hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,671 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

4615 Commits

Author SHA1 Message Date
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Erik Krogh Kristensen
9893650f7c Merge pull request #8604 from erik-krogh/httpNode 
JS: refactor most library models away from AST nodes
 2022-09-09 10:04:17 +02:00
erik-krogh
aee72357b8 find a main module in more cases 2022-09-08 20:21:31 +02:00
erik-krogh
a21a4275f3 add taint-step in js/insecure-randomness for selecting a random element 2022-09-08 15:00:00 +02:00
erik-krogh
a35fe1ffab Merge branch 'main' into js-followMsg 2022-09-08 13:09:15 +02:00
Erik Krogh Kristensen
57bf92a70c Merge pull request #10347 from erik-krogh/mermaid 
JS: add a markdown step through the `mermaid` library
 2022-09-08 12:41:58 +02:00
Erik Krogh Kristensen
9534f31eac Merge pull request #10343 from erik-krogh/spreadFunction 
JS: recognize calls to `Function` when spread arguments are used
 2022-09-08 09:25:10 +02:00
erik-krogh
0407198dd2 add a markdown step through the mermaid library 2022-09-08 09:23:45 +02:00
Asger F
ada72b865f Merge pull request #10332 from asgerf/js/type-confusion-bugfix 
JS: bugfixes in TypeThroughThroughParameterTampering
 2022-09-08 09:02:16 +02:00
erik-krogh
6447234428 recognize calls to Function where spread arguments are used 2022-09-07 22:55:51 +02:00
erik-krogh
e829387cdb add failing test for call the Function with a spread argument 2022-09-07 22:54:21 +02:00
Asger F
6806bc1da4 JS: Expand test case 2022-09-07 14:18:01 +02:00
Asger F
d31b59e61d JS: Call super in isBarrier() override 2022-09-07 13:40:30 +02:00
Asger F
3184ddb38a JS: Fix test case 2022-09-07 13:39:51 +02:00
Asger F
0cc3b8a9ec JS: Update test output 2022-09-06 18:48:14 +02:00
erik-krogh
24f2e3cc07 update alert-messages of the sensitive data queries to match #10314 2022-09-06 12:25:36 +02:00
Asger F
2cbba65617 JS: Sync with JS 
fixup JS
 2022-09-06 09:30:02 +02:00
Erik Krogh Kristensen
e387ebaedd add domNode.innerHTML += sink as a DOM sink 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
b4968eb645 refactor the SensitiveExpr to be a dataflow node 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
0c4f08c841 refactor the CredentialsExpr to be a dataflow node 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
c5b1588096 update the SQL/NoSQL models to use dataflow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
5ebea8c75a fix express in the POI test 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
aa9261f1b1 convert the AngularJS model to use DataFlow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
2f429e7d29 convert some leftovers to use dataflow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
136124fbaa convert the remaining Koa models to DataFlow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
fc54ba823b update the existing expression based Express models 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
8266b083d7 update the predicates on Express::RouteHandler to use dataflow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
4cfbf15d18 deprecate RouteHandlerExpr and make RouteHandlerNode instead 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
92240384a9 update the tests to reflect the extra DataFlow::Nodes 2022-09-05 15:47:38 +02:00
Erik Krogh Kristensen
dfb7782be0 replace getA?RouteHandlerExpr with getA?RouteHandlerNode 2022-09-05 15:46:27 +02:00
Erik Krogh Kristensen
288230d7cf update tests to reflect the extra DataFlow::Nodes from ResponseNode and RequestNode 2022-09-05 15:46:27 +02:00
Erik Krogh Kristensen
30d929909c deprecate RequestExpr and ResponseExpr and use ResponseNode and RequestNode instead 2022-09-05 15:46:25 +02:00
Erik Krogh Kristensen
9cb7522bc1 change RouteSetup to a DataFlow::Node 2022-09-05 15:45:31 +02:00
Erik Krogh Kristensen
19e808186d refactor definesExplicitly to use DataFlow::Node 2022-09-05 15:44:13 +02:00
Erik Krogh Kristensen
d4ccc75ce1 refactor RedirectInvocation to a DataFlow::Node 2022-09-05 15:44:13 +02:00
erik-krogh
aa56ca37ae make the alert messages of taint-tracking queries more consistent 2022-09-05 14:04:52 +02:00
Asger F
55fdf84d15 Ruby+JS: change LabelEntryPoint.toString() 
fixup Ruby entry point tests
 2022-09-03 13:24:45 +02:00
Asger F
0d88d20b56 JS: Actually update test output this time 2022-08-30 16:44:01 +02:00
Asger F
51d6f752ab JS: Add partially failing test 2022-08-30 14:08:31 +02:00
Asger F
ef627b4872 Add support for TypeVar[x] and typeVariable rows 2022-08-30 14:07:35 +02:00
Asger F
623531a719 Merge pull request #10206 from asgerf/js/js-mad-changes 
JS: Some JS-specific MaD changes
 2022-08-30 14:03:14 +02:00
Asger F
f589520917 JS: Add tests 2022-08-30 13:38:08 +02:00
erik-krogh
9963def300 update expected output of test that was failing on main. semantic merge conflict between #10202 and #10184 2022-08-30 09:15:36 +02:00
erik-krogh
52b9ff81c5 Merge branch 'main' into dynCall 2022-08-29 15:30:01 +02:00
Erik Krogh Kristensen
27bc69883c Merge pull request #10184 from erik-krogh/ts48 
JavaScript: Update to TypeScript 4.8
 2022-08-29 15:03:32 +02:00
Asger F
d6ee54eb09 Merge pull request #10202 from asgerf/js/typescript-conditional-types 
JS: Enable type extraction inside conditional types again
 2022-08-29 14:26:06 +02:00
erik-krogh
b7367ca649 update to TypeScript 4.8RC 2022-08-29 12:14:55 +02:00
Asger F
45d64c48e3 JS: Update test output 2022-08-29 12:01:47 +02:00
erik-krogh
1d1aa7c8b4 update some expected output 2022-08-25 20:52:30 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00