hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,338 Commits 1,671 Branches 157 Tags
992876276950e88af6c1769f0114b7226e2db649
Commit Graph

2645 Commits

Author SHA1 Message Date
Asger F
9928762769 JS: Add RegExpAlwaysMatches query 2020-01-06 13:48:02 +00:00
semmle-qlci
48deb30756 Merge pull request #2573 from max-schaefer/js/generalise-alert-suppression 
Approved by asgerf
 2020-01-06 10:43:17 +00:00
semmle-qlci
5dcc5b3b1e Merge pull request #2581 from erik-krogh/FlowUselessExpr 
Approved by max-schaefer
 2020-01-06 08:33:36 +00:00
semmle-qlci
dc7863ce29 Merge pull request #2579 from asger-semmle/typescript-trace-resolution 
Approved by max-schaefer
 2020-01-03 12:57:43 +00:00
semmle-qlci
29be46169a Merge pull request #2576 from asger-semmle/typescript-cyclic-prop-fallthroughnode 
Approved by max-schaefer
 2020-01-03 10:50:05 +00:00
Erik Krogh Kristensen
c22d3d0b3a add test for block-level flow type annotations 2020-01-03 11:07:35 +01:00
semmle-qlci
06d812a6ff Merge pull request #2556 from erik-krogh/RegexpVoidCxt 
Approved by max-schaefer
 2020-01-03 08:38:56 +00:00
Asger F
2ca0e7d232 TS: Disable output from tracing 2020-01-02 15:38:10 +00:00
Asger F
8f478f7caf TS: Add test with traceResolution: true 2020-01-02 15:04:30 +00:00
Asger F
bcf1533e71 TS: Blacklist cyclic property fallthroughFlowNode 2020-01-02 14:13:48 +00:00
Max Schaefer
8d1ad5c5f3 JavaScript: Alert suppression through single-line /* */ style comments. 2020-01-02 10:45:20 +00:00
Erik Krogh Kristensen
d1a77d6993 refactor isInterpretedAsRegExp to directly work on a DataFlow node 2020-01-02 11:18:14 +01:00
semmle-qlci
f921cf7d01 Merge pull request #2512 from erik-krogh/moarExceptions 
Approved by esbena, max-schaefer
 2019-12-20 20:31:50 +00:00
Erik Krogh Kristensen
a0b5aa5ae4 more precise heuristic to identify allowed call targets 2019-12-20 10:51:39 +01:00
Erik Krogh Kristensen
15d74b7d03 remove FP from js/regexpinjection where no regexp was constructed 2019-12-19 10:47:03 +01:00
Tom Hvitved
29cd6a9e30 Sync XML.qll 2019-12-19 10:29:30 +01:00
semmle-qlci
339066ce04 Merge pull request #2552 from erik-krogh/ImportMeta 
Approved by max-schaefer
 2019-12-18 15:38:58 +00:00
Erik Krogh Kristensen
43e9d11f75 inline definition of importIdentifier 2019-12-18 11:43:10 +01:00
Erik Krogh Kristensen
76d4db2552 changes based on review 2019-12-18 11:39:46 +01:00
Erik Krogh Kristensen
4fdfa51e44 add support for import.meta expressions in JavaScript 2019-12-18 10:45:54 +01:00
Erik Krogh Kristensen
bf56797ad7 update expected output of tests 2019-12-17 16:27:55 +01:00
Erik Krogh Kristensen
f140820511 fix FP related to block-level flow type annotations 2019-12-17 16:10:20 +01:00
Erik Krogh Kristensen
9dd7d1c6d7 changes based on review feedback 2019-12-17 13:19:53 +01:00
Erik Krogh Kristensen
f9ddd5891a minor documentation fixes 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-17 13:05:20 +01:00
Max Schaefer
09ee106333 Java/JavaScript: Add two deprecated predicates to XML.qll. 
This makes XML.qll identical across C++, Java, JavaScript and Python.
 2019-12-17 10:15:43 +00:00
Max Schaefer
923e36ba4f C++/Java/JavaScript/Python: Make qldoc consistent. 2019-12-17 10:15:43 +00:00
Max Schaefer
