codeql

mirror of https://github.com/github/codeql.git synced 2026-03-28 18:28:17 +01:00

Author	SHA1	Message	Date
Asger F	7adf1d9958	Merge pull request #631 from esben-semmle/js/bad-url-regexing JS: add query: js/incomplete-url-regexp	2018-12-17 11:53:22 +00:00
Max Schaefer	f9106b3bfe	Merge pull request #685 from asger-semmle/useless-conditional-as-value JS: fix FPs in UselessConditional	2018-12-14 08:44:10 +00:00
Asger F	ae4b55de9a	JS: fix FPs in UselessConditional	2018-12-13 15:41:41 +00:00
Max Schaefer	e194021c3b	Merge pull request #629 from esben-semmle/js/persistent-read-taint JS: add persistent storage taint steps	2018-12-13 08:24:42 +00:00
Max Schaefer	969fe6e4f1	Merge pull request #657 from esben-semmle/js/classify-more-files JS: classify additional files	2018-12-13 08:20:33 +00:00
Max Schaefer	e8c8360ad1	Merge pull request #659 from esben-semmle/js/more-constant-string-usage JS: replace StringLiteral with ConstantString in two queries	2018-12-13 08:19:22 +00:00
Max Schaefer	df42707050	Merge pull request #675 from asger-semmle/window.name JS: Add window.name as remote flow source	2018-12-13 08:13:15 +00:00
Asger F	a96c53f9b8	JS: restrict when a variable reference is considered a source	2018-12-12 12:28:26 +00:00
semmle-qlci	06dd5f3616	Merge pull request #656 from xiemaisi/js/unused-local-underscore Approved by esben-semmle	2018-12-12 08:11:37 +00:00
Esben Sparre Andreasen	fac638ffab	JS: improve alert location of js/angular/unused-dependency	2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen	b5bbf990b0	JS: improve alert location of js/angular/repeated-dependency-injection	2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen	5acd1ca26d	JS: improve alert location of js/angular/duplicate-dependency	2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen	376ed7a4d2	JS: generalize js/command-line-injection to handle ConstantString	2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen	a1d92bfa50	JS: generalize js/incomplete-sanitization to handle ConstantString	2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen	7cc6f2f4d8	JS: add test case	2018-12-11 10:17:25 +01:00
Esben Sparre Andreasen	73aa223b08	JS: handle additional multi-license file patterns	2018-12-11 09:55:38 +01:00
Max Schaefer	4d186e0edc	JavaScript: Teach `Unused{Variable,Parameter}` to ignore variables with leading underscore.	2018-12-11 08:50:50 +00:00
Esben Sparre Andreasen	edbef289a7	JS: improve whitespace handling for multi-license file recognition	2018-12-11 09:30:10 +01:00
Esben Sparre Andreasen	e016098f86	JS: support purs classification	2018-12-11 09:17:01 +01:00
Esben Sparre Andreasen	3879e57f18	JS: support <meta name="generator"/> classification	2018-12-11 09:12:39 +01:00
Esben Sparre Andreasen	a295dfd2c5	JS: support AutoRest classification	2018-12-11 08:54:19 +01:00
Esben Sparre Andreasen	ab519d4abf	JS: rename query "Incomplete URL regular expression" -> "Incomplete regular expression for hostnames".	2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen	994fe1bea5	JS: address non-semantic review comments	2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen	d4e4bc6a0b	JS: sharpen js/incomplete-url-regexp by not matching `.*` or `.+`	2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen	52ca696ff4	JS: add query js/incomplete-url-regexp	2018-12-10 22:20:29 +01:00
semmle-qlci	9e73ed71b9	Merge pull request #623 from esben-semmle/js/incomplete-url-sanitization Approved by mc-semmle	2018-12-06 20:46:37 +00:00
Esben Sparre Andreasen	4f53411397	JS: recognize HTTP URLs in js/incomplete-url-sanitization	2018-12-06 15:53:20 +01:00
Esben Sparre Andreasen	229eea00dc	JS: add query js/incomplete-url-substring-sanitization	2018-12-06 15:53:20 +01:00
semmle-qlci	3397533045	Merge pull request #628 from xiemaisi/js/setUnsafeHTML Approved by esben-semmle	2018-12-06 13:58:52 +00:00
Esben Sparre Andreasen	28b4a78430	JS: introduce DOM::PersistentWebStorage	2018-12-06 14:53:22 +01:00
Max Schaefer	ef347b3870	JavaScript: Teach Xss query about WinJS HTML injection functions.	2018-12-06 09:13:21 +00:00
Max Schaefer	3c00d4be6d	Merge pull request #607 from esben-semmle/js/more-react-methods JS: model additional React component methods	2018-12-05 08:00:16 +00:00
Esben Sparre Andreasen	d63d838534	JS: add regression test for ODASA-7506	2018-12-04 22:22:46 +01:00
Esben Sparre Andreasen	417dac7ad6	JS: support React getDerivedStateFromProps	2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen	0d62191d84	JS: add more React tests	2018-12-04 10:48:35 +01:00
Asger F	374f7ab65d	JS: address comments	2018-12-03 11:23:02 +00:00
Asger F	0462eb4b50	JS: add IncorrectSuffixCheck query	2018-12-03 11:23:02 +00:00
Max Schaefer	52b8a6bb56	Merge branch 'master' into js/invalid-entity-transcoding	2018-11-30 16:49:20 +00:00
Max Schaefer	10166be535	JavaScript: Add new query `DoubleEscaping`.	2018-11-30 09:39:00 +00:00
Max Schaefer	3ed40d5da1	Merge branch 'master' into range-analysis	2018-11-30 09:36:40 +00:00
Asger F	d69e584cc2	JS: fix bug in foldedComparisonEdge	2018-11-29 11:22:15 +00:00
Asger F	477be260f3	JS: rename UselessRangeCheck -> UselessComparisonTest	2018-11-29 11:22:14 +00:00
Asger F	344bec3865	JS: Add UselessRangeCheck.ql	2018-11-29 11:22:14 +00:00
Esben Sparre Andreasen	f3889e715e	JS: simplify `isReactImportForJSX` to `isReactForJSX`	2018-11-28 15:06:53 +01:00
Esben Sparre Andreasen	54e2215db4	JS: support `require` in isReactImportForJSX	2018-11-28 13:16:55 +01:00
semmle-qlci	04c2b23abd	Merge pull request #520 from esben-semmle/js/clear-text-logging-taint-kinds Approved by asger-semmle	2018-11-23 12:40:40 +00:00
Esben Sparre Andreasen	b780f82869	JS: sharpen `js/clear-text-logging` (ODASA-7485)	2018-11-22 13:38:43 +01:00
semmle-qlci	4e72a08b8d	Merge pull request #507 from esben-semmle/js/mixed-static-intance-this-access-inheritance Approved by xiemaisi	2018-11-21 16:07:25 +00:00
semmle-qlci	f5d3274655	Merge pull request #508 from esben-semmle/js/indirect-global-call-with-default-arguments Approved by xiemaisi	2018-11-21 16:06:46 +00:00
Esben Sparre Andreasen	caea6212ed	JS: use inheritance in `js/mixed-static-instance-this-access`	2018-11-21 09:48:37 +01:00

1 2 3 4 5

212 Commits