hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-18 13:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,712 Commits 1,714 Branches 162 Tags
2de9af2236c1acaa02c1aa91db7f024ae42c0706
Commit Graph

122 Commits

Author SHA1 Message Date
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
Asger F
858c79e395 JS: Add plain taint step through Promise.all() 2024-03-13 08:57:42 +01:00
Asger F
13a8e0fbf0 JS: Add failing test for Promise.all() 2024-03-13 08:54:06 +01:00
Asger F
18db769d6d JS: Update expected output 2024-02-14 10:45:51 +01:00
Asger F
bafe5e3d8e JS: Add test case (with old expected data) 2024-02-14 10:45:51 +01:00
Asger F
9faf300dd0 JS: Use type-pruning to restrict callback flow 2023-10-13 13:15:08 +02:00
Asger F
e738b5d125 JS: Expand callback test case 
Type-based pruning is confused by the different tests being interleaved, so we additionally want to have a test that is independent from the other parts of this test.
 2023-10-13 13:15:08 +02:00
Asger F
51dec79401 JS: Lower access path limit to 2 2023-10-13 13:15:08 +02:00
Asger F
7c5eb89491 JS: Add tests for captured 'this' (genuine FN) 2023-10-13 13:15:08 +02:00
Asger F
2eff07f476 JS: Update TaintTracking test 2023-10-13 13:15:08 +02:00
erik-krogh
7ca0996912 add a taint-tracking tests for calls to tagged template strings 2023-10-06 21:39:42 +02:00
erik-krogh
a57981ea69 apply suggestions from review 2022-08-23 10:18:14 +02:00
erik-krogh
45e78a355f ensure call-apply.js is seen as a module 2022-08-23 10:11:46 +02:00
erik-krogh
2f11f3760e simplify getALibraryInputParameter by adding more general dataflow for the arguments object 2022-08-22 08:32:43 +02:00
Erik Krogh Kristensen
11b039c1f1 add tests 2022-08-22 08:29:28 +02:00
Erik Krogh Kristensen
1717d17fb3 add flow step for Array.prototype.at 2022-05-24 12:41:27 +02:00
Asger Feldthaus
cff8dc0537 JS: Improve flow through Array.prototype.reduce 2022-04-07 09:57:31 +02:00
Asger Feldthaus
8753632193 JS: Fix bug in reachableFromStoreBase 2022-03-17 17:30:46 +01:00
Asger Feldthaus
b336c29283 JS: Track functions with methods 2021-12-10 09:38:29 +01:00
Asger Feldthaus
4ef2a5f4f1 JS: Add test 2021-12-10 09:38:29 +01:00
Erik Krogh Kristensen
d2c74480b9 add taint step through flatten libraries 2021-07-15 12:36:07 +02:00
Erik Krogh Kristensen
77f4d56cd9 add taint step through array-union, array-uniq, and uniq 2021-07-15 12:32:29 +02:00
Erik Krogh Kristensen
5ff7d208b7 add taint step through arrify 2021-07-15 11:24:50 +02:00
CodeQL CI
f9b539e5b9 Merge pull request #6253 from asgerf/js/more-precise-capture-steps 
Approved by erik-krogh
 2021-07-13 07:42:07 -07:00
CodeQL CI
c87fe95d52 Merge pull request #6258 from erik-krogh/case 
Approved by asgerf
 2021-07-13 05:44:49 -07:00
Erik Krogh Kristensen
d22ebadcf2 add support for many more case changing libraries 2021-07-12 14:09:34 +02:00
Erik Krogh Kristensen
a5d1325d3f add support for the change-case library 2021-07-12 13:37:06 +02:00
Erik Krogh Kristensen
bef7e61e76 add support for the fast-json-stringify library 2021-07-12 11:13:01 +02:00
Erik Krogh Kristensen
40aa970db3 add support for the strip-json-comments library 2021-07-12 11:08:50 +02:00
Erik Krogh Kristensen
23c3be6860 add support for the json-cycle library 2021-07-12 11:03:39 +02:00
Erik Krogh Kristensen
f99a33598f add support for the safe-stable-stringify library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
d6300bced3 add support for the replicator library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
babf657d9d add support for the teleport-javascript library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
9261b7f859 add support for the flatted library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
0bfff1eb7e add support for the json5 library 2021-07-12 10:51:42 +02:00
Erik Krogh Kristensen
cb3bd4901b add taint step through the json2csv library 2021-07-12 10:51:42 +02:00
Asger Feldthaus
457ce14ca6 JS: Summarize steps into captured variables 2021-07-02 13:42:42 +02:00
Asger Feldthaus
093ff41170 JS: Update tests 2021-07-02 13:31:17 +02:00
Asger Feldthaus
8befb03cb9 JS: Add test case with spurious call/return flow 2021-07-02 13:17:32 +02:00
Erik Krogh Kristensen
0adc001df0 add taint-step for serialize-javascript 2021-06-06 22:48:53 +02:00
Erik Krogh Kristensen
902a4368a1 assume that all pipe elements that return something, return outputs 2021-04-28 12:36:07 +02:00
Erik Krogh Kristensen
2f14a6218a generalize RxJS pipes 2021-04-28 12:26:02 +02:00
Erik Krogh Kristensen
fd23e0bdda use more API nodes in XmlParsers, and recognize more results from parsing XML 2021-04-14 11:48:31 +02:00
Asger Feldthaus
bd3f6d1234 JS: Add o[o.length] = y taint step 2021-03-25 09:00:10 +00:00
CodeQL CI
e3ab94fc6b Merge pull request #5498 from asgerf/js/flow-through-accessors 
Approved by erik-krogh, max-schaefer
 2021-03-24 12:46:05 +00:00
Asger Feldthaus
23d2f11840 JS: Handle inheritance 2021-03-23 14:39:37 +00:00
Asger Feldthaus
3d94ccf5dd JS: Support accessor-calls in object literals via local flow 2021-03-23 14:16:06 +00:00
Asger F
2f3d516413 JS: Track flow into ES accessors 2021-03-19 11:11:25 +00:00
Asger Feldthaus
e4d891cab5 JS: Add tests for flow through replace 2021-03-17 15:20:40 +00:00
Erik Krogh Kristensen
0ca2310594 add model for htmlparser2 2021-02-10 14:16:31 +01:00