hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 01:39:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,179 Commits 1,754 Branches 167 Tags
42d3012f811ca68d57f3c3a802dd94324ed2996f
Commit Graph

736 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
42d3012f81 JS: let RegExpLiteral be a DataFlow::SourceNode 2019-04-01 09:19:25 +02:00
semmle-qlci
ed0ef36427 Merge pull request #1035 from asger-semmle/firebase 
Approved by xiemaisi
 2019-03-29 13:44:02 +00:00
semmle-qlci
35ea746045 Merge pull request #1172 from asger-semmle/hostname-prefix-sanitizer 
Approved by xiemaisi
 2019-03-28 11:55:10 +00:00
Asger F
0eb9231cb1 JS: Make use of TypeTracker::end() 2019-03-27 13:25:01 +00:00
Asger F
208bcd438b JS: Make type-tracking predicates private 2019-03-27 13:21:45 +00:00
Asger F
7bfad8c360 JS: trailing whitespace 2019-03-27 13:21:45 +00:00
Asger F
9bbdf84e5d JS: missing qldoc 2019-03-27 13:21:45 +00:00
Asger F
28a776a82b JS: dataflow -> data flow 2019-03-27 13:21:45 +00:00
Asger F
c0b58f6b09 JS: Capitalize Firebase in comments 2019-03-27 13:21:45 +00:00
Asger F
99cc09df8c JS: use TypeBackTracker where appropriate 2019-03-27 13:21:45 +00:00
Asger F
ad592d7cd1 JS: handle .after and .before 2019-03-27 13:21:45 +00:00
Asger F
0401b26b48 JS: handle CloudFunctions 2019-03-27 13:21:45 +00:00
Asger F
49a746b87a JS: handle Reference.transaction() 2019-03-27 13:21:45 +00:00
Asger F
f554f859aa JS: handle 'firebase-admin' package 2019-03-27 13:21:45 +00:00
Asger F
e0c06cb518 JS: handle Query methods 2019-03-27 13:21:45 +00:00
Asger F
06b0851072 JS: Add Firebase model 2019-03-27 13:21:45 +00:00
semmle-qlci
86040575b1 Merge pull request #1161 from esben-semmle/js/classify-mode-html 
Approved by xiemaisi
 2019-03-27 12:56:04 +00:00
Asger F
d4c7312d80 JS: more sanitizing prefixes 2019-03-27 11:22:31 +00:00
Max Schaefer
3e16d16525 JavaScript: Make type tracking-related parameter and predicate names more consistent. 2019-03-26 13:00:09 +00:00
Max Schaefer
bf04664bd7 Update javascript/ql/src/semmle/javascript/GeneratedCode.qll 
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com>
 2019-03-26 10:01:24 +01:00
Esben Sparre Andreasen
3cd93129a6 JS: classify HTML files with > 20 elements on a line as generated 2019-03-26 08:03:56 +01:00
Max Schaefer
c50067b597 JavaScript: Refactor type tracking to avoid computing very large relations. 2019-03-25 20:38:58 +00:00
Max Schaefer
084159dcfd JavaScript: Teach type trackers to track flow through one level of properties. 2019-03-25 20:38:58 +00:00
Max Schaefer
9fbc0eb717 JavaScript: Switch from path summaries to step summaries for type tracking. 
This is sufficient since we are not doing summarisation.
 2019-03-25 20:37:05 +00:00
Max Schaefer
8e926333a9 JavaScript: Simplify a few newtypes and remove unused predicates. 2019-03-25 16:57:46 +00:00
Max Schaefer
55394df96f JavaScript: Refactor HTTP libraries to use type tracking instead of tracked nodes. 2019-03-25 16:57:46 +00:00
Max Schaefer
74db8b1979 JavaScript: Use type tracking instead of tracked nodes in Express. 2019-03-25 16:57:46 +00:00
Max Schaefer
276f216ef9 JavaScript: Use type tracking to improve modelling of socket.io. 2019-03-25 16:57:46 +00:00
Max Schaefer
4702790696 JavaScript: Refactor AMD/CommonJS path expression analysis to avoid bad magic. 2019-03-25 16:57:46 +00:00
Max Schaefer
0e0fe2545d JavaScript: Refactor Closure::isTopLevelExpr to avoid unhelpful magic. 2019-03-25 16:57:46 +00:00
Max Schaefer
c17f4d7d41 JavaScript: Cache SourceNode::track and SourceNode::backtrack. 2019-03-25 16:57:46 +00:00
Max Schaefer
2b778afdf5 JavaScript: Cache a bunch of flow steps to avoid recomputation. 2019-03-25 16:57:46 +00:00
Esben Sparre Andreasen
335a969946 JS: fix performance in ObjectDefinePropertyAsPropWrite::getRhs 2019-03-22 12:29:34 +01:00
Max Schaefer
8c460ae385 Merge remote-tracking branch 'upstream/master' into rc/1.20-merge-master 
Conflict in `javascript/extractor/src/com/semmle/js/extractor/Main.java` resolved
in favour of `master`.
 2019-03-21 14:46:29 +00:00
Max Schaefer
4533e1f6fe JavaScript: Add model of adm-zip library for ZipSlip query. 2019-03-21 08:04:06 +00:00
Asger F
aaa8bfb874 TS: allow namespace imports as types 2019-03-20 10:09:18 +00:00
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
Jason Reed
aa9ba9557c JavaScript: Include 'unzipper' library in ZipSlip. 2019-03-15 09:32:39 -04:00
Jason Reed
8124980f58 JavaScript: Add change note and comment. 2019-03-15 09:32:39 -04:00
Jason Reed
a674dbb5cd JavaScript: Update docstrings to reflect generalization. 2019-03-15 09:31:26 -04:00
Jason Reed
6589813ec7 JavaScript: Add tar-stream extraction to ZipSlip query. 2019-03-15 09:31:26 -04:00
Max Schaefer
5441352d41 Merge pull request #1113 from esben-semmle/js/useless-property-assign-setter 
JS: improve use of attributes from ~Object.defineProperty~
 2019-03-15 12:11:50 +00:00
semmle-qlci
cb86687302 Merge pull request #1078 from psygnisfive/UndefinedReturns 
Approved by xiemaisi
 2019-03-15 08:37:12 +00:00
Rebecca Valentine
f3683794d6 stylistic changes per PR change req. in description 
https://github.com/Semmle/ql/pull/1078#pullrequestreview-214401005
 2019-03-14 09:49:02 -07:00
semmle-qlci
d549a0dcb8 Merge pull request #1111 from xiemaisi/js/performance-fiddling 
Approved by esben-semmle
 2019-03-14 14:56:26 +00:00
semmle-qlci
5d9d23ee71 Merge pull request #1110 from xiemaisi/js/yield-in-non-generator 
Approved by asger-semmle
 2019-03-14 11:59:43 +00:00
Max Schaefer
8e52528219 JavaScript: Refactor reachableFromInput to improve join. 2019-03-14 11:53:46 +00:00
Max Schaefer
993345fb7b JavaScript: Track Electron browser objects locally only. 2019-03-14 11:53:46 +00:00
Esben Sparre Andreasen
bd7eef08e8 JS: introduce CallToObjectDefineProperty::getAPropertyAttribute 2019-03-14 11:59:27 +01:00
Max Schaefer
69c63110c1 JavaScript: Teach Function.isGenerator to check for yield. 2019-03-14 10:48:44 +00:00