hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 17:59:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,483 Commits 1,754 Branches 167 Tags
739705865b4a5e2e558f98c3efdb3ede98b61e8a
Commit Graph

600 Commits

Author SHA1 Message Date
Max Schaefer
739705865b JavaScript: Add basic model of socket.io. 2019-02-26 15:53:29 +00:00
semmle-qlci
86e646beb4 Merge pull request #975 from asger-semmle/global-closure-dataflow 
Approved by esben-semmle
 2019-02-26 13:57:39 +00:00
Esben Sparre Andreasen
f9111f68e9 Update javascript/ql/src/semmle/javascript/dataflow/TypeInference.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-02-26 11:11:44 +01:00
Asger F
6b9157540b JS: mark globalFlowPred as internal 2019-02-26 09:56:22 +00:00
semmle-qlci
74a4103857 Merge pull request #976 from asger-semmle/closure-import-deep 
Approved by esben-semmle
 2019-02-26 09:34:04 +00:00
semmle-qlci
00d490e84d Merge pull request #945 from asger-semmle/extensible-module-import 
Approved by xiemaisi
 2019-02-26 09:26:28 +00:00
Max Schaefer
c2a5350bf2 Merge pull request #982 from asger-semmle/closure-string-lib 
JS: model string functions from closure library
 2019-02-26 08:26:14 +00:00
Asger F
93440014a0 JS: only propagate through first argument of truncate() 2019-02-25 17:11:55 +00:00
Asger F
d45f670646 JS: remove duplicate modelling of urlDecode/urlEncode 2019-02-25 17:04:56 +00:00
Asger F
29de1411b7 JS: remove restriction on truncate calls 2019-02-25 17:00:47 +00:00
Asger F
d70d0e21cc JS: add format function 2019-02-25 16:30:44 +00:00
Asger F
fab0afd755 JS: model string functions from closure library 2019-02-25 16:08:47 +00:00
Esben Sparre Andreasen
8e01ccd892 JS: fix docstring: s/node1/pred + s/node2/succ 2019-02-25 16:51:30 +01:00
semmle-qlci
58cc8d0ecc Merge pull request #936 from xiemaisi/js/revive-electron-support 
Approved by esben-semmle
 2019-02-25 15:23:20 +00:00
Asger F
7d14429dce JS: handle deeper access paths in Closure::moduleImport 2019-02-25 12:31:18 +00:00
semmle-qlci
c31ccbc114 Merge pull request #925 from asger-semmle/closure-reorg 
Approved by xiemaisi
 2019-02-25 12:02:00 +00:00
Asger F
707886f259 JS: minor qldoc fixes 2019-02-25 11:31:09 +00:00
Asger F
eab034ccfd JS: add ModuleImportNode::Range 2019-02-25 11:31:08 +00:00
Asger F
e9bc728919 JS: fixes in qldoc 2019-02-25 11:26:12 +00:00
semmle-qlci
014d4b9ed0 Merge pull request #934 from asger-semmle/module-import 
Approved by xiemaisi
 2019-02-25 09:46:52 +00:00
Max Schaefer
d4dbe3bfb6 JavaScript: Back out parsing of qualified XML identifiers. 
Their syntax conflicts with the proposed function-bind operator, which is more important to support.
 2019-02-24 21:30:59 +00:00
Max Schaefer
be67d5129a JavaScript: Add QL library support for E4X. 2019-02-24 20:45:41 +00:00
Max Schaefer
c6fc4e4764 JavaScript: Address review comments. 2019-02-23 21:43:13 +00:00
Max Schaefer
e7c95bae49 JavaScript: Add flow steps modelling Electron IPC. 2019-02-23 21:43:13 +00:00
Max Schaefer
a4e4957f31 JavaScript: Model webContents property. 2019-02-23 21:43:13 +00:00
Max Schaefer
ff83e600dc JavaScript: Track Electron browser objects inter-procedurally. 2019-02-23 21:43:13 +00:00
Max Schaefer
d59c12e6eb JavaScript: Recognise Electron browser objects based on TypeScript types when available. 2019-02-23 21:43:13 +00:00
Max Schaefer
143bb711f9 JavaScript: Slightly restructure Electron BrowserWindow class hierarchy. 2019-02-23 21:43:13 +00:00
Max Schaefer
12ed2ca000 Merge pull request #958 from esben-semmle/js/improve-tainted-path 
JS: add taint steps for fs.realpath and fs.realpathSync
 2019-02-22 20:55:39 +00:00
Esben Sparre Andreasen
305a249280 JS: add taint steps for fs.realpath and fs.realpathSync 2019-02-21 09:48:35 +01:00
james
50ad8a4089 update link in vue.qll 2019-02-20 16:43:56 +00:00
semmle-qlci
f5e419e774 Merge pull request #933 from xiemaisi/js/createContextualFragment 
Approved by asger-semmle
 2019-02-20 12:42:27 +00:00
Asger F
1aba111a00 JS: Use ::Range pattern for abstract classes 2019-02-15 14:28:07 +00:00
Asger F
c8823fa7cf JS: change charpred of ClosureModule to be AST-based 2019-02-15 14:28:06 +00:00
Asger F
d1607f7c47 JS: remove SourceNode supertype from ClosureNamespaceAccess 2019-02-15 14:28:06 +00:00
Asger F
8801431352 JS: elaborate qldoc for isTopLevelExpr 2019-02-15 14:28:06 +00:00
Asger F
fa34f8f414 JS: replace dataflow -> data flow 2019-02-15 14:28:06 +00:00
Asger F
701e662bc4 JS: rename more predicates for consistency 2019-02-15 14:28:06 +00:00
Asger F
23bd9e62f0 JS: Add ClosureNamespaceAccess 2019-02-15 14:28:06 +00:00
Asger F
939eab2c82 JS: refactor expressions to dataflow nodes 2019-02-15 14:28:06 +00:00
Asger F
8d78731ff0 JS: rename getNamespaceId to getClosureNamespace 2019-02-15 14:28:06 +00:00
Asger F
8c96f5f037 JS: tweak global flow for closure modules 2019-02-15 12:05:35 +00:00
semmle-qlci
92a6e7e04c Merge pull request #932 from asger-semmle/cookbook-prepare 
Approved by xiemaisi
 2019-02-13 18:20:09 +00:00
Asger F
dfe3f254de JS: generalize to include default imports 2019-02-13 18:03:57 +00:00
Max Schaefer
5b2df068d3 Merge pull request #921 from asger-semmle/class-node-absval 
JS: use type inference to back up function-style classes
 2019-02-13 10:12:20 +00:00
Asger F
d532815efe JS: remove unused predicate 2019-02-12 17:34:21 +00:00
Asger F
be10f24de7 JS: make moduleImport() work for named imports 2019-02-12 17:22:06 +00:00
Max Schaefer
2fce626c3a JavaScript: Add Range.prototype.createContextualFragment as an XSS sink. 2019-02-12 16:32:30 +00:00
Anders Schack-Mulligen
15a6044445 Javascript: Autoformat qlls 2019-02-12 14:41:31 +01:00
Asger F
3290c174c3 JS: Add DataFlow::Node.getAFunctionValue 2019-02-12 13:38:46 +00:00