hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,607 Commits 1,671 Branches 157 Tags
83e0f3bc8d1c572807e2358e85c38611bd6c8e78
Commit Graph

1187 Commits

Author SHA1 Message Date
Max Schaefer
83e0f3bc8d Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 
JS: Captured Nodes, type inference + a query
 2019-03-01 10:48:52 +00:00
semmle-qlci
6cafe222c4 Merge pull request #1013 from asger-semmle/closure-string-ops 
Approved by esben-semmle
 2019-03-01 10:31:27 +00:00
Max Schaefer
a6f3305edc Merge pull request #1006 from asger-semmle/express-end 
JS: Treat res.end() as alias for res.send() in Express
 2019-03-01 10:30:06 +00:00
semmle-qlci
bc8906ba82 Merge pull request #1009 from xiemaisi/js/reformat-extractor 
Approved by asger-semmle
 2019-03-01 08:20:59 +00:00
Max Schaefer
8dcd8715b9 Merge pull request #889 from jcreedcmu/jcreed/tarslip 
JavaScript: Add new query for ZipSlip (CWE-022).
 2019-03-01 08:16:35 +00:00
Jason Reed
86bbb5fb18 JS: Add ZipSlip query to security suite 2019-02-28 15:46:34 -05:00
Jason Reed
c1b218a5ff JS: Documentation fixes 2019-02-28 15:46:19 -05:00
Jason Reed
c5e57dacf8 JS: Actually use fileName in examples 2019-02-28 15:46:14 -05:00
Jason Reed
674d2790b4 JS: Address review comments 2019-02-28 15:46:07 -05:00
Jason Reed
caebdd2f68 JS: Fix incorrect sample link 2019-02-28 15:46:00 -05:00
Jason Reed
2fc2a393b7 JS: Address review comments 2019-02-28 15:45:52 -05:00
Jason Reed
09b9a57783 JS: More efficient reasoning through pipe 2019-02-28 15:45:38 -05:00
Jason Reed
b0636dd410 JS: Better local flow through .pipe chaining 2019-02-28 15:45:33 -05:00
Jason Reed
23d37c7167 JS: Unbreak TaintedPath 2019-02-28 15:45:26 -05:00
Jason Reed
32d48ba98b JS: Run auto-formatter 2019-02-28 15:45:20 -05:00
Jason Reed
abd2644af7 JS: Address review comments 2019-02-28 15:45:13 -05:00
Jason Reed
baa4f08259 JS: Add new query for ZipSlip (CWE-022) 2019-02-28 15:45:08 -05:00
Asger F
8dfec58428 JS: Update test 2019-02-28 16:49:35 +00:00
Asger F
47b5f34870 JS: shift line numbers in test output 2019-02-28 16:48:47 +00:00
Asger F
2bfb015218 JS: Add closure string ops 2019-02-28 16:47:53 +00:00
Max Schaefer
c4fa29dd0f JavaScript: Autoformat extractor sources using google-java-format. 
No special settings; command:

  find javascript/extractor/src -name "*.java" | xargs java -jar /path/to/google-java-format-1.7-all-deps.jar --replace
 2019-02-28 14:30:06 +00:00
Asger F
5478e0da62 Merge pull request #998 from xiemaisi/js/autobuild-file-types 
JavaScript: Make file types customisable in AutoBuild.
 2019-02-28 15:26:35 +01:00
Max Schaefer
2ecabad553 Merge pull request #1004 from asger-semmle/suffix-check-bug 
JS: Recognize '+' in suffix check
 2019-02-28 14:23:26 +00:00
Asger F
03ef167c56 JS: Treat res.end() as alias for res.send() in Express 2019-02-28 12:37:11 +00:00
semmle-qlci
edba24129d Merge pull request #1003 from xiemaisi/js/fix-test 
Approved by esben-semmle
 2019-02-28 12:05:44 +00:00
Asger F
8e8085ea1f JS: add test 2019-02-28 10:09:36 +00:00
Max Schaefer
c8a37297f3 Merge pull request #997 from asger-semmle/closure-promise 
JS: model of closure Promises
 2019-02-28 10:05:12 +00:00
Max Schaefer
1b5887014b Merge pull request #988 from asger-semmle/spread-taint-step 
JS: add taint step through object/array spread operators
 2019-02-28 09:58:23 +00:00
Max Schaefer
02dff4e9d9 JavaScript: Update expected test output. 2019-02-28 08:21:06 +00:00
semmle-qlci
6602b4dbda Merge pull request #992 from xiemaisi/js/socket.io 
Approved by asger-semmle
 2019-02-27 18:43:40 +00:00
semmle-qlci
8e485b7972 Merge pull request #996 from xiemaisi/js/first-array-elt-in 
Approved by esben-semmle
 2019-02-27 16:19:21 +00:00
Max Schaefer
9d77619afc JavaScript: Make file types customisable in AutoBuild. 
Every once in a while we encounter projects using some custom file extension for files that we could in principle extract, but since the extractor doesn't know about the extension the files are skipped.

