hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 05:43:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,418 Commits 1,697 Branches 161 Tags
9dc774aaa3ff00e76e81851732fdc6f99ffde237
Commit Graph

2331 Commits

Author SHA1 Message Date
Asger F
efa438a352 JS: Move identityFunctionStep back into CachedSteps module 2025-11-19 13:47:30 +01:00
Asger F
8fef60464e JS: Remove out-commented code 2025-11-19 13:46:10 +01:00
Asger F
a0965f33e3 JS: Also discard JSON, YAML, and XML 2025-11-18 13:29:00 +01:00
Asger F
4b57b4418f JS: Factor out some code 2025-11-17 10:48:15 +01:00
Asger F
a405b7b3e0 JS: Add discard predicates for locations 2025-11-17 10:47:37 +01:00
Asger F
c7341f295d JS: Fix bad join in BarrierGuards.qll 2025-11-13 09:46:27 +01:00
Asger F
578355ac27 JS: Fix bad join in CallGraphs.qll 2025-11-13 09:46:25 +01:00
Asger F
46b1387846 JS: Make isAssignedInUniqueFile global, as it should be 2025-11-13 09:46:20 +01:00
Asger F
6498cd1b07 JS: Remove obsolete overlay[global] annotations 2025-11-13 09:46:18 +01:00
Asger F
0594f84dfc JS: Improve join orders related to getABooleanValue() 2025-11-13 09:46:16 +01:00
Asger F
4645f327a5 JS: Avoid more bad joins due to locality 2025-11-13 09:46:14 +01:00
Asger F
269489e817 JS: Avoid bad join in shared predicate induced by 'forex'. 
Use manual recursion instead.
 2025-11-13 09:46:12 +01:00
Asger F
e72232fd1d JS: Add more overlay[caller?] annotations 2025-11-13 09:46:06 +01:00
Asger F
66febb263d JS: Add some overlay[caller] and a pragma[nomagic] annotations 2025-11-13 09:46:05 +01:00
Asger F
c09563f775 JS: Make more general-purpose data flow things local 2025-11-13 09:46:01 +01:00
Asger F
b1418e1d70 JS: Add overlay[local?] to new summaries after rebasing 2025-11-13 09:46:00 +01:00
Asger F
2b338fc1d9 JS: Fix getRawEnclosingStmt call 2025-11-13 09:45:58 +01:00
Asger F
23e42c89ee JS: Overlay annotations for AST layer 2025-11-13 09:45:56 +01:00
Asger F
c583b480af JS: Add pragma[nomagic] just to be safe 
The DIL is unchanged
 2025-10-30 15:31:51 +01:00
Asger F
a5819a14be JS: Fix bad join order in getNextToken() 2025-10-30 15:31:51 +01:00
Nora Dimitrijević
a0975e7e19 Constrain location overrides to actual sources/sinks 2025-10-28 09:42:20 +01:00
Nora Dimitrijević
bcdbe0b50a JS/PolynomialReDoSQuery 
javascript/ql/src/Performance/PolynomialReDoS.ql
 2025-10-28 09:40:16 +01:00
Nora Dimitrijević
94343254e3 JS/ShellCommandInjectionFromEnvironmentQuery 
javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
 2025-10-28 09:40:14 +01:00
Nora Dimitrijević
71cf042607 JS/IndirectCommandInjectionQuery 
javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
 2025-10-28 09:40:11 +01:00
Nora Dimitrijević
2a30ea923a JS/CommandInjectionQuery 
javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql

javascript/ql/src/Security/CWE-078/CommandInjection.ql
 2025-10-28 09:40:09 +01:00
Asger F
8d49f26f3d Merge pull request #20397 from asgerf/js/build-artifact-leak-fp 
JS: Fix FP in js/build-artifact-leak when keys come from an array of constants
 2025-10-28 06:40:13 +01:00
Asger F
c6577c8590 JS: Avoid magic and improve a join in type resolution 2025-10-15 11:54:28 +02:00
Asger F
10c9b747a5 Merge pull request #20586 from asgerf/js/api-graphs-block-this 
JS: Restrict receiver-flow in API graphs
 2025-10-08 08:41:56 +02:00
Asger F
587ad5c600 JS: Refine criteria so that explicit this-passing is not affected 2025-10-06 11:43:18 +02:00
Asger F
4d33190241 JS: Restrict this-argument passing in API graphs 2025-10-06 11:42:36 +02:00
Simon Friis Vindum
26aa938acc Merge pull request #20452 from paldepind/rust/mad-source-parameter 
Rust, shared: Support `Parameter` in source MaD models
 2025-09-24 09:37:25 +02:00
Asger F
2e8091f0fb Merge pull request #20419 from asgerf/js/express-json-send 
JS: Model Express json and jsonp methods
 2025-09-24 09:25:32 +02:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Asger F
7670a2bd77 Merge pull request #20375 from asgerf/js/promise-try 
JS: Support Promise.try and Array.prototype.with
 2025-09-16 14:44:07 +02:00
Napalys Klicius
97a11de1e3 Merge pull request #20435 from Napalys/js/promisification_modeling 
JS: Promisification library modeling and enhance flow
 2025-09-16 14:07:53 +02:00
Asger F
0b900711bf Update javascript/ql/lib/semmle/javascript/frameworks/Express.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-16 13:48:26 +02:00
Napalys Klicius
49ccb8ce2b JS: Simplify exist clause to use Promisify::PromisifyAllCall instead of DataFlow::SourceNode 2025-09-16 13:13:15 +02:00
Asger F
429c4eac96 JS: Add support for Array.prototype.with 
Note: This was authored by Copilot
 2025-09-16 13:06:59 +02:00
Asger F
ee78b7dc96 JS: Add support for Promise.try 2025-09-16 13:06:57 +02:00
Asger F
45eff3dac8 Merge pull request #20399 from asgerf/js/default-interop2 
JS: Refactor handling of ambiguous default imports
 2025-09-16 13:02:22 +02:00
Asger F
65102a073a Merge pull request #19770 from trailofbits/VF/async-package-improvements 
Improve data flow in the `async` package
 2025-09-16 08:55:52 +02:00
Asger F
f587273828 Merge pull request #19768 from trailofbits/VF/lodash-group-by 
Add lodash GroupBy as taint step
 2025-09-16 08:55:13 +02:00
Napalys Klicius
0d23ab07db JS: Add data flow modeling for promisified user-defined functions 2025-09-15 17:13:13 +02:00
Napalys Klicius
2c6db00cbc JS: Add modeling for util promisify* 2025-09-15 17:09:28 +02:00
Napalys Klicius
e002f2088f JS: Add modeling for es6-promisify 2025-09-15 17:04:34 +02:00
Napalys Klicius
35c75c00ba JS: Add modeling for @gar/promisify 2025-09-15 16:58:11 +02:00
Napalys Klicius
312471e9db JS: Add modeling for @google-cloud/promisify 2025-09-15 16:55:27 +02:00
Napalys Klicius
d37425ae3e JS: Treat promisify(obj).member as obj.member 2025-09-15 16:51:19 +02:00
Napalys Klicius
22b61852a1 JS: Add modeling for thenify-all 2025-09-15 16:31:14 +02:00
Asger F
132a8b8b53 JS: Model json and jsonp methods 2025-09-12 08:51:23 +02:00