hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,712 Commits 1,672 Branches 157 Tags
33a44de47d55a06edc6236225f4da207ee6ab521
Commit Graph

2205 Commits

Author SHA1 Message Date
Asger F
2c916cb4f3 TS: Update stats 2019-11-21 15:39:37 +00:00
Asger F
dd50d29827 TS: Fix crash in case of missing type roots 2019-11-21 15:39:37 +00:00
Asger F
4a885cbf92 TS: Expose optional parameters at syntax level 2019-11-21 15:39:37 +00:00
Asger F
b6b8213e13 TS: Handle rest parameters in call signatures 2019-11-21 15:39:37 +00:00
Asger F
f2c3d734ea TS: Update some more tests 2019-11-21 15:39:37 +00:00
Asger F
0c41d6910f TS: Pass tsconfig options correctly 2019-11-21 15:39:37 +00:00
Asger F
8205a59688 TS: Unfold aliases in Type.unfold() 2019-11-21 15:39:37 +00:00
Asger F
e25ee182a0 TS: Extract type alias relation 2019-11-21 15:39:37 +00:00
Asger F
f11dc11ade TS: Fix type of RHS of TypeAliasDeclaration 2019-11-21 15:39:37 +00:00
Asger F
a3aef1e4e0 TS: Update TypeAlias test 2019-11-21 15:39:37 +00:00
semmle-qlci
77c869f528 Merge pull request #2220 from erik-krogh/processEnvTaint 
Approved by esbena, max-schaefer
 2019-11-20 13:16:43 +00:00
Max Schaefer
5565be14fc JavaScript: Teach IncompleteSanitization to flag incomplete path sanitizers. 2019-11-19 15:06:16 +00:00
Erik Krogh Kristensen
0a428a8f44 typo 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-19 13:05:13 +01:00
Erik Krogh Kristensen
a59a414e0b update expected output 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
8ff515a58d address review feedback on MaskingReplacer 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
4ec2070e48 remove property reads on process.env as a taint step, and add a barrier for masking replace calls 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
052a331395 rename ProcessEnvLabel to PartiallySensitiveMap 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
2bd48db8cd refactor isSanitizerEdge in clear-text-logging 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
92dc759cf9 remove type cast, and fix expected test results 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
850278c62f some changes based on review. And change to only flag unknown reads of process.env 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
68c30aaef3 add flowlabels to js/clear-text-logging 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
14e4decffa changes based on review feedback. No flow-labels yet 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
1766f6a6d8 simplify global var "process" 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen
297c71a64b add process.env as source for js/clear-text-logging 2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen
b12e255fd8 add indirect calls to logging methods as logging methods 2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen
ddd217628f Merge pull request #2347 from esbena/js/fix-mjs-check 
JS: fix the check for an "mjs" extension on an extensionless file
 2019-11-15 17:39:10 +01:00
Esben Sparre Andreasen
8e8215893f JS: fix mjs check for extensionless files 2019-11-15 14:38:27 +01:00
Erik Krogh Kristensen
f813e06680 Merge pull request #2345 from Semmle/esbena-patch-3 
Update FlowSteps.qll
 2019-11-15 14:04:14 +01:00
semmle-qlci
2f63b89941 Merge pull request #2338 from esbena/js/model-get-them-args 
Approved by max-schaefer
 2019-11-15 11:50:45 +00:00
Esben Sparre Andreasen
a3deb7d4e0 Update FlowSteps.qll 2019-11-15 12:44:04 +01:00
Esben Sparre Andreasen
c3fdfdecab JS: rename DefaultParsedCommandLineArgumentsAsSource 2019-11-15 10:40:15 +01:00
Asger F
66db38266b JS: Add qldoc to HostnameRegexpShared 2019-11-15 09:27:21 +00:00
Asger F
6809eed543 JS: Stats and upgrade script 2019-11-15 09:27:21 +00:00
Asger F
607aed37ee Update javascript/ql/src/semmle/javascript/Expr.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:21 +00:00
Asger F
77e5305b9b Update javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:21 +00:00
Asger F
37aa85fe81 JS: Fix parsing of non-BMP chars before a quantifier 2019-11-15 09:27:21 +00:00
Asger F
4d1f7836f2 JS: Check for [^.] 2019-11-15 09:27:21 +00:00
Asger F
a7a90b4b7e JS: Disregard capture groups in lookaround assertions 2019-11-15 09:27:20 +00:00
Asger F
2242df920f JS: More qldoc 2019-11-15 09:27:20 +00:00
Asger F
dc6c15cbb9 Update javascript/ql/src/semmle/javascript/Regexp.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:20 +00:00
Asger F
dd9274e42c JS: Docs regarding regexp terms in string literals 2019-11-15 09:27:20 +00:00
Asger F
57a9cad721 JS: Fix offsets of octal and unicode escape 2019-11-15 09:27:20 +00:00
Asger F
4680e3a89a JS: Simplify charpred of Match 2019-11-15 09:27:20 +00:00
Asger F
c01005a610 JS: Remove outdated comment 2019-11-15 09:27:20 +00:00
Asger F
e01a9846d8 JS: Update test annotations 2019-11-15 09:27:20 +00:00
Asger F
153d34638b JS: Fix a FP 2019-11-15 09:27:20 +00:00
Asger F
8c5b9b9195 JS: Add missing post-anchor case to MissingRegExpAnchor 2019-11-15 09:27:20 +00:00
Asger F
17ad97812e JS: Fix FPs from TLDs without a domain name 2019-11-15 09:27:20 +00:00
Asger F
20fb7717d8 JS: Use type inference to refine regexp string tracking 2019-11-15 09:27:20 +00:00
Asger F
e45c361d64 JS: Port IncompleteHostnameRegExp 2019-11-15 09:27:20 +00:00