To handle this, the legacy extractor has a `--file-type` option that one can use to specify a file type to use for all files in that particular extraction. So far, `AutoBuild` has nothing of the sort.

This PR proposes to introduce an environment variable `LGTM_INDEX_FILETYPES` to allow a similar customisation. In the fullness of time, this variable would be set through `lgtm.yml` in the usual way, but for now it is undocumented and for internal use only.

Specifically, `LGTM_INDEX_FILETYPES` is a newline-separated list of ".extension:filetype" pairs, specifying that files with the given `.extension` should be extracted as type `filetype`, where
`filetype` is one of `js`, `html`, `json`, `typescript` or `yaml`.

For example, `.jsm:js` causes all `.jsm` files to be extracted as JavaScript.

This can also be used to override default file types: for example, by specifying `.js:typescript` all JavaScript files will be extracted as TypeScript.
 2019-02-27 12:02:01 +00:00
Asger F
3d400cc57f JS: basic model of closure Promises 2019-02-27 11:58:51 +00:00
Max Schaefer
2ed37903d8 JavaScript: Include list of relevant environment variables in Javadoc for AutoBuild. 2019-02-27 11:54:59 +00:00
semmle-qlci
999e0c8b95 Merge pull request #947 from asger-semmle/string-ops-concat 
Approved by xiemaisi
 2019-02-27 09:54:46 +00:00
Max Schaefer
37a3085466 Merge pull request #993 from asger-semmle/getacallee 
JS: document new behavior of overriding InvokeNode.getACallee()
 2019-02-27 09:00:59 +00:00
Max Schaefer
6ecdb0edd5 JavaScript: Allow first expression in array literal to be an in expression. 2019-02-27 08:58:28 +00:00
Max Schaefer
0648d7aa09 JavaScript: Sharpen result type of getAReceivedItem. 2019-02-27 08:51:43 +00:00
Max Schaefer
cd9ccd4c8d Merge pull request #983 from asger-semmle/closure-global-ref 
JS: add closure library in globalObjectRef
 2019-02-26 16:55:58 +00:00
Max Schaefer
db5fbe29a3 Merge pull request #941 from esben-semmle/js/vue-support-2 
JS: Vue security improvements
 2019-02-26 16:49:38 +00:00
Asger F
eaf3f52372 JS: document new behavior of overriding InvokeNode.getACallee() 2019-02-26 16:09:19 +00:00
Max Schaefer
739705865b JavaScript: Add basic model of socket.io. 2019-02-26 15:53:29 +00:00
semmle-qlci
86e646beb4 Merge pull request #975 from asger-semmle/global-closure-dataflow 
Approved by esben-semmle
 2019-02-26 13:57:39 +00:00
Asger F
29d2d620e4 JS: add taint step through object/array spread operators 2019-02-26 11:43:59 +00:00
Esben Sparre Andreasen
f9111f68e9 Update javascript/ql/src/semmle/javascript/dataflow/TypeInference.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-02-26 11:11:44 +01:00
Asger F
6b9157540b JS: mark globalFlowPred as internal 2019-02-26 09:56:22 +00:00
semmle-qlci
681ff0f39c Merge pull request #977 from asger-semmle/extend-test-version 
Approved by xiemaisi
 2019-02-26 09:55:41 +00:00
semmle-qlci
74a4103857 Merge pull request #976 from asger-semmle/closure-import-deep 
Approved by esben-semmle
 2019-02-26 09:34:04 +00:00
semmle-qlci
00d490e84d Merge pull request #945 from asger-semmle/extensible-module-import 
Approved by xiemaisi
 2019-02-26 09:26:28 +00:00
Esben Sparre Andreasen
9511bdf6ae JS: address review comment 2019-02-26 10:07:00 +01:00