hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 17:59:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,847 Commits 1,754 Branches 167 Tags
28d8011bcfeba253fc4951e0a3c3c256fa8fea12
Commit Graph

675 Commits

Author SHA1 Message Date
Max Schaefer
28d8011bcf JavaScript: Add models for popular base64 transcoders. 2019-03-13 08:20:58 +00:00
semmle-qlci
6baf52614e Merge pull request #1074 from xiemaisi/js/socket.io-comm 
Approved by esben-semmle
 2019-03-13 07:38:12 +00:00
Max Schaefer
f540dcb486 JavaScript: Address review comments. 2019-03-12 16:56:10 +00:00
Max Schaefer
77e59f1a47 JavaScript: Be more lenient about namespace matching. 2019-03-11 12:42:51 +00:00
Max Schaefer
41d83d5b7d JavaScript: Introduce additional flow steps between sockets. 2019-03-11 12:42:51 +00:00
Max Schaefer
36c9af977b JavaScript: Connect up client and server sockets. 2019-03-11 12:42:51 +00:00
Max Schaefer
dc614ebefe JavaScript: Introduce indices for sent/received items. 2019-03-11 12:42:51 +00:00
Max Schaefer
b47b26ca61 JavaScript: Add basic model of client-side socket.io API. 2019-03-11 12:42:34 +00:00
Max Schaefer
363c11e89d JavaScript: Improve handling of acknowledgment callbacks. 2019-03-11 12:41:19 +00:00
Max Schaefer
37bc36d92e JavaScript: Factor out handling of EventEmitter API. 2019-03-11 12:41:19 +00:00
Max Schaefer
f92f9594ea JavaScript: Add a convenience predicate to get the last parameter of a function. 2019-03-11 12:41:19 +00:00
Max Schaefer
eb07754eee JavaScript: Introduce representation of socket.io servers and namespaces. 2019-03-11 12:41:19 +00:00
semmle-qlci
9dccd9f62c Merge pull request #1050 from asger-semmle/prototype-instance-methods 
Approved by xiemaisi
 2019-03-07 16:10:29 +00:00
Max Schaefer
b85f44643a Merge pull request #1049 from asger-semmle/js-type-tracking 
JS: Add TypeTracking library
 2019-03-07 16:09:19 +00:00
Asger F
56977b80a0 JS: update comment 2019-03-07 11:35:41 +00:00
Asger F
f21871d275 JS: relax instantiation requirement for .prototype field 2019-03-06 14:31:37 +00:00
Max Schaefer
48c0949705 Merge pull request #1036 from asger-semmle/hide-implicit-ssa-defs 
JS: Omit uninteresting nodes from path explanations
 2019-03-06 13:30:11 +00:00
Asger F
732ddbcbbd JS: Mark API as experimental 2019-03-06 13:04:34 +00:00
Asger F
3422fa328d JS: Add test 2019-03-06 12:50:59 +00:00
Asger F
e6a1374218 JS: Make separate type for back-tracking types 2019-03-06 12:50:50 +00:00
Asger F
0b2c94684d JS: Add TypeTracker library 2019-03-06 11:52:28 +00:00
Jason Reed
0a91d919b0 JS: Allow path.basename sanitization in zipslip. 2019-03-06 09:46:41 +00:00
Asger F
ee7461380e JS: Omit uninteresting nodes from path explanations 2019-03-06 08:41:03 +00:00
semmle-qlci
4c3ecf0f76 Merge pull request #989 from asger-semmle/class-node-get-this-access 
Approved by xiemaisi
 2019-03-01 19:40:31 +00:00
Max Schaefer
83e0f3bc8d Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 
JS: Captured Nodes, type inference + a query
 2019-03-01 10:48:52 +00:00
semmle-qlci
6cafe222c4 Merge pull request #1013 from asger-semmle/closure-string-ops 
Approved by esben-semmle
 2019-03-01 10:31:27 +00:00
Max Schaefer
a6f3305edc Merge pull request #1006 from asger-semmle/express-end 
JS: Treat res.end() as alias for res.send() in Express
 2019-03-01 10:30:06 +00:00
Max Schaefer
8dcd8715b9 Merge pull request #889 from jcreedcmu/jcreed/tarslip 
JavaScript: Add new query for ZipSlip (CWE-022).
 2019-03-01 08:16:35 +00:00
Jason Reed
c1b218a5ff JS: Documentation fixes 2019-02-28 15:46:19 -05:00
Jason Reed
674d2790b4 JS: Address review comments 2019-02-28 15:46:07 -05:00
Jason Reed
2fc2a393b7 JS: Address review comments 2019-02-28 15:45:52 -05:00
Jason Reed
09b9a57783 JS: More efficient reasoning through pipe 2019-02-28 15:45:38 -05:00
Jason Reed
b0636dd410 JS: Better local flow through .pipe chaining 2019-02-28 15:45:33 -05:00
Jason Reed
32d48ba98b JS: Run auto-formatter 2019-02-28 15:45:20 -05:00
Jason Reed
abd2644af7 JS: Address review comments 2019-02-28 15:45:13 -05:00
Jason Reed
baa4f08259 JS: Add new query for ZipSlip (CWE-022) 2019-02-28 15:45:08 -05:00
Asger F
2bfb015218 JS: Add closure string ops 2019-02-28 16:47:53 +00:00
Asger F
03ef167c56 JS: Treat res.end() as alias for res.send() in Express 2019-02-28 12:37:11 +00:00
Max Schaefer
c8a37297f3 Merge pull request #997 from asger-semmle/closure-promise 
JS: model of closure Promises
 2019-02-28 10:05:12 +00:00
Max Schaefer
1b5887014b Merge pull request #988 from asger-semmle/spread-taint-step 
JS: add taint step through object/array spread operators
 2019-02-28 09:58:23 +00:00
semmle-qlci
6602b4dbda Merge pull request #992 from xiemaisi/js/socket.io 
Approved by asger-semmle
 2019-02-27 18:43:40 +00:00
Asger F
9497199cbd JS: add localFieldStep 2019-02-27 14:20:47 +00:00
Asger F
b6648def19 JS: Add ClassNode.getAReceiverNode 2019-02-27 14:20:47 +00:00
Asger F
3d400cc57f JS: basic model of closure Promises 2019-02-27 11:58:51 +00:00
semmle-qlci
999e0c8b95 Merge pull request #947 from asger-semmle/string-ops-concat 
Approved by xiemaisi
 2019-02-27 09:54:46 +00:00
Max Schaefer
37a3085466 Merge pull request #993 from asger-semmle/getacallee 
JS: document new behavior of overriding InvokeNode.getACallee()
 2019-02-27 09:00:59 +00:00
Max Schaefer
0648d7aa09 JavaScript: Sharpen result type of getAReceivedItem. 2019-02-27 08:51:43 +00:00
Max Schaefer
cd9ccd4c8d Merge pull request #983 from asger-semmle/closure-global-ref 
JS: add closure library in globalObjectRef
 2019-02-26 16:55:58 +00:00
Max Schaefer
db5fbe29a3 Merge pull request #941 from esben-semmle/js/vue-support-2 
JS: Vue security improvements
 2019-02-26 16:49:38 +00:00
Asger F
eaf3f52372 JS: document new behavior of overriding InvokeNode.getACallee() 2019-02-26 16:09:19 +00:00