hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 08:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,855 Commits 1,715 Branches 163 Tags
6d6379fc09df235a05089b76dca3e7df33e2fd85
Commit Graph

348 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
6d6379fc09 JS: address review comments 2018-12-10 22:03:52 +01:00
Esben Sparre Andreasen
45b207c21b JS: introduce models of three cookie libraries 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
28b4a78430 JS: introduce DOM::PersistentWebStorage 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
7fb752784a JS: introduce persistent read/write pairs as a taint step 2018-12-06 10:36:10 +01:00
Esben Sparre Andreasen
679db191f5 JS: move shared conjunct up 2018-12-04 10:55:24 +01:00
Esben Sparre Andreasen
a342fa36c6 JS: support React getSnapshotBeforeUpdate 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
67b1487384 JS: support React shouldComponentUpdate 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
417dac7ad6 JS: support React getDerivedStateFromProps 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
9ff3d2ef1f JS: introduce ReactComponent::getStaticMethod 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
104eafec2f JS: cleanup for all HTTP::RouteHandlerCandidates 2018-12-03 10:13:08 +01:00
Esben Sparre Andreasen
a3bd072590 JS: add Hapi::RouteHandlerCandidate 2018-12-03 09:22:21 +01:00
Esben Sparre Andreasen
fd489271b7 JS: refactor Hapi::RouteSetup 2018-12-03 09:22:21 +01:00
Max Schaefer
dfcf767090 Merge pull request #440 from asger-semmle/range-analysis 
JS: Range analysis for dead code detection
 2018-11-30 15:01:34 +00:00
semmle-qlci
dbeb2dfa0e Merge pull request #585 from xiemaisi/js/join-order-fiddling 
Approved by esben-semmle
 2018-11-30 14:59:53 +00:00
Max Schaefer
3ed40d5da1 Merge branch 'master' into range-analysis 2018-11-30 09:36:40 +00:00
Max Schaefer
dcad2a3431 JavaScript: Simplify an if condition. 
By pulling this out of the condition we can avoid computing its negation for the `else` branch, which could previously lead to quite an enormous pipeline.
 2018-11-30 09:32:31 +00:00
semmle-qlci
adc15cad07 Merge pull request #574 from xiemaisi/js/avoid-materialisation 
Approved by esben-semmle
 2018-11-30 08:30:14 +00:00
Asger F
d69e584cc2 JS: fix bug in foldedComparisonEdge 2018-11-29 11:22:15 +00:00
Asger F
2c51f86f1b JS: avoid joining on =0 2018-11-29 11:22:14 +00:00
Asger F
76a69f4ff2 JS: address review comments 2018-11-29 11:22:14 +00:00
Asger F
f3020f776e JS: avoid extending self-edges 2018-11-29 11:22:14 +00:00
Asger F
4a367d3fdb JS: more efficient encoding of unary constraints 2018-11-29 11:22:14 +00:00
Asger F
2d6bf0aff3 JS: improve join ordering in extendedEdge 2018-11-29 11:22:14 +00:00
Asger F
84ea4cf1d1 JS: manually reorder extendedEdge and negativeEdge 2018-11-29 11:22:14 +00:00
Asger F
d813635f3e JS: Restrict constraint generation to relevant nodes 2018-11-29 11:22:14 +00:00
Asger F
43df9538bf JS: be conservative in presence of NaN comments 2018-11-29 11:22:14 +00:00
Asger F
feb8a8c4fd JS: restrict bias to 30-bit range to avoid overflow 2018-11-29 11:22:14 +00:00
Asger F
20aa4e1f6d JS: handle sharp inequalities directly 2018-11-29 11:22:14 +00:00
Asger F
9d8d953292 JS: perform widening when adding operands of very different magnitude 2018-11-29 11:22:14 +00:00
Asger F
6c53ad80c7 JS: add constant constraints in range analysis 2018-11-29 11:22:13 +00:00
Asger F
064b1099eb JS: range analysis through phi nodes 2018-11-29 11:22:13 +00:00
Asger F
09ca6652fb JS: Support return value of x++ 2018-11-29 11:22:13 +00:00
Asger F
73cbdee691 JS: Compound assignments and update exprs in range analysis 2018-11-29 11:22:13 +00:00
Asger F
a374540c55 JS: Range analysis library 2018-11-29 11:22:13 +00:00
Max Schaefer
fb78e14db1 JavaScript: Add support for sanitising dynamic property accesses. 
This generalises our previous handling of sanitisers operating on property accesses to support dynamic property accesses where the property name is an SSA variable by representing them as access paths.
 2018-11-28 12:37:53 +00:00
Max Schaefer
9c98aaf4bd JavaScript: Refactor a few predicates to avoid materialisations. 2018-11-28 10:51:29 +00:00
semmle-qlci
04c2b23abd Merge pull request #520 from esben-semmle/js/clear-text-logging-taint-kinds 
Approved by asger-semmle
 2018-11-23 12:40:40 +00:00
Esben Sparre Andreasen
b780f82869 JS: sharpen js/clear-text-logging (ODASA-7485) 2018-11-22 13:38:43 +01:00
semmle-qlci
4e72a08b8d Merge pull request #507 from esben-semmle/js/mixed-static-intance-this-access-inheritance 
Approved by xiemaisi
 2018-11-21 16:07:25 +00:00
Esben Sparre Andreasen
caea6212ed JS: use inheritance in js/mixed-static-instance-this-access 2018-11-21 09:48:37 +01:00
semmle-qlci
1c1d2e943a Merge pull request #496 from esben-semmle/js/yui-directives 
Approved by xiemaisi
 2018-11-20 12:59:55 +00:00
semmle-qlci
8333f72030 Merge pull request #470 from esben-semmle/custom-abstract-values-only 
Approved by xiemaisi
 2018-11-20 12:59:35 +00:00
Esben Sparre Andreasen
54fea1a4cb JS: support "xyz:nomunge" YUI compressor directives 2018-11-20 09:00:33 +01:00
Esben Sparre Andreasen
ee7a6af7c7 JS: address review comments 2018-11-20 08:37:23 +01:00
semmle-qlci
26a248b14a Merge pull request #487 from xiemaisi/js/lint-join-order 
Approved by esben-semmle
 2018-11-20 06:51:33 +00:00
Max Schaefer
73ad3f5c8a JavaScript: Tweak JSLint library to avoid bad join order. 2018-11-19 09:12:02 +00:00
Asger F
c06c9a02f7 JS: fix copy pasta and test output 2018-11-16 10:47:02 +00:00
Asger F
dd5f485fff JS: use original sanitizer for SSRF query 2018-11-16 10:46:14 +00:00
Asger F
6ec13feab4 JS: recognize sanitizing slashes in URL redirection queries 2018-11-16 10:43:25 +00:00
semmle-qlci
0647743333 Merge pull request #467 from xiemaisi/js/amd-imports 
Approved by asger-semmle
 2018-11-16 09:31:50 +00:00