hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 09:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
5,227 Commits 1,754 Branches 167 Tags
8a43fdc806cb0725fdca8b6de3ff78dd0d7350f1
Commit Graph

904 Commits

Author SHA1 Message Date
semmle-qlci
8a43fdc806 Merge pull request #1448 from xiemaisi/js/fix-access-paths-perf-regression 
Approved by esben-semmle
 2019-06-13 10:13:27 +01:00
semmle-qlci
913544600a Merge pull request #1449 from xiemaisi/js/fix-http-response-sink-perf-regression 
Approved by esben-semmle
 2019-06-12 21:36:23 +01:00
Max Schaefer
60964efce5 JavaScript: Avoid bad context pushing in ReflectedXss::HttpResponseSink. 2019-06-12 16:20:35 +01:00
Max Schaefer
b32a037ff2 JavaScript: Refactor a few access path computation predicates. 2019-06-10 11:15:52 +01:00
Max Schaefer
d723ab76d8 JavaScript: Fix getDelimiterMatchingRegexp to work on multi-line strings. 2019-06-05 08:09:19 +01:00
semmle-qlci
1fa975b4c9 Merge pull request #1393 from xiemaisi/js/concretify 
Approved by esben-semmle
 2019-06-04 11:34:47 +01:00
Esben Sparre Andreasen
bf51c54338 JS: add RegExpPatternSource::getAParse to hide the subclasses 2019-06-03 14:23:22 +02:00
Esben Sparre Andreasen
7b652214c5 JS: address docstring comments 2019-06-03 13:59:39 +02:00
Esben Sparre Andreasen
3289c629f7 JS: address minor review comments 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
3358e49698 JS: refactor the predicate RegExp::regexp to three classes. 
This preserves the ad hoc message formatting in IncompleteHostnameRegExp.ql
 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen
98ae2597bb JS: refactor IncompleteHostnameRegExp::regexp to RegExp.qll 2019-06-03 08:27:49 +02:00
Max Schaefer
c560096b17 JavaScript: Make Script and CodeInAttribute concrete. 2019-05-31 12:04:14 +01:00
Max Schaefer
3097037a6f Merge pull request #1290 from esben-semmle/js/semver-lib 
JS: add SemVer library
 2019-05-31 08:09:24 +01:00
semmle-qlci
0fa06e5c8d Merge pull request #1180 from asger-semmle/tainted-path-squashed 
Approved by xiemaisi
 2019-05-30 17:20:19 +01:00
semmle-qlci
bd15994bb4 Merge pull request #1367 from xiemaisi/js/configuration-api-consistency 
Approved by esben-semmle
 2019-05-28 12:26:58 +01:00
Asger F
9f43844f1e JS: Remove obsolete code 2019-05-28 11:54:57 +01:00
Asger F
8d60ae7200 JS: Avoid unnecessary casts 2019-05-28 11:54:42 +01:00
Max Schaefer
86e96c6dc3 JavaScript: Introduce is{Barrier,Sanitizer}Edge predicate. 
This name is more intuitive than the previous binary
`is{Barrier,Sanitizer}` predicates, and is consistent with the other
languages.
 2019-05-28 08:08:14 +01:00
Max Schaefer
d9b3e461ba Merge pull request #1351 from asger-semmle/js-incomplete-nodes 
JS: Mark some more nodes as incomplete
 2019-05-28 07:59:23 +01:00
Max Schaefer
bad5465aad Merge pull request #1360 from asger-semmle/customize-window-document 
JS: Make some DOM concepts customizable
 2019-05-28 07:58:44 +01:00
Esben Sparre Andreasen
fd4c749e27 JS: change FrameworkLibraryInstance Script/TopLevel inheritance 
This is theoretically a breaking change, but it preserves the
semantics of all queries in this repository, as far as I can see.
 2019-05-28 08:31:23 +02:00
Esben Sparre Andreasen
1b1e9ed51a JS: cache matchMarkerComment 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
eb13ab52cf JS: sharpen js/prototype-pollution with version analysis 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
c143e31fb5 JS: rename getDefaultNode to getImportedModuleNode 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
0660db37f6 JS: introduce SemVer matching library 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
7d57d1915a JS: introduce DataFlow::DependencyModuleImport 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
ef6f4c7a5e JS: update docstring 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
f74653be46 JS: extract getDefaultNode from DefaultRange 2019-05-27 22:32:32 +02:00
Max Schaefer
1bf7bcf010 Merge pull request #1356 from asger-semmle/tainted-path-cherry-picked 
JS: Refactor LabelledBarrierGuard
 2019-05-23 12:26:35 +01:00
Asger F
6bb011a4cc JS: Stop using data/taint as flow labels in TaintedPath 2019-05-23 10:16:41 +01:00
Asger F
0823f6c935 JS: fix use of dataOrTaint() 2019-05-23 10:16:41 +01:00
Asger F
37fa2446d4 JS: review comments 2019-05-23 10:16:31 +01:00
Asger F
07d508d1bf JS: Track taint through .replace() 2019-05-23 09:23:48 +01:00
Asger F
1ec3475457 JS: All of TaintedPath 2019-05-23 09:23:47 +01:00
Asger F
2fc0ab5595 JS: Stop using the AST-based isDocumentURL internally 2019-05-23 08:55:21 +01:00
Asger F
8b7dbf8b0f JS: Align DOM::locationRef with isDocumentURL 2019-05-23 08:45:08 +01:00
Asger F
8590042a7e JS: customizable window, document, DOM value 2019-05-22 15:49:56 +01:00
Asger F
deb217326d JS: Update our own queries 2019-05-22 13:13:08 +01:00
Asger F
61ef73b0f7 JS: Add change note and deprecation member 2019-05-22 12:23:29 +01:00
Asger F
6246eb2fe3 JS: Refactor LabeledSantizerGuard 2019-05-22 12:08:03 +01:00
semmle-qlci
dc8123db8e Merge pull request #1355 from xiemaisi/js/data-flow-api-fiddling 
Approved by asger-semmle
 2019-05-22 10:40:32 +01:00
semmle-qlci
114ba0e722 Merge pull request #1349 from EdoDodo/js-performance 
Approved by xiemaisi
 2019-05-21 17:50:01 +01:00
Asger F
de2f323172 JS: Mark unused parameter nodes as incomplete 2019-05-21 16:53:39 +01:00
Asger F
69dbbcf1c8 JS: Mark destructuring nodes as incomplete 2019-05-21 16:52:35 +01:00
Asger F
faa47029d5 JS: Mark exceptional nodes as incomplete 2019-05-21 13:51:59 +01:00
Edoardo Pirovano
9d2580f778 JS: Fix performance regression of query. 2019-05-21 12:26:11 +01:00
semmle-qlci
8cd3cb501a Merge pull request #1346 from xiemaisi/js/revert-1078 
Approved by esben-semmle
 2019-05-21 12:19:57 +01:00
Max Schaefer
924664afcf JavaScript: Manually revert #1078. 
In its present form, `getAnUndefinedReturn` does not handle `finally`
blocks correctly. For example, in this snippet

```
try {
  return 42;
} finally {
  cleanup();
}
```

the call to `cleanup` is erroneously considered an undefined return.

We currently don't use the predicate anywhere, so it seems best to back
it out for the time being.
 2019-05-21 08:26:58 +01:00
Max Schaefer
7b7f92c19e JavaScript: Introduce SSA::definition and SSA::variable. 2019-05-20 16:22:01 +01:00
Max Schaefer
fb744a6c53 JavaScript: Introduce Parameter.getVariable(). 2019-05-20 16:01:12 +01:00