codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00

Author	SHA1	Message	Date
Asger F	7c35309732	Merge pull request #15823 from asgerf/js/lift-cg-restriction JS: Call graph improvements	2024-03-08 13:40:38 +01:00
Asger F	245cd5c0b5	Merge pull request #15760 from asgerf/js/summarised-tt-store-steps JS: Summarise store steps for type tracking	2024-03-08 13:16:25 +01:00
Asger F	ac4601cb8f	Update javascript/ql/lib/semmle/javascript/dataflow/internal/CallGraphs.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2024-03-08 13:01:38 +01:00
Asger F	fc5b9e2796	JS: Expand test case	2024-03-08 10:34:39 +01:00
Asger F	81b04863b2	JS: Change note	2024-03-07 13:35:50 +01:00
Asger F	c7295a09cd	JS: Benign test output update	2024-03-07 11:55:56 +01:00
Asger F	a54a73c9a2	JS: Detect more FunctionStyleClasses	2024-03-06 11:37:20 +01:00
Asger F	4ab7acedb6	JS: Do not track instance methods	2024-03-04 10:36:13 +01:00
Asger F	f5d014baa5	JS: Remove allocation site restriction in CG	2024-03-01 23:20:35 +01:00
Asger F	13e3a5158e	JS: Fix qldoc	2024-02-29 13:59:25 +01:00
Asger F	6a0adff1dc	JS: More precise detection of classes with escaping instances	2024-02-29 11:15:37 +01:00
Asger F	eeaa2bcc55	JS: Add test for class instance escaping into dependency	2024-02-29 11:14:23 +01:00
Asger F	f384afbaf6	JS: Also summarize loadStore steps	2024-02-29 10:11:16 +01:00
Asger F	3ad83cc098	JS: Summarise store steps for type tracking	2024-02-29 10:10:39 +01:00
Asger F	7cd84c8f0a	JS: Add type-tracking test	2024-02-29 10:10:07 +01:00
Cornelius Riemenschneider	e9b5394cd5	JS: Remove empty build target. The `resources` folder never existed, this was probably introduced as a copy-paste mistake. Remove the rule.	2024-02-26 15:26:44 +01:00
Tom Hvitved	2683e40038	Merge pull request #15708 from hvitved/share-ide-contextual Share `getFileBySourceArchiveName` implementation	2024-02-23 19:56:33 +01:00
Erik Krogh Kristensen	a0f91fbc15	Merge pull request #15706 from erik-krogh/pol-reg ReDoS: Restrict some edges related to upper/lower-case when constructing possible attack strings for polynomial-redos.	2024-02-23 12:06:17 +01:00
Tom Hvitved	62b16c0fa3	Share `getFileBySourceArchiveName` implementation	2024-02-23 11:25:49 +01:00
erik-krogh	bf22f4a870	update expected output	2024-02-22 13:21:11 +01:00
Paolo Tranquilli	c15d3ab08a	Merge branch 'main' into redsun82/bzlmod	2024-02-22 06:05:37 +01:00
Asger F	db10c229de	Merge pull request #15663 from asgerf/js/endpoint-naming2 JS: Improvements to endpoint naming	2024-02-21 19:36:57 +01:00
Paolo Tranquilli	61bfe7e520	Bazel: rename internal module to `semmle_code`	2024-02-21 16:51:39 +01:00
Paolo Tranquilli	c5ed96b4f8	Merge branch 'main' into redsun82/bzlmod	2024-02-21 06:22:10 +01:00
github-actions[bot]	37f8fa3413	Post-release preparation for codeql-cli-2.16.3	2024-02-20 16:50:47 +00:00
github-actions[bot]	6d061fbc35	Release preparation for version 2.16.3	2024-02-20 14:26:23 +00:00
Asger F	29ffeb6da5	JS: Fix qldoc	2024-02-20 14:00:32 +01:00
Asger F	c324b2aed8	JS: Refactor	2024-02-19 13:59:49 +01:00
Asger F	eb7d0244c2	JS: Global names don't have to be defined in externs	2024-02-19 13:59:49 +01:00
Asger F	493b37774f	JS: More precise isFunctionSource	2024-02-19 13:59:49 +01:00
Asger F	6d597bea0d	JS: Refactor	2024-02-19 13:59:49 +01:00
Asger F	8a5b907912	JS: Handle wrapper functions more gracefully	2024-02-19 13:59:48 +01:00
Asger F	d96f29d6c2	JS: Disallow return steps in getASinkNode	2024-02-19 13:59:48 +01:00
Asger F	51bed86778	Update EndpointNaming.expected	2024-02-19 13:59:46 +01:00
Asger F	29258ad8c2	WIP new aliasing rule	2024-02-19 13:59:15 +01:00
Asger F	4ef1ac9250	JS: Accept bad test output	2024-02-19 13:59:12 +01:00
Asger F	15bc3c282f	JS: Add test with wrapper function	2024-02-19 13:58:40 +01:00
Paolo Tranquilli	32d6c5ac3d	Javascript: fix project layout for bazel tests On Windows, the project layout needs to match `codeql~override`, while on POSIX we must keep on matching `ql`. We work around this by using `ql` in the project layout, which matches both.	2024-02-16 17:10:20 +01:00
Paolo Tranquilli	1626344560	Merge branch 'main' into redsun82/bzlmod	2024-02-16 17:10:02 +01:00
Cornelius Riemenschneider	798a1e250e	Move the JS java tests to be a proper `java_test` target. Previously, we had a `sh_test` wrapping the `java_test` to do some setup. This was extremely brittle on Windows, and relied on getting a deploy jar from `java_test`. This breaks when updating to Bazel 7, where the ability to get a deploy jar from `java_test` was removed. Therefore, we now do all the test setup in `AllTests.java` instead. This is much cleaner, and shouldn't break as easily.	2024-02-15 17:02:28 +01:00
Asger F	d94d4591da	JS: Name instance methods using API nodes instead of special-casing	2024-02-14 15:08:19 +01:00
Asger F	c4a0f36a08	JS: Fix handling of unknown properties These would shorten the expected distance to a node, but would never be usable as an edge, meaning we failed to pick a preferred predecessor.	2024-02-14 15:08:19 +01:00
Asger F	3ff950660b	JS: Add test with unknown property name	2024-02-14 15:08:19 +01:00
Asger F	9838da5395	JS: Simplify isExported	2024-02-14 15:08:19 +01:00
Asger F	a3dc19fd31	JS: Check privacy earlier	2024-02-14 15:08:19 +01:00
Asger F	5c454944a9	JS: Add test for private fields	2024-02-14 15:08:19 +01:00
Asger F	2a91bb8c54	JS: Add test showing ambiguous predecessor	2024-02-14 15:08:19 +01:00
Asger F	75a95ffcd1	Merge pull request #15602 from asgerf/js/block-logical-and-flow JS: Fix flow through &&	2024-02-14 12:29:40 +01:00
Asger F	2172c4863f	Merge pull request #15380 from asgerf/js/endpoint-naming JS: Add library for naming endpoints	2024-02-14 10:48:13 +01:00
Asger F	18db769d6d	JS: Update expected output	2024-02-14 10:45:51 +01:00

1 2 3 4 5 ...

9480 Commits