a0f	JS: delete unused predicate	2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen	a86f0afb3c	delete all deprecations that are over 14 months old	2022-03-09 18:28:07 +01:00
Erik Krogh Kristensen	cebd24156c	support that the base is not a method-call in getAChainedMethodCall	2022-03-09 11:12:04 +01:00
Erik Krogh Kristensen	4734f1916e	Merge pull request #7598 from erik-krogh/fieldOnlyUsedInCharPred QL: field only used in charPred	2022-03-08 11:25:57 +01:00
Erik Krogh Kristensen	1db6a644a5	only block flow for dominated reads when the property name is known	2022-03-02 11:30:05 +01:00
Erik Krogh Kristensen	4fba5e4dfb	step through parentheses in barrier functions	2022-02-25 17:47:12 +01:00
Erik Krogh Kristensen	73f2e89f3e	Merge pull request #8165 from erik-krogh/protoWrite JS: support more property writes in js/prototype-pollution-utility	2022-02-22 21:30:22 +01:00
Erik Krogh Kristensen	517e17d422	support more property writes in js/prototype-pollution-utility, and generalize ObjectDefinePropertyAsPropWrite	2022-02-22 13:23:34 +01:00
Erik Krogh Kristensen	cd4685c4c5	cache RegExpCreationNode::getAReference	2022-02-21 15:04:00 +01:00
Erik Krogh Kristensen	1407b49a8f	fix some instances of ql/pred-doc-style for JS	2022-02-21 15:02:21 +01:00
Erik Krogh Kristensen	a1c5724be7	fix most ql-for-ql warnings in JS	2022-02-11 17:57:37 +01:00
Erik Krogh Kristensen	3791b159fb	Merge pull request #7892 from erik-krogh/nanSan JS: Add a `isNaN` sanitizer, and use it in queries that already had a typeof check	2022-02-11 10:13:06 +01:00
Erik Krogh Kristensen	eb56a5aef3	support more patterns that recognize valid numbers	2022-02-10 19:50:35 +01:00

1 2

94 Commits