hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-23 23:57:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
65,054 Commits 1,758 Branches 168 Tags
7b3810eb8f88c0cd9489e0cca577ee1ea24b6ede
Commit Graph

1403 Commits

Author SHA1 Message Date
Asger F
7b3810eb8f Merge branch 'js/endpoint-naming-expose-synthetic' into js/vea-hacking 2024-03-19 14:04:00 +01:00
Asger F
ae903abb4b JS: Expose whether an endpoint name is synthetic 2024-03-19 14:03:33 +01:00
Tom Hvitved
5ab1047b14 Merge pull request #15882 from hvitved/js/dataflow-node-get-location 
JS: Add `DataFlow::Node.getLocation`
 2024-03-19 09:21:00 +01:00
Tom Hvitved
54fa8181da Address review comment 2024-03-13 20:03:01 +01:00
Erik Krogh Kristensen
bd121b98ae Merge pull request #15893 from erik-krogh/more-filter-taint 
JS: allow more flow through .filter()
 2024-03-13 16:19:28 +01:00
Tom Hvitved
16cef92106 JS: Add DataFlow::Node.getLocation 2024-03-13 13:06:16 +01:00
Asger F
c5a02dae2b Merge pull request #15768 from asgerf/js/amd-pseudo-deps 
JS: Do not treat AMD pseudo-dependencies as imports
 2024-03-13 12:49:17 +01:00
erik-krogh
129286aa1c allow more flow through .filter() 2024-03-13 12:03:00 +01:00
Asger F
3cd4969499 WIP: Add NoPropStep and LoadAnyProp() 2024-03-12 13:01:39 +01:00
Asger F
ba86c93e67 Revert "JS: More aggressive tracking of objects with methods" 
This reverts commit 5ed2e033f1.
 2024-03-11 15:33:12 +01:00
Asger F
5ed2e033f1 JS: More aggressive tracking of objects with methods 2024-03-11 10:43:15 +01:00
Asger F
7c35309732 Merge pull request #15823 from asgerf/js/lift-cg-restriction 
JS: Call graph improvements
 2024-03-08 13:40:38 +01:00
Asger F
245cd5c0b5 Merge pull request #15760 from asgerf/js/summarised-tt-store-steps 
JS: Summarise store steps for type tracking
 2024-03-08 13:16:25 +01:00
Asger F
ac4601cb8f Update javascript/ql/lib/semmle/javascript/dataflow/internal/CallGraphs.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-03-08 13:01:38 +01:00
Asger F
f546383cee JS: More implied receiver steps 2024-03-07 11:51:06 +01:00
Asger F
d9482441f0 Merge branch 'js/lift-cg-restriction' into js/vea-hacking 2024-03-06 11:42:55 +01:00
Asger F
a54a73c9a2 JS: Detect more FunctionStyleClasses 2024-03-06 11:37:20 +01:00
Asger F
941097b639 Update ModuleInterop.qll 2024-03-05 19:09:22 +01:00
Asger F
7ae28ceee0 More Module interop code 2024-03-04 15:46:55 +01:00
Asger F
4ab7acedb6 JS: Do not track instance methods 2024-03-04 10:36:13 +01:00
Asger F
f5d014baa5 JS: Remove allocation site restriction in CG 2024-03-01 23:20:35 +01:00
Asger F
5340a89107 JS: Remove allocation site restriction in CG 2024-03-01 21:36:29 +01:00
Asger F
c43856d8ea JS: Add steps to better handle module interop code 2024-03-01 21:30:04 +01:00
Asger F
af1382a6ca Merge branch 'js/summarised-tt-store-steps' into js/vea-hacking 2024-03-01 20:26:46 +01:00
Asger F
13e3a5158e JS: Fix qldoc 2024-02-29 13:59:25 +01:00
Asger F
dc590756b5 Merge branch 'js/escaping-instance-detection' into js/vea-hacking 2024-02-29 11:19:31 +01:00
Asger F
6a0adff1dc JS: More precise detection of classes with escaping instances 2024-02-29 11:15:37 +01:00
Asger F
34b48f51de Merge branch 'js/summarised-tt-store-steps' into js/vea-hacking 2024-02-29 10:30:15 +01:00
Asger F
853397361f JS: Do not treat AMD pseudo-dependencies as file paths 2024-02-29 10:23:28 +01:00
Asger F
052a8e7f81 JS: Avoid spurious recursion in AMD 2024-02-29 10:23:28 +01:00
Asger F
f384afbaf6 JS: Also summarize loadStore steps 2024-02-29 10:11:16 +01:00
Asger F
3ad83cc098 JS: Summarise store steps for type tracking 2024-02-29 10:10:39 +01:00
Asger F
29ffeb6da5 JS: Fix qldoc 2024-02-20 14:00:32 +01:00
Asger F
c324b2aed8 JS: Refactor 2024-02-19 13:59:49 +01:00
Asger F
eb7d0244c2 JS: Global names don't have to be defined in externs 2024-02-19 13:59:49 +01:00
Asger F
493b37774f JS: More precise isFunctionSource 2024-02-19 13:59:49 +01:00
Asger F
6d597bea0d JS: Refactor 2024-02-19 13:59:49 +01:00
Asger F
8a5b907912 JS: Handle wrapper functions more gracefully 2024-02-19 13:59:48 +01:00
Asger F
d96f29d6c2 JS: Disallow return steps in getASinkNode 2024-02-19 13:59:48 +01:00
Asger F
29258ad8c2 WIP new aliasing rule 2024-02-19 13:59:15 +01:00
Asger F
d94d4591da JS: Name instance methods using API nodes instead of special-casing 2024-02-14 15:08:19 +01:00
Asger F
c4a0f36a08 JS: Fix handling of unknown properties 
These would shorten the expected distance to a node, but would never be usable as an edge, meaning we failed to pick a preferred predecessor.
 2024-02-14 15:08:19 +01:00
Asger F
9838da5395 JS: Simplify isExported 2024-02-14 15:08:19 +01:00
Asger F
a3dc19fd31 JS: Check privacy earlier 2024-02-14 15:08:19 +01:00
Asger F
75a95ffcd1 Merge pull request #15602 from asgerf/js/block-logical-and-flow 
JS: Fix flow through &&
 2024-02-14 12:29:40 +01:00
Asger F
2172c4863f Merge pull request #15380 from asgerf/js/endpoint-naming 
JS: Add library for naming endpoints
 2024-02-14 10:48:13 +01:00
Asger F
7122a7502a JS: Fix flow through && 
This is a long-standing bug we've been unable to fix due to noise from type inference.
 2024-02-13 14:43:03 +01:00
Asger F
543e183d99 JS: Describe 1-step aliasing rule 2024-02-13 09:29:15 +01:00
Asger F
baa3c35d6f JS: Refactor aliasing relation 2024-02-13 09:24:00 +01:00
Asger F
8d3a19aaad JS: Fix termination criteria 
Previously it was theoretically possible to create a cycle of preferred predecessors, since badness had higher precedence than depth. We now require the preferred predecessor to have lower depth.

With this criteria we can remove the arbitray cap on badness.
 2024-02-12 11:44:52 +01:00