hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,779 Commits 1,673 Branches 157 Tags
bf7cdad7366fcbeeac94ecc8910fcb3f50ffda44
Commit Graph

809 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
00ef80dfc5 Merge pull request #741 from asger-semmle/this-access-path 
JS: support 'this' as the root of an access path
 2019-01-21 16:48:34 +01:00
Asger F
4b4daa645f JS: handle accessors separately 2019-01-18 15:42:05 +00:00
Asger F
e18b635314 JS: add getADirectSuperClass() 2019-01-18 15:42:05 +00:00
Asger F
c82690f4c1 JS: address comments 2019-01-18 15:42:05 +00:00
Asger F
cc1204acef JS: remove isAmbient() check 2019-01-18 15:42:05 +00:00
Asger F
1eb0ca4b4a JS: make ClassNode::Range abstract 2019-01-18 15:42:05 +00:00
Asger F
3cb2341e63 JS: split ClassNode into two classes 2019-01-18 14:46:38 +00:00
Asger F
5b7675d972 JS: introduce DataFlow::ClassNode 2019-01-18 14:46:38 +00:00
Asger F
107ec3b687 JS: add test with self=this variable 2019-01-18 10:39:02 +00:00
Asger F
78bd76048a JS: add test with closures 2019-01-18 10:39:02 +00:00
Asger F
0bb6692c19 JS: add 'this' as possible access path root 2019-01-18 10:39:02 +00:00
semmle-qlci
5e712b3ff6 Merge pull request #784 from asger-semmle/dedup-promiseTaintStep 
Approved by esben-semmle
 2019-01-18 08:52:09 +00:00
Asger F
a8d750f086 JS: update header doc in Promises.qll 2019-01-17 15:26:45 +00:00
Asger F
e9c4f13a31 JS: Remove trailing whitespace again 2019-01-17 13:10:15 +00:00
Asger F
7a344c8546 JS: Add resolved promise taint test case 2019-01-17 13:08:55 +00:00
Asger F
b6fdbdcf84 JS: deduplicate promiseTaintStep 2019-01-17 13:04:16 +00:00
Asger F
882b337c15 JS: Move ResolvedPromiseDefinition into StandardLibrary.qll 2019-01-17 13:02:03 +00:00
Asger F
fc27b26bd5 JS: Remove duplicate PromiseFlowStep 2019-01-17 12:56:40 +00:00
Asger F
66901dc7b8 JS: remove duplicate ES2015PromiseDefinition 2019-01-17 12:55:38 +00:00
Asger F
9aaea40719 JS: address comments and support TrackedNode 2019-01-16 11:12:38 +00:00
Asger F
6d1eab8a4b JS: support flow out of "this" in constructor call 2019-01-16 11:09:38 +00:00
Max Schaefer
4a7e0fe104 Merge pull request #766 from asger-semmle/ts-compiler-3.2 
TS: Support TypeScript 3.2
 2019-01-16 08:49:45 +00:00
semmle-qlci
5bc17923b1 Merge pull request #665 from asger-semmle/js-property-concat-sanitizer 
Approved by esben-semmle, xiemaisi
 2019-01-16 08:44:55 +00:00
semmle-qlci
cf3a4ac956 Merge pull request #767 from esben-semmle/js/unknown-bound-event-handler-receiver 
Approved by xiemaisi
 2019-01-16 08:36:11 +00:00
semmle-qlci
8655e5ae17 Merge pull request #768 from xiemaisi/js/call-summaries 
Approved by asger-semmle
 2019-01-16 08:35:31 +00:00
Max Schaefer
0360df6e05 JavaScript: Improve terminology and comments. 2019-01-15 09:01:39 +00:00
Asger F
a7b0f7e2ce TS: upgrade script, version string, stats 2019-01-14 18:26:09 +00:00
Asger F
3ed9575529 TS: add support for bigints 2019-01-14 18:26:09 +00:00
Asger F
1c6deb65cd TS: update test expectation 2019-01-14 18:15:30 +00:00
Asger F
f4c89601ff JS: fix typo 2019-01-14 15:34:01 +00:00
Asger F
ad6add383c JS: improve concatenation-sanitizer for property injection 2019-01-14 15:34:01 +00:00
semmle-qlci
955bad0618 Merge pull request #640 from asger-semmle/lodash-case 
Approved by esben-semmle
 2019-01-14 07:59:59 +00:00
Esben Sparre Andreasen
b35c4b2a9a JS: support FP pattern for js/unbound-event-handler-receiver 2019-01-14 08:47:37 +01:00
semmle-qlci
9c41b214ee Merge pull request #748 from esben-semmle/js/fix/js/useless-assignment-to-property 
Approved by xiemaisi
 2019-01-13 21:40:35 +00:00
semmle-qlci
04c15028ab Merge pull request #750 from aschackmull/javascript/autoformat 
Approved by xiemaisi
 2019-01-11 16:35:38 +00:00
Anders Schack-Mulligen
db9407bae5 Javascript: Update .expected files. 2019-01-11 14:27:16 +01:00
semmle-qlci
b0dd3dfeb1 Merge pull request #502 from xiemaisi/js/summaries 
Approved by asger-semmle
 2019-01-11 10:27:03 +00:00
Max Schaefer
f9d704bdcf JavaScript: Add example of indirect command injection. 2019-01-11 10:24:41 +00:00
Anders Schack-Mulligen
e58094c732 Javascript: Autoformat. 2019-01-11 11:02:42 +01:00
Max Schaefer
7d2d33840a JavaScript: Track flow through forwarding higher-order calls. 2019-01-11 09:15:58 +00:00
Max Schaefer
59bac829b1 JavaScript: Refactor flowsIntoHigherOrderCall predicate. 2019-01-11 08:34:09 +00:00
Max Schaefer
edc5117dfd JavaScript: Track flow into (simple) higher-order function calls. 
The only case we support for now are functions that invoke one of their arguments, passing another argument as input.
 2019-01-11 08:11:15 +00:00
Max Schaefer
414ab8ea8c JavaScript: Refactor argumentPassing. 2019-01-11 07:57:58 +00:00
Esben Sparre Andreasen
d0372dd290 JS: reuse a variable 2019-01-11 08:34:17 +01:00
Esben Sparre Andreasen
d3543b74c0 JS: fixup: use the basic block of the actual write (ODASA-7636) 2019-01-11 08:34:17 +01:00
Asger F
2b803693f1 JS: add comment about how to generate isLodashMember 2019-01-10 14:00:20 +00:00
semmle-qlci
f474fdd0f9 Merge pull request #731 from xiemaisi/js/performance-fiddling 
Approved by asger-semmle, esben-semmle
 2019-01-10 10:01:02 +00:00
Max Schaefer
583734a4e2 JavaScript: Fix semantic merge conflict. 
https://github.com/Semmle/ql/pull/698 removed `document.cookie` as a remote flow source, which some of the tests relied on. We now use `location.search` instead.
 2019-01-09 16:09:06 +00:00
Max Schaefer
97e6c75b94 JavaScript: Remove a few other deprecated predicates and classes. 2019-01-09 09:23:59 +00:00
Max Schaefer
db8e436046 JavaScript: Remove deprecated flow tracking predicates. 2019-01-09 09:23:59 +00:00