hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 17:29:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
7,902 Commits 1,754 Branches 167 Tags
33374ee089c578e2bfc2d4230d5044633976dc80
Commit Graph

1226 Commits

Author SHA1 Message Date
semmle-qlci
33374ee089 Merge pull request #2202 from asger-semmle/express-sendfile 
Approved by esbena
 2019-10-28 09:24:34 +00:00
Max Schaefer
b333c6a214 Merge pull request #2106 from asger-semmle/call-graph-3 
JS: Call graph changes
 2019-10-28 09:24:10 +00:00
semmle-qlci
d2f3574427 Merge pull request #2165 from erik-krogh/dosHigh 
Approved by asger-semmle
 2019-10-25 16:28:07 +01:00
Asger F
7ed31baeea JS: Rename to upward navigation 2019-10-25 13:07:07 +01:00
Asger F
39e2d1480e JS: Default to imprecision zero by default 2019-10-25 12:20:16 +01:00
Asger F
ad645d3d50 JS: Restrict sendfile sink 2019-10-25 09:57:10 +01:00
Erik Krogh Kristensen
834b572f45 add initial support for expressions in TypeScript 2019-10-24 10:17:00 +02:00
semmle-qlci
cbfa1cd058 Merge pull request #2168 from xiemaisi/js/remove-duplicate-configuration 
Approved by erik-krogh
 2019-10-22 17:02:26 +01:00
semmle-qlci
cb3a05c6de Merge pull request #2166 from xiemaisi/js/fix-typo 
Approved by esben-semmle
 2019-10-22 12:38:10 +01:00
Max Schaefer
1c23615742 JavaScript: Fix typo in doc comment. 2019-10-22 10:44:25 +01:00
semmle-qlci
1c79ec550e Merge pull request #2092 from esben-semmle/js/brittle-system-reflection-command 
Approved by mchammer01, xiemaisi
 2019-10-22 08:36:44 +01:00
Erik Krogh Kristensen
1ae8e25603 change precision of js/loop-bound-injection and fix a false positive 2019-10-22 09:21:19 +02:00
semmle-qlci
eb9d90dff6 Merge pull request #2143 from esben-semmle/js/fix-all-sanitisers 
Approved by xiemaisi
 2019-10-22 07:16:27 +01:00
Esben Sparre Andreasen
5a983cb535 JS: add query js/shell-command-injection-from-environment 2019-10-21 23:31:55 +02:00
Max Schaefer
b9203377c7 JavaScript: Remove a duplicate Configuration class. 2019-10-21 17:32:02 +01:00
Erik Krogh Kristensen
9eda120de4 implement a new query to detect unreachable overloaded methods in TypeScript 2019-10-21 13:34:42 +02:00
Asger F
0ad9067b7d JS: pragma[noopt] -> pragma[noinline] 2019-10-21 11:32:22 +01:00
Asger F
96b6c83eba JS: Tests and fixes for PartialInvokeNode 2019-10-21 11:32:22 +01:00
Asger F
3dcb134e6b JS: Improve documentation 2019-10-18 17:00:38 +01:00
Esben Sparre Andreasen
80a32aebc1 JS: add SystemCommandExecution::isShellInterpreted 2019-10-17 13:29:24 +02:00
Max Schaefer
a4bffe35fd JavaScript: Add support for globalThis. 2019-10-17 12:04:01 +01:00
Esben Sparre Andreasen
93b1e59d62 JS: fix spelling: sanitisers -> sanitizers 2019-10-17 09:05:03 +02:00
Esben Sparre Andreasen
e1d7434be4 JS: add query js/useless-regexp-character-escape 2019-10-16 00:15:54 +02:00
Asger F
cf24fa22c8 JS: Dont use deprecated class 2019-10-09 12:16:12 +01:00
Asger F
ddf0d5379d JS: Angular: replace getAnInitialUse with parameterNode 2019-10-09 12:16:11 +01:00
Asger F
d3f587c12a JS: Restrict class values flowing through globals 2019-10-09 12:16:11 +01:00
Asger F
bdc409ccb6 JS: Move getACallee into CallGraphs module 2019-10-09 12:16:11 +01:00
Asger F
4a0e54a69f JS: Add library doc comment 2019-10-09 12:16:11 +01:00
Asger F
8404522c08 JS: Performance tweaks 2019-10-09 12:16:11 +01:00
Asger F
34497f6d19 JS: Use getABoundFunctionValue in PostMessageEventHandler 2019-10-09 12:16:11 +01:00
Asger F
d6d89a0703 JS: Move call graph computation into CallGraphs.qll 2019-10-09 12:16:10 +01:00
Asger F
96a13ff5d6 JS: Add goog.bind and angular.bind as partial invokes 2019-10-09 12:16:10 +01:00
Asger F
3bf86ee468 JS: Rename AdditionalPartialInvoke -> PartialInvoke::Range 2019-10-09 12:16:10 +01:00
Asger F
d6ba966c4e JS: Add getBoundFunction() 2019-10-09 12:16:10 +01:00
Asger F
6534219831 JS: Move AdditionalPartialInvokeNode to Nodes.qll 2019-10-09 12:16:10 +01:00
Asger F
15f0e85853 JS: Restructure call graph computation 2019-10-09 12:16:10 +01:00
Asger F
c09e748bca JS: Migrate JQueryMethodCall to new API 2019-10-08 14:05:10 +01:00
Asger F
755f76a308 JS: Mention the ::Range classes 2019-10-07 08:29:42 +01:00
Asger F
34b4eb69db JS: Cache JSDocTypeExpr.resolvedName() 2019-10-07 08:29:42 +01:00
Asger F
c1e9eec267 JS: Modernize jQuery attribute defs 2019-10-07 08:29:42 +01:00
Asger F
a224186fab JS: Migrate AngularJS.JQLiteObject 2019-10-07 08:29:42 +01:00
Asger F
afdcb1e075 JS: Handle jQuery objects from Parameter.getAnInitialUse() 2019-10-07 08:29:42 +01:00
Asger F
fb181c2d14 JS: Use type info and type tracking in jQuery 2019-10-07 08:29:42 +01:00
Asger F
b4f67f20af JS: Extract types and signatures for functions 2019-09-26 10:17:58 +01:00
Asger F
97494290de JS: Add getOverloadIndex() 2019-09-26 10:17:58 +01:00
Max Schaefer
d4fca84898 JavaScript: Improve XSS sanitizer detection. 
We now use local data flow to detect more regexp-based sanitizers.
 2019-09-23 17:07:06 +01:00
semmle-qlci
825a3d2917 Merge pull request #1954 from asger-semmle/type-tracking-through-captured-vars 
Approved by xiemaisi
 2019-09-23 12:10:30 +01:00
semmle-qlci
e2c941c577 Merge pull request #1916 from erik-krogh/taintedLength 
Approved by asger-semmle, xiemaisi
 2019-09-23 11:47:48 +01:00
Max Schaefer
149ae5d7ab JavaScript: Fix IllegalInvocation. 
This fixes false positives that arise when a call such as `f.apply` can either be interpreted as a reflective invocation of `f`, or a normal call to method `apply` of `f`.
 2019-09-23 07:44:14 +01:00
semmle-qlci
6f2e485ace Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible 
Approved by esben-semmle
 2019-09-19 12:45:45 +01:00