hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,671 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

11030 Commits

Author SHA1 Message Date
Asger F
283954d515 JS: Do not store into arrays implicitly 2025-02-14 16:06:43 +01:00
Asger F
ab5fc9f4d7 JS: Implement viableImplInCallContext 2025-02-14 13:25:19 +01:00
Asger F
ff7bc7c25e JS: Track types of classes in data flow 2025-02-14 12:44:45 +01:00
Asger F
d3c4b5d493 JS: Add test with spurious flow due to up-down calls 2025-02-14 12:42:02 +01:00
Asger F
b8b2b9a470 JS: Resolve calls downward in the class hierarchy 2025-02-14 11:17:19 +01:00
Asger F
aff458d948 JS: Also add tests for upward calls and overriding 2025-02-14 11:17:17 +01:00
Asger F
9321d69034 JS: Add CG test showing lack of calls down to subclasses 2025-02-14 11:17:15 +01:00
Asger F
4043765008 JS: Avoid ambiguity in an inline CG annotation 2025-02-14 11:17:14 +01:00
Asger F
a61d42edc3 JS: Make inline CG tests report call target if NONE was given 
Previously it would only report a spurious callee if the target function was named. Now, if specifying 'calls:NONE' if will report any callee as spurious.
 2025-02-14 11:17:13 +01:00
Asger F
7df3e647d1 JS: Use US spelling 2025-02-14 10:28:55 +01:00
Asger F
25314b61db JS: Update nodes/edges output 2025-02-14 10:26:21 +01:00
Asger F
c4724f42a3 JS: Change note 2025-02-13 11:51:35 +01:00
Asger F
26dcbf7a2a JS: Migrate URLSearchParams model to flow summaries 2025-02-13 11:51:33 +01:00
Asger F
f531f4479b JS: Add test for URL and URLSearchParams 2025-02-13 11:51:32 +01:00
Kevin Stubbings
253882c3d1 Update javascript/ql/lib/change-notes/2025-02-12-express-download.md 
Co-authored-by: Asger F <asgerf@github.com>
 2025-02-12 11:01:29 -08:00
Asger F
654c6bfec7 Merge pull request #18735 from asgerf/inline-test-non-location 
Test: Support arbitrary locations in inline test post-processor
 2025-02-12 10:30:50 +01:00
Kevin Stubbings
f5521ca1b8 Formatting 2025-02-12 00:15:27 -08:00
Kevin Stubbings
d0ed0fdeb3 Add download to Express 2025-02-12 00:10:09 -08:00
Asger F
7e3f89842d JS: Provide more precise related locations 2025-02-11 14:12:03 +01:00
Asger F
56ff9351f2 JS: Update test output again 2025-02-11 12:59:11 +01:00
Asger F
5b0eb0f6cc JS: Move an Alert annotation to its correct line 2025-02-11 12:58:47 +01:00
Asger F
84c02d0863 JS: Enable test post-processing 2025-02-11 12:58:46 +01:00
Asger F
fb79ab1c8c JS: Update line numbers 2025-02-11 12:58:45 +01:00
Asger F
a1c3dca5de JS: Convert OK-style to $-style expectations in one test 2025-02-11 12:58:44 +01:00
Asger F
45242977a4 JS: Model query-string parsers that strip off ? or # 2025-02-11 10:41:23 +01:00
Asger F
b123a3c57a JS: Add test 2025-02-11 10:40:04 +01:00
Anders Schack-Mulligen
0b5270979d SSA: Remove the need for ExitBasicBlock in SSA. 2025-02-10 14:36:18 +01:00
Asger F
7f4facc864 Merge pull request #18661 from asgerf/js/hoist-in-block 
JS: Hoist function declarations to the top of a block statement
 2025-02-06 12:38:51 +01:00
Asger F
6ae06aed9e Update javascript/extractor/src/com/semmle/js/extractor/CFGExtractor.java 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-02-06 10:03:28 +01:00
Asger F
6207e39b5f JS: Change note 2025-02-06 09:58:24 +01:00
Remco Vermeulen
7619f1dac9 Merge pull request #18679 from rvermeulen/rvermeulen/ccr-suites 
Add CCR suites
 2025-02-05 09:35:48 -08:00
Anders Schack-Mulligen
bcec7ee234 Merge pull request #18633 from aschackmull/dataflow/refactor-flowstate 
Dataflow: Refactor FlowState to be paired with Node
 2025-02-05 09:43:25 +01:00
Remco Vermeulen
9894e9ef9f Add CCR suites 2025-02-05 01:58:34 +00:00
Arthur Baars
2a32e8865d Merge pull request #18668 from github/post-release-prep/codeql-cli-2.20.4 
Post-release preparation for codeql-cli-2.20.4
 2025-02-04 14:22:53 +01:00
Asger F
5613661a48 JS: Update another TRAP file 2025-02-04 14:02:51 +01:00
Asger F
f0afd6aa5f Merge branch 'main' into js/hoist-in-block 2025-02-04 14:01:57 +01:00
Asger F
80824cfdc7 JS: Benign test output changes 2025-02-04 12:12:41 +01:00
Asger F
294fd0a7a7 Merge pull request #18653 from asgerf/js/source-on-same-line 
Test: Don't expect 'Source' tag when source and alert are on the same same
 2025-02-04 11:01:46 +01:00
Asger F
d22268e119 JS: Update TRAP again 
The extra successor edge was due to visiting hoisted function declaration IDs multiple times,
which has now been fixed.
 2025-02-04 10:47:08 +01:00
Anders Schack-Mulligen
db1ed67e52 JS: Simplify config in PrototypePollutingFunction.ql. 2025-02-04 10:47:01 +01:00
Asger F
5e109ff457 JS: Update test output 2025-02-04 10:45:37 +01:00
Asger F
1e5885ea1e JS: Remove hoisting code from functions 
'buildFunctionBody' no longer needs to handle hoisting, because hoisting now happens when visiting the block statement that is the body of the function.

Note that curly-brace functions contain a block statement as their body, not a list of statements.
 2025-02-04 10:41:47 +01:00
github-actions[bot]
f1b05a79a4 Post-release preparation for codeql-cli-2.20.4 2025-02-04 09:25:09 +00:00
Asger F
09270f4e20 JS: Change note 2025-02-04 09:36:46 +01:00
github-actions[bot]
573e53e454 Release preparation for version 2.20.4 2025-02-03 15:19:35 +00:00
Asger F
427e329363 JS: Bump extractor version string 2025-02-03 15:21:41 +01:00
Asger F
7eebe468ee JS: Update TRAP output 
This seems to have reordered the TRAP lines but without semantic change.
 2025-02-03 15:21:09 +01:00
Asger F
be082578d4 JS: Hoist function decls in a block to the top of the block 2025-02-03 15:21:08 +01:00
Asger F
29879297ee JS: Add test showing missed call to later-defined function in block 2025-02-03 14:56:11 +01:00
Asger F
2d36a5d478 JS: Use JSX syntax in first attempt when extension is .jsx 2025-02-03 13:17:15 +01:00