codeql

mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00

Author	SHA1	Message	Date
Max Schaefer	3e26bc6446	JavaScript: Improve alert location and message for `IncompleteSanitization`. We now highlight the `replace` call (instead of the regular expression), and the alert message for the case of missing backslash escapes clarifies that it is talking about failure to escape backslashes in the input, not in the replacement text.	2019-02-08 09:13:40 +00:00
Max Schaefer	9bfde9553d	Merge pull request #839 from asger-semmle/field-propwrite JS: add PropWrites cases for instance fields initialization	2019-02-01 10:56:25 +00:00
semmle-qlci	222738072d	Merge pull request #840 from esben-semmle/js/propagate-sound-avalue Approved by xiemaisi	2019-02-01 09:23:43 +00:00
Asger F	720f442ea5	JS: Rename to StaticClassMemberAsPropWrite	2019-01-30 15:49:21 +00:00
semmle-qlci	fc5b9dd55e	Merge pull request #837 from asger-semmle/hardcoded-empty-string Approved by esben-semmle	2019-01-30 13:40:39 +00:00
semmle-qlci	24c8a47bb1	Merge pull request #841 from asger-semmle/private-higher-order-call Approved by esben-semmle	2019-01-30 13:34:04 +00:00
Felicity Chapman	54242f4009	Merge pull request #849 from jf205/locations Update links to QL help topics in GH repo files (SD-2999)	2019-01-30 11:06:22 +00:00
james	7cc1442ecb	Update link text	2019-01-30 09:44:07 +00:00
james	81137aa7b4	update links to locations in .ql files	2019-01-30 08:02:02 +00:00
james	9d1a050f35	update links to locations in .qll files	2019-01-30 08:01:49 +00:00
Taus	9adb19f3a9	Merge branch 'master' into python-incomplete-url-sanitize	2019-01-29 14:17:37 +01:00
Asger F	9e87bf37ea	JS: make higherOrderCall private	2019-01-29 11:50:46 +00:00
Asger F	60cef60c1d	JS: ensure PropWrites exist for all instance members	2019-01-29 10:12:54 +00:00
Esben Sparre Andreasen	0d1f4270d6	JS: introduce SsaVarAccessWithNonLocalAnalysis	2019-01-29 10:20:36 +01:00
Esben Sparre Andreasen	2683a9b43a	JS: add testss for js/trivial-conditional	2019-01-29 10:19:03 +01:00
semmle-qlci	a5aee9ed0f	Merge pull request #833 from esben-semmle/js/sharpen-cond Approved by xiemaisi	2019-01-29 08:03:06 +00:00
Asger F	5815aa1e8b	JS: add test case to PropWrite tests	2019-01-28 15:43:52 +00:00
Asger F	383cadb25b	JS: add PropWrite for instance fields with initializer	2019-01-28 15:40:30 +00:00
Asger F	7a4af4af6d	JS: add PropWrite instance for parameter fields	2019-01-28 15:40:30 +00:00
Asger F	dacde5da12	JS: restrict ClassMemberAsPropWrite to static members	2019-01-28 15:40:25 +00:00
Asger F	3245142203	JS: Dont flag empty string as hardcoded username	2019-01-28 13:01:52 +00:00
semmle-qlci	962416ffc2	Merge pull request #805 from asger-semmle/callback-taint-source Approved by xiemaisi	2019-01-28 08:45:37 +00:00
semmle-qlci	8b029a2d9f	Merge pull request #827 from xiemaisi/js/duplicate-toplevel-percent Approved by esben-semmle	2019-01-28 08:40:23 +00:00
Esben Sparre Andreasen	ef3b107cc1	JS: sharpen the js/trivial-conditional whitelist	2019-01-25 18:19:45 +01:00
Mark Shannon	3850f87879	Make qhelp for 'Incomplete URL substring sanitization' consistent across languages.	2019-01-25 16:47:23 +00:00
semmle-qlci	d8947a71a5	Merge pull request #735 from asger-semmle/string-ops Approved by xiemaisi	2019-01-25 15:15:19 +00:00
Asger F	ccbfaa7c9e	JS: explain return step more thoroughly	2019-01-25 15:12:24 +00:00
Max Schaefer	254fafc6ce	JavaScript: Round down percentage in `DuplicateToplevel.ql`. All the other duplication queries already do this.	2019-01-25 22:44:07 +08:00
Max Schaefer	39191ed6f1	JavaScript: Add more statements to test cases for `DuplicateToplevel`. Now both `a.js` and `b.js` have ten (non-block) statements, which allows for more interesting tests.	2019-01-25 22:42:51 +08:00
semmle-qlci	247d615c01	Merge pull request #802 from Semmle/xiemaisi-patch-5-1 Approved by asger-semmle	2019-01-25 12:32:43 +00:00
Asger F	8294aeea74	JS: fix doc comments	2019-01-25 11:12:07 +00:00
Asger F	c48b529846	JS: autoformat	2019-01-25 11:06:31 +00:00
Asger F	3bbe542ef4	JS: fix whitespace	2019-01-25 11:06:17 +00:00
Max Schaefer	e6672aaf70	Merge pull request #804 from esben-semmle/js/sharpen-unneeded-defensive JS: better handling of nested expressions in js/unneeded-defensive-code	2019-01-25 11:23:51 +08:00
imsolost	e1aa3def25	removed extra parenthesis around argument for set state arrow function	2019-01-23 17:05:32 -08:00
Asger F	bb775e3343	JS: reapply review fixes	2019-01-23 10:42:03 +00:00
Esben Sparre Andreasen	00ef80dfc5	Merge pull request #741 from asger-semmle/this-access-path JS: support 'this' as the root of an access path	2019-01-21 16:48:34 +01:00
Asger F	10db0d53a8	JS: copy changes to TrackedNode	2019-01-21 10:49:27 +00:00
Max Schaefer	43f4fe1a7e	Update DoubleEscaping.qhelp Somewhat ironic, considering the object of the query.	2019-01-21 18:48:22 +08:00
Asger F	3a6e6f95b9	JS: autoformat	2019-01-21 10:39:35 +00:00
Asger F	77d748aa00	JS: "return" flow through callbacks	2019-01-21 10:39:35 +00:00
Esben Sparre Andreasen	9e4613094a	JS: sharpen js/unneeded-defensive-code for negations and sequences	2019-01-21 09:00:35 +01:00
semmle-qlci	0432b01e3b	Merge pull request #764 from asger-semmle/dataflow-classnode Approved by esben-semmle, xiemaisi	2019-01-21 06:47:57 +00:00
semmle-qlci	dd84b6063b	Merge pull request #794 from xiemaisi/js/parallel-extraction Approved by asger-semmle, esben-semmle	2019-01-20 00:22:38 +00:00
Asger F	4b4daa645f	JS: handle accessors separately	2019-01-18 15:42:05 +00:00
Asger F	e18b635314	JS: add getADirectSuperClass()	2019-01-18 15:42:05 +00:00
Asger F	c82690f4c1	JS: address comments	2019-01-18 15:42:05 +00:00
Asger F	cc1204acef	JS: remove isAmbient() check	2019-01-18 15:42:05 +00:00
Asger F	1eb0ca4b4a	JS: make ClassNode::Range abstract	2019-01-18 15:42:05 +00:00
Asger F	3cb2341e63	JS: split ClassNode into two classes	2019-01-18 14:46:38 +00:00

1 2 3 4 5 ...

934 Commits