hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,648 Commits 1,697 Branches 161 Tags
9fef8803ed7874151027daa9674ab705f9b136f4
Commit Graph

59648 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
9fef8803ed JS: Avoid BarrierGuardNode's range from depending on Configuration 2023-10-13 12:42:41 +02:00
Asger F
e31ae3a1bf JS: Model JSON.stringify with "deep" read operators 2023-10-13 12:42:41 +02:00
Asger F
0c2e52baba JS: Summary/steps for iterators and generators 2023-10-13 12:42:41 +02:00
Asger F
da3a0de814 JS: Port String#replace to flow summary 2023-10-13 12:42:41 +02:00
Asger F
f0c2afe39e JS: Add flow summaries for maps and sets 2023-10-13 12:42:40 +02:00
Asger F
5054c43b18 JS: Add flow summaries/steps for promises and async/await 2023-10-13 12:42:40 +02:00
Asger F
4319b07798 JS: Add flow summaries for Arrays 2023-10-13 12:42:40 +02:00
Asger F
a31e251529 JS: Add flow summaries for core methods 2023-10-13 12:42:40 +02:00
Asger F
46fec8ea7e JS: Add AdditionalFlowInternal 
This provides access to more features than we want to expose publicly at the moment, but is useful for modelling certain language features.
 2023-10-13 12:42:40 +02:00
Asger F
3f20d71a9b JS: Add legacy post-update step 
This is to ensure getALocalSource() can be replaced by getPostUpdateNode() as the base of a store
 2023-10-13 12:42:40 +02:00
Asger F
6037ff553c JS: Add LegacyPreUpdateStep 
This contributes to both LegacyFlowStep and SharedTypeTrackingStep.

That is, this is for steps that are used by type-tracking and the old data flow library, but not the new data flow library.
 2023-10-13 12:42:40 +02:00
Asger F
27c7d5004a JS: Do the same for additional taint steps 2023-10-13 12:42:40 +02:00
Asger F
1afe06e3a5 JS: Add "additional" and "legacy" steps 
See the comment at the top of AdditionalFlowSteps.qll
 2023-10-13 12:42:40 +02:00
Asger F
c24a0e00f5 JS: Move SharedTaintStep to AdditionalTaintSteps.qll 
NOTE that this commit only moves around code. There are no changes.
 2023-10-13 12:42:40 +02:00
Asger F
5bccc652c8 JS: Move SharedFlowStep to AdditionalFlowSteps.qll 
NOTE that this commit only moves around code. There are no changes.
 2023-10-13 12:42:40 +02:00
Asger F
293899d648 JS: Add 'Awaited' token 2023-10-13 12:42:40 +02:00
Asger F
32070abb27 JS: Implicitly treat array steps as taint steps 2023-10-13 12:42:40 +02:00
Asger F
60101f5e6a JS: Instantiate flow summary library 2023-10-13 12:42:40 +02:00
Asger F
8dc0800526 JS: Add the shared FlowSummaryImpl.qll file 2023-10-13 12:42:40 +02:00
Asger F
f316da78d2 JS: Add FunctionSelfReferenceNode 2023-10-13 12:42:40 +02:00
Asger F
760873c01c JS: Basic instantiation of shared library 2023-10-13 12:42:40 +02:00
Asger F
3455463e71 JS: Add instantiation boilerplate 
Note that this commit won't compile on its own, but putting the boilerplate in its own commit
 2023-10-13 12:42:40 +02:00
Asger F
c839822eb9 JS: Add PostUpdateNode 2023-10-13 12:42:40 +02:00
Asger F
01952f17bf JS: Add some missing getContainer() predicates 2023-10-13 12:42:40 +02:00
Asger F
21300eef4c JS:Add ConstructorThisArgumentNode 2023-10-13 12:42:40 +02:00
Asger F
b499c6075a JS: Add Contents.qll 2023-10-13 12:42:40 +02:00
