hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 08:54:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,732 Commits 1,679 Branches 158 Tags
b37c13de914edf30743c992b63f600d49e59a455
Commit Graph

2424 Commits

Author SHA1 Message Date
Asger Feldthaus
7da0345c6a JS: Autoformat 2020-04-06 12:30:04 +01:00
Asger Feldthaus
2c6beadf68 JS: Recognize more forms of scheme checks 2020-04-06 12:30:03 +01:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
semmle-qlci
a8098a2b2d Merge pull request #3197 from erik-krogh/NormalPathSanitizer 
Approved by asgerf
 2020-04-03 16:33:18 +01:00
Erik Krogh Kristensen
9c2053168b writing out the truth table for DotDotSlashPrefixRemovingReplace 2020-04-03 15:46:47 +02:00
semmle-qlci
676da02118 Merge pull request #3192 from asger-semmle/js/missing-await-not-delete 
Approved by esbena
 2020-04-03 13:21:48 +01:00
Erik Krogh Kristensen
94751c1b31 dst can be relative for "../" replace call 2020-04-03 11:08:31 +02:00
semmle-qlci
dc774e0eac Merge pull request #3166 from erik-krogh/DeadLocal 
Approved by asgerf
 2020-04-03 09:36:20 +01:00
Erik Krogh Kristensen
e46cde17a1 add a "../" removing taint-step for js/path-injection 2020-04-03 09:42:05 +02:00
Asger Feldthaus
3a9d047cf5 JS: Ignore delete expressions in js/missing-await 2020-04-02 11:35:09 +01:00
Erik Krogh Kristensen
45797dc729 autoformat 2020-03-31 13:53:00 +02:00
Erik Krogh Kristensen
3784b180d8 changes based on review 2020-03-31 12:07:55 +02:00
semmle-qlci
0feb7f87e4 Merge pull request #2761 from erik-krogh/UrlSearch 
Approved by asgerf
 2020-03-31 09:46:48 +01:00
semmle-qlci
73dd4c8686 Merge pull request #3133 from asger-semmle/js/dictionary-taint-step-regression 
Approved by esbena
 2020-03-31 09:28:55 +01:00
Erik Krogh Kristensen
40fd1825e9 autoformat 2020-03-31 09:08:32 +02:00
Erik Krogh Kristensen
7938bc4ed0 improve alert message for js/useless-assignment-to-local 2020-03-30 20:19:50 +02:00
semmle-qlci
fce04f0bd0 Merge pull request #3127 from erik-krogh/PromiseTrack 
Approved by asgerf
 2020-03-30 11:56:33 +01:00
Asger Feldthaus
a317b87b81 JS: Fix perf issue in DictionaryTaintStep 2020-03-30 11:23:47 +01:00
Robert Brignull
90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Erik Krogh Kristensen
4864e77430 Merge branch 'master' of git.semmle.com:Semmle/ql into UrlSearch 2020-03-27 15:59:29 +01:00
semmle-qlci
fad902fc9b Merge pull request #3095 from erik-krogh/MorePerf 
Approved by asgerf
 2020-03-27 12:51:37 +00:00
semmle-qlci
9b3400337b Merge pull request #3130 from erik-krogh/PreciseSteps 
Approved by asgerf
 2020-03-27 12:18:28 +00:00
semmle-qlci
1975a83cdd Merge pull request #3116 from max-schaefer/js/postgres-type-tracking 
Approved by asgerf
 2020-03-27 09:23:52 +00:00
Erik Krogh Kristensen
d3e1a258fa autoformat 2020-03-27 09:34:56 +01:00
Erik Krogh Kristensen
be11418c77 autoformat 2020-03-27 00:18:41 +01:00
Erik Krogh Kristensen
6b507c6933 add urlSuffix support to DomBasedXSS 2020-03-26 15:47:59 +01:00
Erik Krogh Kristensen
a850616927 delete Xss.actual 2020-03-26 15:40:37 +01:00
Erik Krogh Kristensen
baf50c832c more precise charpreds in taint steps 2020-03-26 15:30:43 +01:00
Erik Krogh Kristensen
8f45c8fe83 use LoadStoreStep for type-tracking promises 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen
1a2983fe39 support small steps for promise tracking 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen
9a78d38df0 add a new LoadStoreStep as a StepSummary for TypeTracking 2020-03-25 23:54:56 +01:00
semmle-qlci
e7fd97e72b Merge pull request #3119 from erik-krogh/SockJS 
Approved by esbena
 2020-03-25 21:36:29 +00:00
Erik Krogh Kristensen
4b0bc6b2b3 autoformat 2020-03-25 19:47:41 +01:00
semmle-qlci
cf5b1f0cd5 Merge pull request #3019 from erik-krogh/ArrayStep 
Approved by asgerf
 2020-03-25 12:08:44 +00:00
Erik Krogh Kristensen
abcdfe3c53 use LibraryName class for websocket library names 2020-03-25 13:06:21 +01:00
Erik Krogh Kristensen
f2b9e2019c remove isRelevant from flowStep 2020-03-25 09:46:07 +01:00
Erik Krogh Kristensen
6f0e507242 outline predicate to fix join-ordering 2020-03-25 09:44:03 +01:00
Erik Krogh Kristensen
3000486b35 add more isRelevant calls 2020-03-25 09:42:24 +01:00
Erik Krogh Kristensen
1d8e103322 autoformat 2020-03-25 00:19:23 +01:00
Max Schaefer
efbcec09ef JavaScript: Add type tracking to Postgres model. 2020-03-24 17:30:07 +00:00
Erik Krogh Kristensen
36981f385a Merge branch 'master' of git.semmle.com:Semmle/ql into MorePathSinks 2020-03-24 11:20:33 +01:00
semmle-qlci
4c9a6b73ee Merge pull request #3107 from erik-krogh/FArgs 
Approved by esbena
 2020-03-24 08:32:56 +00:00
Erik Krogh Kristensen
fa710c5864 Merge remote-tracking branch 'upstream/master' into UrlSearch 2020-03-24 00:23:15 +01:00
Erik Krogh Kristensen
6a1491d83d add SockJS to the existing WebSocket model 2020-03-23 23:56:11 +01:00
Erik Krogh Kristensen
7b7eddff1e remove previous SockJS implementation, and move example to WebSocket test 2020-03-23 23:45:05 +01:00
Asger F
a1e032bee6 Merge pull request #3098 from kyprizel/master 
Experimental SockJS support
 2020-03-23 22:39:10 +00:00
kyprizel
dec1b8b070 Update javascript/ql/src/experimental/SockJS/SockJS.qll 
Fix comments

Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-23 22:59:48 +03:00
kyprizel
b90ff5e84d Update javascript/ql/src/experimental/SockJS/SockJS.qll 
do not import specific libs

Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-23 22:59:23 +03:00
semmle-qlci
e5590091a0 Merge pull request #3109 from max-schaefer/js/performance-fixes 
Approved by asgerf
 2020-03-23 16:08:07 +00:00
Max Schaefer
55e7b22cdf JavaScript: Autoformat. 2020-03-23 14:37:04 +00:00