hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,855 Commits 1,723 Branches 164 Tags
6d6379fc09df235a05089b76dca3e7df33e2fd85
Commit Graph

315 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
45b207c21b JS: introduce models of three cookie libraries 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
28b4a78430 JS: introduce DOM::PersistentWebStorage 2018-12-06 14:53:22 +01:00
Max Schaefer
3c00d4be6d Merge pull request #607 from esben-semmle/js/more-react-methods 
JS: model additional React component methods
 2018-12-05 08:00:16 +00:00
Esben Sparre Andreasen
d63d838534 JS: add regression test for ODASA-7506 2018-12-04 22:22:46 +01:00
semmle-qlci
d05b11f00d Merge pull request #587 from asger-semmle/incorrect-suffix-check 
Approved by mc-semmle, xiemaisi
 2018-12-04 16:18:42 +00:00
Esben Sparre Andreasen
a342fa36c6 JS: support React getSnapshotBeforeUpdate 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
67b1487384 JS: support React shouldComponentUpdate 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
417dac7ad6 JS: support React getDerivedStateFromProps 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
0d62191d84 JS: add more React tests 2018-12-04 10:48:35 +01:00
semmle-qlci
b58c263fd0 Merge pull request #602 from esben-semmle/js/additional-route-handlers-from-context 
Approved by xiemaisi
 2018-12-03 14:31:10 +00:00
Asger F
374f7ab65d JS: address comments 2018-12-03 11:23:02 +00:00
Asger F
0462eb4b50 JS: add IncorrectSuffixCheck query 2018-12-03 11:23:02 +00:00
Esben Sparre Andreasen
a3bd072590 JS: add Hapi::RouteHandlerCandidate 2018-12-03 09:22:21 +01:00
Max Schaefer
52b8a6bb56 Merge branch 'master' into js/invalid-entity-transcoding 2018-11-30 16:49:20 +00:00
Max Schaefer
10166be535 JavaScript: Add new query DoubleEscaping. 2018-11-30 09:39:00 +00:00
Max Schaefer
3ed40d5da1 Merge branch 'master' into range-analysis 2018-11-30 09:36:40 +00:00
semmle-qlci
1c5322274a Merge pull request #557 from esben-semmle/js/unused-react-variable 
Approved by xiemaisi
 2018-11-30 09:35:36 +00:00
Asger F
959776b775 JS: add test case 2018-11-29 11:22:15 +00:00
Asger F
d69e584cc2 JS: fix bug in foldedComparisonEdge 2018-11-29 11:22:15 +00:00
Asger F
477be260f3 JS: rename UselessRangeCheck -> UselessComparisonTest 2018-11-29 11:22:14 +00:00
Asger F
344bec3865 JS: Add UselessRangeCheck.ql 2018-11-29 11:22:14 +00:00
Asger F
43df9538bf JS: be conservative in presence of NaN comments 2018-11-29 11:22:14 +00:00
Asger F
6c53ad80c7 JS: add constant constraints in range analysis 2018-11-29 11:22:13 +00:00
Asger F
064b1099eb JS: range analysis through phi nodes 2018-11-29 11:22:13 +00:00
Asger F
09ca6652fb JS: Support return value of x++ 2018-11-29 11:22:13 +00:00
Asger F
a374540c55 JS: Range analysis library 2018-11-29 11:22:13 +00:00
Esben Sparre Andreasen
f3889e715e JS: simplify isReactImportForJSX to isReactForJSX 2018-11-28 15:06:53 +01:00
Max Schaefer
fb78e14db1 JavaScript: Add support for sanitising dynamic property accesses. 
This generalises our previous handling of sanitisers operating on property accesses to support dynamic property accesses where the property name is an SSA variable by representing them as access paths.
 2018-11-28 12:37:53 +00:00
Esben Sparre Andreasen
54e2215db4 JS: support require in isReactImportForJSX 2018-11-28 13:16:55 +01:00
semmle-qlci
04c2b23abd Merge pull request #520 from esben-semmle/js/clear-text-logging-taint-kinds 
Approved by asger-semmle
 2018-11-23 12:40:40 +00:00
Esben Sparre Andreasen
b780f82869 JS: sharpen js/clear-text-logging (ODASA-7485) 2018-11-22 13:38:43 +01:00
semmle-qlci
4e72a08b8d Merge pull request #507 from esben-semmle/js/mixed-static-intance-this-access-inheritance 
Approved by xiemaisi
 2018-11-21 16:07:25 +00:00
semmle-qlci
f5d3274655 Merge pull request #508 from esben-semmle/js/indirect-global-call-with-default-arguments 
Approved by xiemaisi
 2018-11-21 16:06:46 +00:00
Esben Sparre Andreasen
caea6212ed JS: use inheritance in js/mixed-static-instance-this-access 2018-11-21 09:48:37 +01:00
Esben Sparre Andreasen
01ad9ed8bc JS: address review comments 2018-11-21 09:19:20 +01:00
semmle-qlci
b21b066255 Merge pull request #499 from xiemaisi/js/target-blank-location 
Approved by esben-semmle
 2018-11-20 17:16:05 +00:00
semmle-qlci
1c1d2e943a Merge pull request #496 from esben-semmle/js/yui-directives 
Approved by xiemaisi
 2018-11-20 12:59:55 +00:00
semmle-qlci
8333f72030 Merge pull request #470 from esben-semmle/custom-abstract-values-only 
Approved by xiemaisi
 2018-11-20 12:59:35 +00:00
Max Schaefer
c1690a69e5 JavaScript: Make TargetBlank only highlight the first line of the link. 
Otherwise alerts for multi-line `<a>` elements end up looking very red.

I also took the opportunity to improve the tests slightly.
 2018-11-20 12:53:27 +00:00
Esben Sparre Andreasen
82fc8ae32a JS: support indirection with extra args in js/missing-this-qualifier 2018-11-20 11:29:03 +01:00
Esben Sparre Andreasen
54fea1a4cb JS: support "xyz:nomunge" YUI compressor directives 2018-11-20 09:00:33 +01:00
Esben Sparre Andreasen
ee7a6af7c7 JS: address review comments 2018-11-20 08:37:23 +01:00
Asger F
6ec13feab4 JS: recognize sanitizing slashes in URL redirection queries 2018-11-16 10:43:25 +00:00
semmle-qlci
0647743333 Merge pull request #467 from xiemaisi/js/amd-imports 
Approved by asger-semmle
 2018-11-16 09:31:50 +00:00
semmle-qlci
4a14bef507 Merge pull request #466 from xiemaisi/js/more-data-flow-predicates 
Approved by asger-semmle
 2018-11-14 16:07:59 +00:00
Max Schaefer
6f6b3b0d5e JavaScript: Add a convenience method to SourceNode and use it in a few places. 2018-11-14 11:58:45 +00:00
Max Schaefer
a441bfb751 JavaScript: Add a convenience method to AMDModuleDefinition. 2018-11-14 11:36:40 +00:00
Max Schaefer
9221b62ded JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates. 2018-11-14 09:32:31 +00:00
Max Schaefer
d57b5d9628 JavaScript: Remove ReflectdXssPath.ql, which is now spurious. 2018-11-14 09:16:40 +00:00
Max Schaefer
a499009f59 Merge pull request #395 from esben-semmle/js/useless-defensive-code 
JS: add query: js/useless-defensive-code
 2018-11-13 16:55:59 +00:00