Asger F
79e7aae9f6 JS: Add TEarlyStageNode 2023-10-13 12:42:39 +02:00
Asger F
51ef0e5836 JS: Move TNode into a cached module 2023-10-13 12:42:39 +02:00
Asger F
60b179bda2 Shared: add DeduplicatePathGraph 
Note that there is a separate PR open with this library
 2023-10-13 12:42:39 +02:00
Asger F
7780fe9472 Merge pull request #14435 from asgerf/ruby/port-synced-queries 
JS/Ruby: desync two queries and port the Ruby version to ConfigSig-style
 2023-10-11 15:50:58 +02:00
Michael B. Gale
7a98afe6ec Merge pull request #14439 from github/mbg/go/workspace-experiments 
Go: Move `go.mod` into `extractor` subdirectory
 2023-10-11 14:11:07 +01:00
Jean Helie
a4eb3fd997 Merge pull request #14438 from github/jhelie/fix-automodel-extraction-queries 
Automodel: Fix automodel extraction queries
 2023-10-11 14:30:01 +02:00
Michael B. Gale
7d7d90e7e0 Update expected test output 2023-10-11 13:18:27 +01:00
Michael B. Gale
94b0bc1e35 Move go.mod into extractor directory 2023-10-11 13:10:20 +01:00
Jean Helie
6260768e6a update query message to incoude extensibleType 2023-10-11 14:02:24 +02:00
Jean Helie
c41676a21a update query message to incoude extensibleType 2023-10-11 14:02:12 +02:00
Owen Mansel-Chan
477d8f8b9a Merge pull request #14064 from amammad/amammad-go-NewFileSystemAccess 
Go: New File System Access Sinks
 2023-10-11 12:58:38 +01:00
Owen Mansel-Chan
96543b8337 Merge pull request #14075 from amammad/amammad-go-JWT 
Go: Improved JWT query, JWT decoding without verification
 2023-10-11 12:31:43 +01:00
Mathias Vorreiter Pedersen
02915582eb Merge pull request #14432 from MathiasVP/select-the-right-node-for-flow-sources 
C++: Use fully converted instructions as the target of modelled functions
 2023-10-11 13:04:16 +02:00
Owen Mansel-Chan
8a3aa2c767 Fix formatting 2023-10-11 11:46:31 +01:00
Tamás Vajk
304d7a4395 Merge pull request #14429 from tamasvajk/relax-metadata_handle-keyset 
C#: Remove `keyset` from `metadata_handle` relation
 2023-10-11 12:00:11 +02:00
Erik Krogh Kristensen
85bb14f04f Merge pull request #14405 from erik-krogh/tagCall 
JS: recognize tagged template literals as `DataFlow::CallNode`
 2023-10-11 11:25:34 +02:00
Mathias Vorreiter Pedersen
d54ab640c7 Merge branch 'main' into select-the-right-node-for-flow-sources 2023-10-11 10:17:10 +01:00
Tamás Vajk
aa7a667919 Merge pull request #14421 from tamasvajk/csharp/autobuilder-test 
C#: Add autobuilder test with global.json
 2023-10-11 10:35:53 +02:00
amammad
5e273238ca fix qldoc 2023-10-11 10:33:44 +02:00
Asger F
89bd00a4ec Ruby: port queries to ConfigSig-style 2023-10-11 10:06:19 +02:00
Asger F
6df919a917 JS/Ruby: remove sync between two queries 2023-10-11 10:06:11 +02:00
Rasmus Wriedt Larsen
68d00a829e Merge pull request #14430 from RasmusWL/api-graph-import-star 
Python: Better allow `import *` to work with API graphs
 2023-10-11 10:03:46 +02:00
Erik Krogh Kristensen
6377e92067 Update javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-10-11 09:52:48 +02:00
Erik Krogh Kristensen
e99b1598d1 Merge pull request #14433 from erik-krogh/delete-expected 
JS: delete an .expected file outside the test directories
 2023-10-11 09:44:04 +02:00