codeql

mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	41b45352aa	JS(ql): support optional chaining	2018-11-21 08:57:10 +01:00
Asger F	260ae36cf8	JS: document the shared module	2018-11-20 18:27:02 +00:00
Asger F	3902f752d0	JS: share detection of objects with unsafe methods	2018-11-20 18:26:20 +00:00
Asger F	b16072a7be	JS: share ConcatSanitizer in common module	2018-11-20 18:24:52 +00:00
Asger F	49cd2876c9	JS: use StringConcatenation library in ConcatSanitizer	2018-11-20 18:12:07 +00:00
Asger F	1c06f45046	JS: address some comments	2018-11-20 18:11:46 +00:00
Asger F	8aff66616b	JS: suppress similar alerts from RemotePropertyInjection	2018-11-20 15:57:18 +00:00
Asger F	2239f863f7	JS: add query MethodNameInjection	2018-11-20 15:57:18 +00:00
semmle-qlci	1c1d2e943a	Merge pull request #496 from esben-semmle/js/yui-directives Approved by xiemaisi	2018-11-20 12:59:55 +00:00
semmle-qlci	8333f72030	Merge pull request #470 from esben-semmle/custom-abstract-values-only Approved by xiemaisi	2018-11-20 12:59:35 +00:00
Esben Sparre Andreasen	54fea1a4cb	JS: support "xyz:nomunge" YUI compressor directives	2018-11-20 09:00:33 +01:00
Esben Sparre Andreasen	ee7a6af7c7	JS: address review comments	2018-11-20 08:37:23 +01:00
semmle-qlci	26a248b14a	Merge pull request #487 from xiemaisi/js/lint-join-order Approved by esben-semmle	2018-11-20 06:51:33 +00:00
Max Schaefer	73ad3f5c8a	JavaScript: Tweak `JSLint` library to avoid bad join order.	2018-11-19 09:12:02 +00:00
Asger F	c06c9a02f7	JS: fix copy pasta and test output	2018-11-16 10:47:02 +00:00
Asger F	dd5f485fff	JS: use original sanitizer for SSRF query	2018-11-16 10:46:14 +00:00
Asger F	6ec13feab4	JS: recognize sanitizing slashes in URL redirection queries	2018-11-16 10:43:25 +00:00
semmle-qlci	0647743333	Merge pull request #467 from xiemaisi/js/amd-imports Approved by asger-semmle	2018-11-16 09:31:50 +00:00
Asger F	df202eff76	Merge pull request #468 from xiemaisi/js/has{Path,Flow}+ JavaScript: Rename `hasPathFlow` to `hasFlowPath` for consistency with other languages.	2018-11-14 16:48:47 +00:00
semmle-qlci	4a14bef507	Merge pull request #466 from xiemaisi/js/more-data-flow-predicates Approved by asger-semmle	2018-11-14 16:07:59 +00:00
Max Schaefer	6f6b3b0d5e	JavaScript: Add a convenience method to `SourceNode` and use it in a few places.	2018-11-14 11:58:45 +00:00
Max Schaefer	a441bfb751	JavaScript: Add a convenience method to `AMDModuleDefinition`.	2018-11-14 11:36:40 +00:00
Max Schaefer	3fcd02ab0e	JavaScript: Rename `hasPathFlow` to `hasFlowPath` for consistency with other languages.	2018-11-14 11:23:17 +00:00
Max Schaefer	d6198fcc2a	JavaScript: Introduce two more short-circuiting conjuncts.	2018-11-14 09:33:09 +00:00
Max Schaefer	4860364d91	JavaScript: Add explicit `nodes` query predicate in `PathGraph`. This is needed to correctly handle the case where `edges` is empty.	2018-11-14 09:16:40 +00:00
Max Schaefer	9b4ae9e4d3	JavaScript: Refactor `HostHeaderPoisoningInEmailGeneration` query.	2018-11-14 09:16:40 +00:00
Max Schaefer	a499009f59	Merge pull request #395 from esben-semmle/js/useless-defensive-code JS: add query: js/useless-defensive-code	2018-11-13 16:55:59 +00:00
Max Schaefer	4fdfbb77cc	Merge pull request #444 from esben-semmle/js/browser-based-client-requests JS: add models of $.ajax, $.getJSON and XMLHttpRequst	2018-11-13 16:53:52 +00:00
Esben Sparre Andreasen	daed0653cb	JS: support property tracking of custom abstract values	2018-11-13 11:42:09 +01:00
Esben Sparre Andreasen	1d87c580b3	JS: introduce DefinedCustomAbstractValue	2018-11-13 11:40:31 +01:00
semmle-qlci	86e31a584e	Merge pull request #447 from esben-semmle/js/indirect-sanitization Approved by asger-semmle	2018-11-13 09:14:28 +00:00
Esben Sparre Andreasen	1db2e6ca55	JS: add source code examples to docstrings	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	3aae1d17db	JS: avoid two uses of `getChildExpr(0)`	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8ea9fd4cca	JS: address review comments	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	f440c9221a	JS: replace some `Expr.stripParens` with `Expr.getUnderlyingValue`	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	e29c57a58e	JS: add whitelist to js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	7b215ecb2b	JS: recognize defensive programming patterns using `typeof`	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	c403416fef	JS: recognize defensive expressions that prevents exceptions	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	6e77489a3b	JS: add utilities for expression guards to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a2ecf40878	JS: recognize defensive expressions for null/undefined	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	2b6ef24bc2	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8086e88587	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a5eeba3c3a	JS: prepare DefensiveProgramming.qll for additions	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	c2fb14640e	JS: move isDefensiveInit to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	ce0dd241f6	JS: add models of $.ajax, $.getJSON and XMLHttpRequst	2018-11-13 08:14:51 +01:00
Max Schaefer	663bdd60a0	Merge pull request #396 from esben-semmle/js/unconditional-property-override JS: add query: js/unconditional-property-override	2018-11-12 17:10:32 +00:00
Esben Sparre Andreasen	eaad84bb4f	JS: add support for dis- and conjunctions in SanitizingFunction	2018-11-12 10:23:52 +01:00
Esben Sparre Andreasen	6d0c93b6a8	JS: introduce TaintTracking::AdditionalSanitizingCall	2018-11-12 10:21:39 +01:00
semmle-qlci	c9d77a2d6d	Merge pull request #443 from xiemaisi/js/improve-stack-trace-exposure Approved by asger-semmle	2018-11-12 08:40:26 +00:00
Max Schaefer	fa8736adbc	JavaScript: Introduce aliases for compatibility with other language libraries.	2018-11-09 11:27:14 +00:00

1 2 3 4 5 ...

416 Commits