hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-08 12:10:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
71,051 Commits 1,680 Branches 157 Tags
756affa4aaedfb8fbbc6e4b36402109683ede413
Commit Graph

165 Commits

Author SHA1 Message Date
Asger F
3b211089d6 JS: Remove redundant import 2024-05-21 14:40:17 +02:00
Asger F
43abc72780 JS: Add TypeModel.isTypeUsed 
f
 2024-05-21 14:19:56 +02:00
Asger F
3eb4e39251 JS: Also do this for use-steps and exclude pseudo-properties 2024-04-17 14:45:58 +02:00
Asger F
55b9724f59 JS: Add store step into namespace re-export specifier 2024-04-17 14:14:12 +02:00
Asger F
22b56a4a40 JS: More implied receiver steps 2024-03-26 10:23:08 +01:00
Tom Hvitved
54fa8181da Address review comment 2024-03-13 20:03:01 +01:00
Tom Hvitved
16cef92106 JS: Add DataFlow::Node.getLocation 2024-03-13 13:06:16 +01:00
Asger F
7c35309732 Merge pull request #15823 from asgerf/js/lift-cg-restriction 
JS: Call graph improvements
 2024-03-08 13:40:38 +01:00
Asger F
ac4601cb8f Update javascript/ql/lib/semmle/javascript/dataflow/internal/CallGraphs.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-03-08 13:01:38 +01:00
Asger F
a54a73c9a2 JS: Detect more FunctionStyleClasses 2024-03-06 11:37:20 +01:00
Asger F
4ab7acedb6 JS: Do not track instance methods 2024-03-04 10:36:13 +01:00
Asger F
f5d014baa5 JS: Remove allocation site restriction in CG 2024-03-01 23:20:35 +01:00
Asger F
13e3a5158e JS: Fix qldoc 2024-02-29 13:59:25 +01:00
Asger F
f384afbaf6 JS: Also summarize loadStore steps 2024-02-29 10:11:16 +01:00
Asger F
3ad83cc098 JS: Summarise store steps for type tracking 2024-02-29 10:10:39 +01:00
Asger F
7122a7502a JS: Fix flow through && 
This is a long-standing bug we've been unable to fix due to noise from type inference.
 2024-02-13 14:43:03 +01:00
Remco Vermeulen
133a243298 Add support for XML attributes in the data flow graph 2023-12-14 11:33:53 -08:00
erik-krogh
e8f9e366d5 remove redundant imports for JS 2023-12-08 16:56:54 +01:00
Erik Krogh Kristensen
85bb14f04f Merge pull request #14405 from erik-krogh/tagCall 
JS: recognize tagged template literals as `DataFlow::CallNode`
 2023-10-11 11:25:34 +02:00
Erik Krogh Kristensen
6377e92067 Update javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-10-11 09:52:48 +02:00
erik-krogh
c2942b37a7 JS: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
erik-krogh
56e9eda2b9 fix performance by caching getArgument 2023-10-07 13:06:45 +02:00
erik-krogh
18e6a5491c recognize tagged templates as DataFlow::CallNode 2023-10-06 21:14:00 +02:00
Asger F
0841677b14 JS: Add isSanitizerX variants in TaintTracking 2023-07-11 11:14:37 +02:00
Asger F
d53beb3784 JS: Embed check for in/out barriers in edge barrier check 2023-07-11 11:04:28 +02:00
Asger F
4964d811a5 JS: Add interface for isBarrier in/out 2023-07-11 11:04:28 +02:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
Kasper Svendsen
efdaffedee JS: Make implicit this receivers explicit 2023-05-03 10:49:46 +02:00
Asger F
869c6d27fe JS: Add implied receiver steps 2023-04-17 08:20:18 +02:00
Anders Schack-Mulligen
8d97fe9ed3 JavaScript: Autoformat 2023-03-10 09:41:20 +01:00
erik-krogh
943bdeca6d make appliesTo recursive 2023-02-14 14:16:45 +01:00
erik-krogh
9549cac3e5 add an additional barrier guard that finds "=== true" versions of previous barrier guards 2023-02-14 14:15:23 +01:00
Tony Torralba
3b6dae41cd JavaScript: Remove omittable exists variables 2023-01-10 13:37:21 +01:00
erik-krogh
b3a9c1ca06 Py/JS/RB: Use instanceof in more places 2022-12-12 16:06:57 +01:00
Asger F
80777b8c50 JS: handle rephined variables in local access paths 2022-12-05 15:11:50 +01:00
erik-krogh
e98d1df5f4 add dataflow support 2022-11-15 22:07:25 +01:00
erik-krogh
fc38bf0429 Merge branch 'main' into aliasFlow 2022-11-07 09:46:48 +01:00
erik-krogh
21e7e27e1f push more context into load/store steps from the exploratory flow-analysis 2022-10-26 10:52:47 +02:00
Asger F
414bd40c41 JS: Do not track returned values out of the enclosing function 2022-10-26 09:29:49 +02:00
Asger F
ecf7ed38e0 JS: Performance tweak 2022-10-10 16:08:21 +02:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
tyage
7205903a36 Using implicit this 2022-10-04 18:06:30 +09:00
tyage
9df0720da9 refactoring 2022-10-04 17:05:49 +09:00
tyage
8a7f23a8ea support VarRef 2022-10-04 14:45:39 +09:00
tyage
b95566b02a make json stringify tainted with arg's property 2022-09-29 17:46:09 +09:00
erik-krogh
dcdff7a995 Merge branch 'main' into aliasFlow 2022-09-22 16:01:31 +02:00
erik-krogh
58851aefd6 don't mention classes that don't exist in TaintTracking.qll 2022-09-19 13:37:06 +02:00
erik-krogh
843fce4bcd expand localFieldStep to use access-paths, and build access-paths in more cases 2022-09-13 21:43:06 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00