hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,856 Commits 1,723 Branches 164 Tags
73e08eba43dcd9d8cfcb5d1c92af67ec493fefd9
Commit Graph

2249 Commits

Author SHA1 Message Date
semmle-qlci
73e08eba43 Merge pull request #2468 from max-schaefer/js/regexp-predecessor 
Approved by asgerf
 2019-11-28 16:57:31 +00:00
Max Schaefer
a788bf87a0 JavaScript: Fix RegExpTerm.getPredecessor and getSuccessor. 
These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching).

However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order.

Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.
 2019-11-28 15:14:50 +00:00
semmle-qlci
a2827e9503 Merge pull request #2362 from erik-krogh/promiseAll 
Approved by max-schaefer
 2019-11-27 12:35:04 +00:00
semmle-qlci
4916bed9cd Merge pull request #2433 from asger-semmle/import-js-file 
Approved by max-schaefer
 2019-11-27 10:55:59 +00:00
semmle-qlci
9ca4f6aecb Merge pull request #2392 from asger-semmle/window-name-flow 
Approved by max-schaefer
 2019-11-27 10:55:26 +00:00
semmle-qlci
793988afe4 Merge pull request #2344 from asger-semmle/element-pattern-prop-read 
Approved by max-schaefer
 2019-11-27 10:54:46 +00:00
Erik Krogh Kristensen
967ecbad24 Merge remote-tracking branch 'upstream/master' into promiseAll 2019-11-27 11:28:37 +01:00
Asger F
605c8834c6 JS: Avoid redundant window.name sources 2019-11-27 06:15:12 +00:00
Erik Krogh Kristensen
b6106f9638 keep the ResolvedPromiseDefinition class as a subclass of PromiseCreationCall 2019-11-26 11:16:59 +01:00
semmle-qlci
fb44aa18bd Merge pull request #2428 from erik-krogh/useOfReturnlessFunctionSuperCalls 
Approved by max-schaefer
 2019-11-26 09:14:08 +00:00
Asger F
e5ba80b18c JS: Add test 2019-11-25 15:05:33 +00:00
Asger F
82b35a116c JS: Handle .js import of .ts file 2019-11-25 14:58:12 +00:00
Erik Krogh Kristensen
9bd6363521 Merge remote-tracking branch 'upstream/master' into promiseAll 2019-11-25 14:34:58 +01:00
Erik Krogh Kristensen
4efc71b7a2 remove FP in use-of-returnless-function FP related to calls to super() 2019-11-25 11:48:16 +01:00
Erik Krogh Kristensen
7d825af9a3 Added an XSS sink for Handlebars.SafeString 2019-11-22 15:56:21 +01:00
semmle-qlci
5c3c8eb35d Merge pull request #2406 from erik-krogh/returnlessFp 
Approved by asgerf
 2019-11-22 13:06:03 +00:00
Esben Sparre Andreasen
5d34806e50 Merge pull request #2379 from asger-semmle/typescript-fixes 
TS: A bunch of TypeScript fixes
 2019-11-22 13:31:30 +01:00
Max Schaefer
83f5b614e9 JavaScript: Switch detection of callback-based string replacement to data flow. 2019-11-22 09:24:34 +00:00
Max Schaefer
1951461f55 JavaScript: Simplify DoubleEscaping. 
Undo previous work on generalising the concept of a replacement, which did not work out.
 2019-11-22 09:24:34 +00:00
Max Schaefer
ff002a7af4 JavaScript: Whitelist more harmless incomplete escapes. 2019-11-22 09:24:34 +00:00
Max Schaefer
659cc812fe JavaScript: Rephrase two predicates to help the optimiser. 2019-11-22 09:24:34 +00:00
Max Schaefer
db3eaa23ef JavaScript: Introduce modelling of String.prototype.replace and use it in two queries. 2019-11-22 09:24:34 +00:00
Max Schaefer
f43e843b20 JavaScript: Introduce class RegExpLiteralNode. 2019-11-22 09:24:34 +00:00
Max Schaefer
12ea81af9c JavaScript: Move getAMatchedConstant(RegExpTerm) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
a5a5debdc7 JavaScript: Move getStringValue(RegExpLiteral) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
0edb70f373 JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-11-22 09:24:34 +00:00
Max Schaefer
cb54618a5d JavaScript: Deal with (un-)escaping on captured variables. 2019-11-22 09:24:34 +00:00
Max Schaefer
61aa075e8d JavaScript: Fix regexes for escaping schemes. 2019-11-22 09:24:34 +00:00
Max Schaefer
4f899a9b0d JavaScript: Recognize string escaping using .replace with a callback. 2019-11-22 09:24:34 +00:00
Max Schaefer
5dcf55e113 JavaScript: Refactor DoubleEscaping.ql. 2019-11-22 09:24:34 +00:00
semmle-qlci
62859d140d Merge pull request #2394 from esbena/js/support-getDerivedFromError 
Approved by max-schaefer
 2019-11-22 07:45:45 +00:00
semmle-qlci
2c623372b6 Merge pull request #2405 from esbena/js/another-bind-model 
Approved by asgerf
 2019-11-22 07:35:58 +00:00
semmle-qlci
8cca9b05ea Merge pull request #2393 from max-schaefer/js/improve-incomplete-sanitization-docs 
Approved by mchammer01
 2019-11-21 16:04:19 +00:00
Asger F
ec8ced7963 TS: Fix a typos and leftover todo 2019-11-21 15:39:37 +00:00
Asger F
01ab8f07eb TS: Fix a crash when allowJs: true was set 2019-11-21 15:39:37 +00:00
Asger F
2c916cb4f3 TS: Update stats 2019-11-21 15:39:37 +00:00
Asger F
dd50d29827 TS: Fix crash in case of missing type roots 2019-11-21 15:39:37 +00:00
Asger F
4a885cbf92 TS: Expose optional parameters at syntax level 2019-11-21 15:39:37 +00:00
Asger F
b6b8213e13 TS: Handle rest parameters in call signatures 2019-11-21 15:39:37 +00:00
Asger F
f2c3d734ea TS: Update some more tests 2019-11-21 15:39:37 +00:00
Asger F
0c41d6910f TS: Pass tsconfig options correctly 2019-11-21 15:39:37 +00:00
Asger F
8205a59688 TS: Unfold aliases in Type.unfold() 2019-11-21 15:39:37 +00:00
Asger F
e25ee182a0 TS: Extract type alias relation 2019-11-21 15:39:37 +00:00
Asger F
f11dc11ade TS: Fix type of RHS of TypeAliasDeclaration 2019-11-21 15:39:37 +00:00
Asger F
a3aef1e4e0 TS: Update TypeAlias test 2019-11-21 15:39:37 +00:00
Erik Krogh Kristensen
42a0a62e4c remove 3 FP sources from use-of-returnless-function 2019-11-21 14:27:04 +01:00
Esben Sparre Andreasen
03c83c9c9d JS: model React's getDerivedStateFromError 2019-11-21 13:18:43 +01:00
Esben Sparre Andreasen
23d29a80db JS: improve comment syntax 2019-11-21 13:16:40 +01:00
Esben Sparre Andreasen
6328a0a8b9 JS: improve FP filter for js/unbound-event-handler-receiver 2019-11-21 13:13:40 +01:00
semmle-qlci
77c869f528 Merge pull request #2220 from erik-krogh/processEnvTaint 
Approved by esbena, max-schaefer
 2019-11-20 13:16:43 +00:00