hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,639 Commits 1,673 Branches 157 Tags
3f20d71a9b1f73fdd30e89543ce02b3cd488fa46
Commit Graph

8495 Commits

Author SHA1 Message Date
Asger F
3f20d71a9b JS: Add legacy post-update step 
This is to ensure getALocalSource() can be replaced by getPostUpdateNode() as the base of a store
 2023-10-13 12:42:40 +02:00
Asger F
6037ff553c JS: Add LegacyPreUpdateStep 
This contributes to both LegacyFlowStep and SharedTypeTrackingStep.

That is, this is for steps that are used by type-tracking and the old data flow library, but not the new data flow library.
 2023-10-13 12:42:40 +02:00
Asger F
27c7d5004a JS: Do the same for additional taint steps 2023-10-13 12:42:40 +02:00
Asger F
1afe06e3a5 JS: Add "additional" and "legacy" steps 
See the comment at the top of AdditionalFlowSteps.qll
 2023-10-13 12:42:40 +02:00
Asger F
c24a0e00f5 JS: Move SharedTaintStep to AdditionalTaintSteps.qll 
NOTE that this commit only moves around code. There are no changes.
 2023-10-13 12:42:40 +02:00
Asger F
5bccc652c8 JS: Move SharedFlowStep to AdditionalFlowSteps.qll 
NOTE that this commit only moves around code. There are no changes.
 2023-10-13 12:42:40 +02:00
Asger F
293899d648 JS: Add 'Awaited' token 2023-10-13 12:42:40 +02:00
Asger F
32070abb27 JS: Implicitly treat array steps as taint steps 2023-10-13 12:42:40 +02:00
Asger F
60101f5e6a JS: Instantiate flow summary library 2023-10-13 12:42:40 +02:00
Asger F
8dc0800526 JS: Add the shared FlowSummaryImpl.qll file 2023-10-13 12:42:40 +02:00
Asger F
f316da78d2 JS: Add FunctionSelfReferenceNode 2023-10-13 12:42:40 +02:00
Asger F
760873c01c JS: Basic instantiation of shared library 2023-10-13 12:42:40 +02:00
Asger F
3455463e71 JS: Add instantiation boilerplate 
Note that this commit won't compile on its own, but putting the boilerplate in its own commit
 2023-10-13 12:42:40 +02:00
Asger F
c839822eb9 JS: Add PostUpdateNode 2023-10-13 12:42:40 +02:00
Asger F
01952f17bf JS: Add some missing getContainer() predicates 2023-10-13 12:42:40 +02:00
Asger F
21300eef4c JS:Add ConstructorThisArgumentNode 2023-10-13 12:42:40 +02:00
Asger F
b499c6075a JS: Add Contents.qll 2023-10-13 12:42:40 +02:00
Asger F
79e7aae9f6 JS: Add TEarlyStageNode 2023-10-13 12:42:39 +02:00
Asger F
51ef0e5836 JS: Move TNode into a cached module 2023-10-13 12:42:39 +02:00
Erik Krogh Kristensen
85bb14f04f Merge pull request #14405 from erik-krogh/tagCall 
JS: recognize tagged template literals as `DataFlow::CallNode`
 2023-10-11 11:25:34 +02:00
Erik Krogh Kristensen
6377e92067 Update javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-10-11 09:52:48 +02:00
erik-krogh
ccd06c78b9 delete an .expected file outside the test directories 2023-10-10 21:35:19 +02:00
erik-krogh
a7ab9fd93b add change-notes 2023-10-09 09:43:06 +02:00
erik-krogh
f48b47c656 JavaScript: add import that populate the shared abstract classes 2023-10-09 09:14:55 +02:00
erik-krogh
c2942b37a7 JS: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
erik-krogh
0d992a3d1f delete old deprecated aliases of various regex libraries 2023-10-09 09:14:54 +02:00
erik-krogh
d261cec3cd add change-note 2023-10-07 15:41:08 +02:00
erik-krogh
56e9eda2b9 fix performance by caching getArgument 2023-10-07 13:06:45 +02:00
erik-krogh
7ca0996912 add a taint-tracking tests for calls to tagged template strings 2023-10-06 21:39:42 +02:00
erik-krogh
9b6501787a add API-graph test for the new tagged template calls 2023-10-06 21:25:34 +02:00
erik-krogh
18e6a5491c recognize tagged templates as DataFlow::CallNode 2023-10-06 21:14:00 +02:00
erik-krogh
951ed01d6b combine the library-tests/CallGraphs/FullTest tests into one file 2023-10-06 20:57:09 +02:00
Asger F
97b3ebe385 Merge pull request #14380 from asgerf/js/amd-range 
JS: Add AmdModuleDefinition::Range
 2023-10-05 21:05:28 +02:00
Cornelius Riemenschneider
96edc1d349 Add skeleton bazel files for accessing the dbschemes. 2023-10-05 09:00:38 +02:00
Asger F
315272839d JS: Change note 2023-10-05 08:13:43 +02:00
Asger F
162c477236 JS: Add AmdModuleDefinition::Range 2023-10-04 20:38:37 +02:00
Henry Mercer
da92da2204 Bump minor versions of packs we regularly release 2023-10-03 16:31:23 +01:00
Henry Mercer
f3847b3f51 Merge branch 'main' into henrymercer/rc-3.11-mergeback 2023-10-03 16:30:23 +01:00
Anders Schack-Mulligen
855c89667d JavaScript: Use shared FileSystem library. 2023-09-28 08:58:55 +02:00
github-actions[bot]
3acf5244b0 Post-release preparation for codeql-cli-2.14.6 2023-09-20 10:25:10 +00:00
github-actions[bot]
0a3670727f Release preparation for version 2.14.6 2023-09-19 11:40:30 +00:00
Erik Krogh Kristensen
7e7852eff6 Merge pull request #13641 from erik-krogh/multi-char 
JS/RB: write qhelp for `incomplete-multi-character-sanitization`
 2023-09-14 14:48:30 +02:00
erik-krogh
c6b8c444d0 fix out of bounds string access in isUsingDecl 2023-09-13 21:53:49 +02:00
erik-krogh
fdd349c1a3 fix out of bounds string access in isUsingDecl 2023-09-13 20:11:21 +02:00
Max Schaefer
e722e3288f Merge pull request #13771 from github/max-schaefer/server-side-url-redirect-help 
JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.
 2023-09-13 13:20:48 +01:00
Max Schaefer
a9e81672f0 Make suggestion to replace example.com more explicit. 2023-09-12 16:54:05 +01:00
Max Schaefer
7ddb7da65e Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-09-12 16:47:23 +01:00
github-actions[bot]
d699880c86 Post-release preparation for codeql-cli-2.14.4 2023-09-08 21:17:52 +00:00
Chuan-kai Lin
1a575ef297 Merge pull request #14167 from asgerf/ts/tolerate-out-of-order-requests 
JS: tolerate out of order requests in TypeScript extractor
 2023-09-08 12:33:44 -07:00
Asger F
ea384b340a JS: Change note 2023-09-08 10:31:04 +02:00