hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,645 Commits 1,671 Branches 157 Tags
56604e005aa3b788bb8a64cd48bbb5e3c2ddb9c9
Commit Graph

4823 Commits

Author SHA1 Message Date
CodeQL CI
4e116ba0db Merge pull request #4419 from erik-krogh/jsxFactory 
Approved by asgerf
 2020-10-06 06:13:21 -07:00
CodeQL CI
0753c8a31b Merge pull request #4247 from erik-krogh/CVE760-reexport 
Approved by asgerf
 2020-10-06 06:10:21 -07:00
CodeQL CI
ef703e72d8 Merge pull request #4401 from asgerf/js/angular-prerequisites 
Approved by erik-krogh
 2020-10-06 06:09:48 -07:00
CodeQL CI
7e6fa7b4be Merge pull request #4392 from erik-krogh/flask 
Approved by asgerf
 2020-10-06 03:41:36 -07:00
Erik Krogh Kristensen
f7f82ffe4e Merge branch 'main' into CVE760-reexport 2020-10-06 12:28:44 +02:00
CodeQL CI
bc1d3de8fe Merge pull request #4376 from erik-krogh/simpParam 
Approved by asgerf
 2020-10-06 03:24:43 -07:00
Erik Krogh Kristensen
99213b94f5 detect uses of jsxFactory and jsxFragmentFactory in js/unused-local-variable 2020-10-06 12:23:15 +02:00
Asger Feldthaus
a962a8a3bd JS: Autoformat 2020-10-06 10:01:36 +01:00
Asger Feldthaus
c31cdaacb2 JS: Add test for getFieldTypeAnnotation 2020-10-06 10:01:04 +01:00
Erik Krogh Kristensen
d6dc4bb655 allow flask url_for urls in TargetBlank.ql 2020-10-05 21:40:24 +02:00
Erik Krogh Kristensen
7d8bb339b6 add support for destructuring object exports in getAnExportedValue 2020-10-05 21:38:31 +02:00
CodeQL CI
339c0721c5 Merge pull request #4344 from esbena/js/fixup-cwe-20-to-cwe-020 
Approved by erik-krogh
 2020-10-05 12:30:53 -07:00
CodeQL CI
e95b665556 Merge pull request #4363 from erik-krogh/nosql-api 
Approved by max-schaefer
 2020-10-05 12:01:34 -07:00
Erik Krogh Kristensen
c1b5357e74 remove stray todo 2020-10-05 16:53:05 +02:00
Erik Krogh Kristensen
2753a4f379 Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-10-05 15:11:04 +02:00
CodeQL CI
48fa8aacd5 Merge pull request #4403 from asgerf/js/remove-tslint-dependency 
Approved by erik-krogh
 2020-10-05 05:58:48 -07:00
Asger Feldthaus
fee99105da JS: Remove tslint dependency 2020-10-05 11:53:58 +01:00
CodeQL CI
43b2c90538 Merge pull request #4400 from max-schaefer/js/api-graph-classrefs 
Approved by asgerf
 2020-10-05 03:12:23 -07:00
Asger Feldthaus
8689a9b3b9 JS: Fix a bad join order in barrierGuardBlocksNode 2020-10-05 09:55:22 +01:00
Asger Feldthaus
790d2ba0fc JS: Fix FPs from ParameterFieldAsPropWrite.getPropertyNameExpr 2020-10-05 09:55:22 +01:00
Asger Feldthaus
cad259fb83 JS: Use more types in DOM model 2020-10-05 09:55:22 +01:00
Asger Feldthaus
3dabff6b17 JS: Recognize field types in untyped code 2020-10-05 09:55:22 +01:00
Erik Krogh Kristensen
856ad07694 join-order improvement in NoSQL.qll 2020-10-03 22:07:34 +02:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Erik Krogh Kristensen
6acb199074 improve precision using getAnImmediateUse to check parameter names 2020-10-02 11:09:50 +02:00
Erik Krogh Kristensen
abdbe92720 refactor the NoSQL model to use API graphs 2020-10-02 10:42:49 +02:00
Max Schaefer
98e93a7b9d JavaScript: Improve API-graph support for function-style classes. 2020-10-02 09:25:51 +01:00
Chris Smowton
aa707e9370 Merge pull request #4381 from smowton/smowton/admin/fix-owasp-broken-links 
Fix OWASP broken links
 2020-10-02 08:51:36 +01:00
Aditya Sharad
f7f05476a2 Merge pull request #4375 from adityasharad/javascript/client-side-url-redirect-regexp 
JavaScript: Track taint through RegExp.prototype.exec for URL redirection
 2020-10-01 09:55:19 -07:00
CodeQL CI
36450a8998 Merge pull request #4338 from erik-krogh/nodejs-server-request-data 
Approved by asgerf
 2020-10-01 06:00:17 -07:00
Erik Krogh Kristensen
d54a057457 Merge pull request #4377 from erik-krogh/babelCrash 
JS: prevent crash when TemplateLiteral is used in import
 2020-10-01 14:58:45 +02:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Erik Krogh Kristensen
18f7f2b559 autoformat 2020-10-01 13:49:31 +02:00
Erik Krogh Kristensen
4dec2171da add http request server data as a RemoteFlowSource 2020-10-01 13:21:56 +02:00
CodeQL CI
0158e2ffef Merge pull request #4374 from max-schaefer/js/api-graph 
Approved by erik-krogh
 2020-10-01 03:33:45 -07:00
Erik Krogh Kristensen
fbd62abd64 prevent crash when TemplateLiteral is used in import 2020-10-01 11:26:49 +02:00
Erik Krogh Kristensen
75b9237b81 use Parameter instead of SimpleParameter in the AngularJS model 2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen
c675d72629 use Parameter instead of SimpleParameter in remaining route-handler models 2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen
f65ba11485 use Parameter instead of SimpleParameter in AMD.qll 2020-10-01 10:44:05 +02:00
Aditya Sharad
e712d16e7e JavaScript: Track taint through RegExp.prototype.exec for URL redirection 
Regexp literals are currently handled, but not `RegExp` objects.
 2020-09-30 15:13:02 -07:00
Erik Krogh Kristensen
bfb653a34a rename getAReference to getAnImmediateUse 2020-09-30 15:15:49 +02:00
Erik Krogh Kristensen
eb973b39fe Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-30 15:12:17 +02:00
Erik Krogh Kristensen
d316cb512e deprecate exports and replace uses with the new getAnExportedValue 2020-09-30 13:46:28 +02:00
Erik Krogh Kristensen
b24e959033 add getAnInvocation to the ApiGraphs API 2020-09-30 13:33:36 +02:00
Erik Krogh Kristensen
b720bfdd11 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-09-30 13:26:51 +02:00
Erik Krogh Kristensen
e0b25798ff remove type-tracking from getAReference, and rewrite qldocs 2020-09-30 10:36:08 +02:00
Erik Krogh Kristensen
65441705ef renamings based on review 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
c3f5a6dcac introduce API::Node::getACall() 2020-09-29 18:23:10 +02:00