a2fe678464 C++/Java/JavaScript/Python: Unify imports in XML.qll. 2019-12-17 10:15:43 +00:00
Erik Krogh Kristensen
8f17db6670 changes based on review feedback 2019-12-16 14:43:29 +01:00
Erik Krogh Kristensen
7c931452d9 autoformat 2019-12-16 13:45:42 +01:00
Erik Krogh Kristensen
3ca3fa7e9e add quotes on code in documentation 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-12-16 13:32:01 +01:00
Erik Krogh Kristensen
8c0b6f26da Merge remote-tracking branch 'upstream/master' into moarExceptions 2019-12-16 08:35:45 +01:00
Erik Krogh Kristensen
904976c7ac update tests after removing control-flow checks from error-callbacks 2019-12-16 08:30:21 +01:00
Erik Krogh Kristensen
1efe2ba167 inline ifStmt field 2019-12-13 19:00:54 +01:00
semmle-qlci
9b6c394ac7 Merge pull request #2520 from max-schaefer/js/fix-2517 
Approved by esbena
 2019-12-13 12:59:37 +00:00
Erik Krogh Kristensen
3b2cc4674e autoformat 2019-12-13 11:44:52 +01:00
Erik Krogh Kristensen
e164f46330 changes based on review feedback 2019-12-13 11:44:31 +01:00
Erik Krogh Kristensen
f35dc5d274 Merge remote-tracking branch 'upstream/master' into moarExceptions 2019-12-12 16:13:52 +01:00
Erik Krogh Kristensen
17358606cb change callback to rely on an behavior heuristic rather than a naming heuristic 2019-12-12 16:12:37 +01:00
Erik Krogh Kristensen
08d0cb795b revert the introduction of getEnclosingCall 2019-12-12 15:14:02 +01:00
Max Schaefer
dfeca63677 JavaScript: Fix characteristic predicate of XMLParent. 
The database type `@xmlparent` is defined a bit too loosely in that it includes all of `@file`, not just XML files. Fixing that would involve fiddling with the extractor/dbscheme, so I have opted to fix it at the QL level instead.
 2019-12-12 12:38:29 +00:00
semmle-qlci
3d8c35e523 Merge pull request #2509 from asger-semmle/typescript-full-json 
Approved by max-schaefer
 2019-12-11 16:31:26 +00:00
Erik Krogh Kristensen
f537e28389 add pragma to internalBlocks predicate to fix performance 2019-12-11 15:19:30 +01:00
Asger F
063abb5cbc TS: Avoid name clash between tsconfig.json and type table 2019-12-11 12:15:44 +00:00
semmle-qlci
cb8e5fa3fc Merge pull request #2411 from asger-semmle/regexp-sanitizer-guards 
Approved by esbena, max-schaefer
 2019-12-11 12:00:21 +00:00
Erik Krogh Kristensen
62512dd3e9 expand the js/exception-xss to handle more types of exceptional flow 2019-12-11 10:43:50 +01:00
Henning Makholm
66b3c7cf07 JS tests: add queries.xml 
The `queries.xml` file defines which extractor the `codeql test` runner will use
to extract databases for the tests. In the future one will be able to write this
information in `qlpack.yml`, but we can't do that immediately because the
_existing_ CodeQL tooling would refuse to parse a `qlpack.yml` that has the new
field in it.

Adding a queries.xml file means that the normalization of file names in the test
output changes even with the old QLTest, so there are a number of consequential
updates of expected output files.
 2019-12-07 02:38:02 +01:00
Asger F
abec4badb5 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
344f0b4995 Fix typo in qldoc 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
c1da83bf6c Fix typo in qldoc 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
2acd616e6f JS: Review comments 2019-12-06 11:53:06 +00:00