hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 09:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
8,211 Commits 1,754 Branches 167 Tags
a2ff4e949406c4acba527bed397c541a7dee931a
Commit Graph

1269 Commits

Author SHA1 Message Date
Asger F
a2ff4e9494 JS: member -> property 2019-11-08 16:23:59 +00:00
Asger F
2a473fb9e7 Update javascript/ql/src/semmle/javascript/dataflow/Nodes.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-08 16:15:08 +00:00
Asger F
4ad03a9061 Update javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-08 16:14:53 +00:00
Asger F
53d470da2f JS: Add syntax examples to DataFlow classes 2019-11-08 15:51:26 +00:00
semmle-qlci
867ed16777 Merge pull request #2276 from asger-semmle/inclusion-test 
Approved by max-schaefer
 2019-11-08 10:57:11 +00:00
semmle-qlci
e65271dfad Merge pull request #2251 from asger-semmle/barrier-guard-improvements 
Approved by esbena
 2019-11-07 15:50:23 +00:00
semmle-qlci
f79c2a7630 Merge pull request #2224 from asger-semmle/access-paths-with-source-node-root 
Approved by max-schaefer
 2019-11-07 15:46:14 +00:00
Asger F
8544850945 JS: Generalize StringOps::Includes to ::InclusionTest 2019-11-07 14:35:17 +00:00
semmle-qlci
f73caac88d Merge pull request #2254 from asger-semmle/for-of-propread 
Approved by max-schaefer
 2019-11-06 13:44:55 +00:00
Asger F
3ec95881b4 Update javascript/ql/src/semmle/javascript/GlobalAccessPaths.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-06 11:58:06 +00:00
Asger F
7e80823cb6 JS: Fix deprecated API usage 2019-11-06 11:58:06 +00:00
Asger F
b373901e11 JS: Avoid leading dot in access paths 2019-11-06 11:58:06 +00:00
Asger F
c365833731 JS: Refactor the public access path API 2019-11-06 11:58:06 +00:00
Asger F
e90516d4d8 JS: Dont use getALocalSource in fromRhs 2019-11-06 11:58:06 +00:00
Asger F
bc35f24f31 JS: Generalize access paths to arbitrary root nodes 2019-11-06 11:58:06 +00:00
Asger F
7a7a8b2b09 JS: More steps in getImmediatePredecessor 2019-11-06 11:58:06 +00:00
semmle-qlci
1fe5a9e7e7 Merge pull request #2236 from max-schaefer/js/data-flow-exploration 
Approved by erik-krogh, esbena
 2019-11-05 12:15:00 +00:00
Asger F
d8f3a2c550 JS: Add lvalue of for..of loop as a PropRead 2019-11-05 10:01:18 +00:00
Max Schaefer
770a4703c9 Merge pull request #2237 from asger-semmle/typescript3.7-rc 
TS: Add support for TypeScript 3.7
 2019-11-04 16:36:11 +00:00
Esben Sparre Andreasen
7f55e3f336 JS: classify Doxygen-generated files as "generated" 2019-11-04 09:57:41 +01:00
Asger F
79dbdac8fa TS: Support declare modifier for fields 2019-11-04 07:54:38 +00:00
Asger F
b81931e402 TS: Support assertion types 2019-11-04 07:54:38 +00:00
Asger F
4e7b987fa3 TS: Rename IsTypeExpr -> PredicateTypeExpr 2019-11-04 07:54:38 +00:00
Asger F
f48d16fcb7 JS: Support barrier guards that are reflective calls 2019-11-01 15:23:38 +00:00
Asger F
d6158427c5 JS: Generalize SanitizerFunction to data flow configs and flow labels 2019-11-01 15:23:38 +00:00
Asger F
e2b0ec5696 JS: Handle multiple and/or operators in SanitizerFunction 2019-11-01 15:23:38 +00:00
Max Schaefer
03c9a40ba3 JavaScript: Add libraries for forward and backward data-flow exploration. 2019-10-31 12:37:31 +00:00
Max Schaefer
8aae1f443f JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments. 2019-10-31 12:13:55 +00:00
semmle-qlci
2a3980222b Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes 
Approved by asger-semmle
 2019-10-31 10:47:30 +00:00
semmle-qlci
a778efe71e Merge pull request #2216 from asger-semmle/xss-encodeURIComponent 
Approved by max-schaefer
 2019-10-30 11:49:31 +00:00
Max Schaefer
530fa2c11c JavaScript: Collapse edges instead of hiding nodes. 
Instead of skipping over initial and final nodes, we now introduce edges from source and to sink nodes that circumvent these nodes entirely.
 2019-10-29 15:30:24 +00:00
Max Schaefer
278ea90049 JavaScript: Collapse flow labels at start/end nodes to avoid duplication. 2019-10-29 15:24:40 +00:00
Max Schaefer
316962233c JavaScript: Factor out MidPathNode into its own class. 2019-10-29 15:24:40 +00:00
Max Schaefer
7c56c9f999 JavaScript: Move suppression of hidden nodes into edges predicate. 
They should really only be hidden for display purposes.
 2019-10-29 15:19:26 +00:00
Max Schaefer
3373742077 JavaScript: Turn PathNode::getASuccessorInternal and PathNode::getAHiddenSuccessor into top-level predicates. 2019-10-29 15:19:26 +00:00
Max Schaefer
b6f4785645 JavaScript: Rename MkPathNode to MkMidNode. 2019-10-29 15:19:26 +00:00
Max Schaefer
d71faaa5f9 JavaScript: Introduce PathNode::wraps. 2019-10-29 15:19:26 +00:00
Max Schaefer
98e0932de5 JavaScript: Make Configuration::isLive nullary. 
This makes it more obvious to the evaluator that it is a good predicate to pick as a sentinel, and in practice we mostly just have one configuration in scope anyway.
 2019-10-29 15:19:26 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
semmle-qlci
2cddb82f10 Merge pull request #2210 from max-schaefer/js/better-destructuring-type-inference 
Approved by asger-semmle, esbena
 2019-10-29 08:08:51 +00:00
Asger F
94dd9a1c04 JS: Block XSS flow through encodeURIComponent 2019-10-28 17:12:40 +00:00
semmle-qlci
33374ee089 Merge pull request #2202 from asger-semmle/express-sendfile 
Approved by esbena
 2019-10-28 09:24:34 +00:00
Max Schaefer
b333c6a214 Merge pull request #2106 from asger-semmle/call-graph-3 
JS: Call graph changes
 2019-10-28 09:24:10 +00:00
semmle-qlci
d2f3574427 Merge pull request #2165 from erik-krogh/dosHigh 
Approved by asger-semmle
 2019-10-25 16:28:07 +01:00
Max Schaefer
89f68f47a0 JavaScript: Improve type inference for captured variables. 2019-10-25 14:22:24 +01:00
Max Schaefer
6269dd99ab JavaScript: Improve type inference for destructuring assignments. 2019-10-25 14:22:24 +01:00
Asger F
7ed31baeea JS: Rename to upward navigation 2019-10-25 13:07:07 +01:00
Asger F
39e2d1480e JS: Default to imprecision zero by default 2019-10-25 12:20:16 +01:00
Asger F
ad645d3d50 JS: Restrict sendfile sink 2019-10-25 09:57:10 +01:00
Erik Krogh Kristensen
834b572f45 add initial support for expressions in TypeScript 2019-10-24 10:17:00 +02:00