hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-09 07:31:37 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,751 Commits 1,754 Branches 167 Tags
b306571d52afbdce9d89471b7561d2f99e6aec55
Commit Graph

1452 Commits

Author SHA1 Message Date
Asger Feldthaus
b306571d52 JS: Type-track react component factories 2020-01-28 10:22:04 +00:00
semmle-qlci
8a6de11268 Merge pull request #2689 from erik-krogh/LastEventEmitters 
Approved by esbena
 2020-01-27 08:55:33 +00:00
semmle-qlci
7d9956e3f3 Merge pull request #2675 from erik-krogh/WebSocket 
Approved by esbena
 2020-01-27 08:40:37 +00:00
Erik Krogh Kristensen
8492f6031f reuse existing type-tracking for classes 2020-01-24 13:36:32 +01:00
Erik Krogh Kristensen
0b55aed626 use the EventEmitter registration methods instead of just "on" 2020-01-24 13:06:00 +01:00
Erik Krogh Kristensen
148ec9aad0 fix typos 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-01-24 12:36:03 +01:00
Erik Krogh Kristensen
c0af3780c4 adjust the ReceiveNode docstrings 2020-01-24 10:06:28 +01:00
Erik Krogh Kristensen
2044b4bc82 changes based on review 2020-01-23 20:29:06 +01:00
Erik Krogh Kristensen
b526a2ea0f implement a model of WebSocket and ws based on the EventEmitter model 2020-01-22 14:46:53 +01:00
semmle-qlci
007b0795ec Merge pull request #2636 from erik-krogh/NewSocketIO 
Approved by esbena
 2020-01-22 13:46:11 +00:00
Erik Krogh Kristensen
86477a2249 changes based on review 2020-01-21 16:45:53 +01:00
Erik Krogh Kristensen
569ee8fc8d add support for subclasses of EventEmitter 2020-01-21 12:08:50 +01:00
Erik Krogh Kristensen
026092559c changes based on review 2020-01-20 15:53:58 +01:00
semmle-qlci
4efc418e2c Merge pull request #2617 from asger-semmle/prototype-pollution-utility 
Approved by esbena, mchammer01
 2020-01-16 13:02:07 +00:00
Erik Krogh Kristensen
4e880e2f96 implement SocketIO on top of the EventEmitter model 2020-01-16 11:02:36 +01:00
Asger Feldthaus
d76859b7df JS: Address review comments 2020-01-14 10:53:00 +00:00
Asger F
52cec25035 JS: Build access paths for array accesses 2020-01-14 10:52:59 +00:00
Erik Krogh Kristensen
1619a98bc8 make the default registration/dispatch extend DataFlow::InvokeNode 2020-01-10 17:40:16 +01:00
Erik Krogh Kristensen
87bbbd643c changes based on review feedback 2020-01-09 16:18:32 +01:00
Erik Krogh Kristensen
af8b36b750 Merge remote-tracking branch 'upstream/master' into EventEmitter 2020-01-09 15:09:43 +01:00
Max Schaefer
308da0774d Merge pull request #2525 from asger-semmle/promise-missing-await 
JS: New query: missing await
 2020-01-08 15:29:45 +00:00
Max Schaefer
de15ecf47b Merge pull request #2593 from asger-semmle/regexp-always-matches 
JS: Add RegExpAlwaysMatches query
 2020-01-08 15:21:39 +00:00
Max Schaefer
9160fbf106 Merge pull request #2435 from asger-semmle/phi-edge-barrier-guards 
JS: Phi edge barrier guards
 2020-01-06 14:14:18 +00:00
semmle-qlci
0c0073fb02 Merge pull request #2582 from asger-semmle/spurious-css-import 
Approved by max-schaefer
 2020-01-06 14:00:08 +00:00
Asger F
9928762769 JS: Add RegExpAlwaysMatches query 2020-01-06 13:48:02 +00:00
semmle-qlci
39531c6516 Merge pull request #2574 from max-schaefer/js/fix-17 
Approved by erik-krogh
 2020-01-06 12:43:56 +00:00
Asger F
aa6572b5c8 JS: Sanitize phi edges from barrier guards 2020-01-06 11:37:21 +00:00
Asger F
4772798d7b JS: do not resolve arbitrary extensions to JavaScript files 2020-01-03 11:37:51 +00:00
semmle-qlci
06d812a6ff Merge pull request #2556 from erik-krogh/RegexpVoidCxt 
Approved by max-schaefer
 2020-01-03 08:38:56 +00:00
Erik Krogh Kristensen
d1a77d6993 refactor isInterpretedAsRegExp to directly work on a DataFlow node 2020-01-02 11:18:14 +01:00
Max Schaefer
de02bb4a0d JavaScript: Prevent joining on configuration in onPath. 2020-01-02 09:49:09 +00:00
Max Schaefer
2a55ba5d4f JavaScript: Fix join order in PathNode.getASuccessor. 2020-01-02 09:48:57 +00:00
semmle-qlci
f921cf7d01 Merge pull request #2512 from erik-krogh/moarExceptions 
Approved by esbena, max-schaefer
 2019-12-20 20:31:50 +00:00
Erik Krogh Kristensen
a0b5aa5ae4 more precise heuristic to identify allowed call targets 2019-12-20 10:51:39 +01:00
Erik Krogh Kristensen
15d74b7d03 remove FP from js/regexpinjection where no regexp was constructed 2019-12-19 10:47:03 +01:00
Tom Hvitved
29cd6a9e30 Sync XML.qll 2019-12-19 10:29:30 +01:00
Erik Krogh Kristensen
2e5b7273ab changes based on review feedback. 2019-12-17 17:30:05 +01:00
Erik Krogh Kristensen
0a8a2ecc61 make EventEmitter classses non final, and add a comment about extending EventEmitter::Range 2019-12-17 16:37:03 +01:00
Erik Krogh Kristensen
fed9302996 uppercase E in Electron 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-17 16:29:55 +01:00
Erik Krogh Kristensen
9dd7d1c6d7 changes based on review feedback 2019-12-17 13:19:53 +01:00
Erik Krogh Kristensen
f9ddd5891a minor documentation fixes 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-17 13:05:20 +01:00
Max Schaefer
09ee106333 Java/JavaScript: Add two deprecated predicates to XML.qll. 
This makes XML.qll identical across C++, Java, JavaScript and Python.
 2019-12-17 10:15:43 +00:00
Max Schaefer
923e36ba4f C++/Java/JavaScript/Python: Make qldoc consistent. 2019-12-17 10:15:43 +00:00
Max Schaefer
a2fe678464 C++/Java/JavaScript/Python: Unify imports in XML.qll. 2019-12-17 10:15:43 +00:00
Erik Krogh Kristensen
8f17db6670 changes based on review feedback 2019-12-16 14:43:29 +01:00
Erik Krogh Kristensen
7c931452d9 autoformat 2019-12-16 13:45:42 +01:00
Erik Krogh Kristensen
3ca3fa7e9e add quotes on code in documentation 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-12-16 13:32:01 +01:00
Erik Krogh Kristensen
c19d8ecb73 refactorizations and preparations for SocketIO implementation 2019-12-16 10:13:27 +01:00
Erik Krogh Kristensen
8c0b6f26da Merge remote-tracking branch 'upstream/master' into moarExceptions 2019-12-16 08:35:45 +01:00
Erik Krogh Kristensen
1efe2ba167 inline ifStmt field 2019-12-13 19:00:54 +01:00