hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,854 Commits 1,671 Branches 157 Tags
c20b688a3fbd0054ada4b3bb13f7316ab7180c24
Commit Graph

588 Commits

Author SHA1 Message Date
Aditya Sharad
c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
semmle-qlci
04c2b23abd Merge pull request #520 from esben-semmle/js/clear-text-logging-taint-kinds 
Approved by asger-semmle
 2018-11-23 12:40:40 +00:00
Asger F
b5008d8685 TS: only transfer offsets as part of the AST 2018-11-22 16:20:47 +00:00
Esben Sparre Andreasen
8c7ca38b8d JS(extractor): improve parser support for flowtype syntax 2018-11-22 14:09:09 +01:00
Esben Sparre Andreasen
b780f82869 JS: sharpen js/clear-text-logging (ODASA-7485) 2018-11-22 13:38:43 +01:00
semmle-qlci
4e72a08b8d Merge pull request #507 from esben-semmle/js/mixed-static-intance-this-access-inheritance 
Approved by xiemaisi
 2018-11-21 16:07:25 +00:00
semmle-qlci
f5d3274655 Merge pull request #508 from esben-semmle/js/indirect-global-call-with-default-arguments 
Approved by xiemaisi
 2018-11-21 16:06:46 +00:00
semmle-qlci
746b13a1bc Merge pull request #510 from xiemaisi/js/exclude-minified 
Approved by asger-semmle
 2018-11-21 16:06:22 +00:00
Esben Sparre Andreasen
72c4ef4d90 JS: fixup optional chaining on CallWithNonLocalAnalyzedReturnFlow 2018-11-21 14:18:14 +01:00
Max Schaefer
19aa12106c JavaScript: Teach AutoBuild to exclude minified files from extraction by default . 
This adds default exclusion filters for `**/*.min.js` and `**/*-min.js` to the JavaScript auto-builder, meaning that files matching these patterns will no longer be extracted,
unless they are re-included in the `.lgtm.yml` file.

Alerts in minified code aren't shown by default anyway, so we can save ourselves some work by not analyzing them in the first place.

While including minified files in the snapshot can in theory improve analysis results in non-minified files, this is likely to be rare in practice.
 2018-11-21 12:27:39 +00:00
Esben Sparre Andreasen
caea6212ed JS: use inheritance in js/mixed-static-instance-this-access 2018-11-21 09:48:37 +01:00
Esben Sparre Andreasen
01ad9ed8bc JS: address review comments 2018-11-21 09:19:20 +01:00
Esben Sparre Andreasen
41b45352aa JS(ql): support optional chaining 2018-11-21 08:57:10 +01:00
Esben Sparre Andreasen
00587ba7b4 JS(extractor): support optional chaining 2018-11-21 08:57:10 +01:00
semmle-qlci
b21b066255 Merge pull request #499 from xiemaisi/js/target-blank-location 
Approved by esben-semmle
 2018-11-20 17:16:05 +00:00
semmle-qlci
1c1d2e943a Merge pull request #496 from esben-semmle/js/yui-directives 
Approved by xiemaisi
 2018-11-20 12:59:55 +00:00
semmle-qlci
8333f72030 Merge pull request #470 from esben-semmle/custom-abstract-values-only 
Approved by xiemaisi
 2018-11-20 12:59:35 +00:00
Max Schaefer
c1690a69e5 JavaScript: Make TargetBlank only highlight the first line of the link. 
Otherwise alerts for multi-line `<a>` elements end up looking very red.

I also took the opportunity to improve the tests slightly.
 2018-11-20 12:53:27 +00:00
Esben Sparre Andreasen
82fc8ae32a JS: support indirection with extra args in js/missing-this-qualifier 2018-11-20 11:29:03 +01:00
Esben Sparre Andreasen
54fea1a4cb JS: support "xyz:nomunge" YUI compressor directives 2018-11-20 09:00:33 +01:00
Esben Sparre Andreasen
ee7a6af7c7 JS: address review comments 2018-11-20 08:37:23 +01:00
semmle-qlci
26a248b14a Merge pull request #487 from xiemaisi/js/lint-join-order 
Approved by esben-semmle
 2018-11-20 06:51:33 +00:00
semmle-qlci
7df397f8ab Merge pull request #486 from xiemaisi/js/lower-severities 
Approved by asger-semmle
 2018-11-20 06:39:23 +00:00
Max Schaefer
6021d2499d JavaScript: Remove accidentally committed .actual file. 2018-11-19 12:24:19 +00:00
Pavel Avgustinov
16ec9f1aa4 Merge remote-tracking branch 'origin/next' into bump/master-next 2018-11-19 10:37:07 +00:00
Max Schaefer
73ad3f5c8a JavaScript: Tweak JSLint library to avoid bad join order. 2018-11-19 09:12:02 +00:00
Max Schaefer
1b59a28be0 JavaScript: Downgrade a few "error" rules to "warning". 
For all of these queries, the results we tend to see in practice are certainly worth investigating, but aren't crashing bugs, so making them warnings seems more appropriate.
 2018-11-19 09:09:26 +00:00
semmle-qlci
9e4aeb36a6 Merge pull request #436 from asger-semmle/url-concat 
Approved by xiemaisi
 2018-11-19 08:57:24 +00:00
semmle-qlci
328c86c552 Merge pull request #479 from asger-semmle/typescript-extractor-perf1 
Approved by xiemaisi
 2018-11-19 08:53:41 +00:00
Asger F
84c1ba0b31 TS: fix the fix 2018-11-16 14:39:43 +00:00
Asger F
a35061ee79 TS: dont create JSON nodes in convertJsxSelfClosingElement 2018-11-16 12:58:14 +00:00
Asger F
d839fcdafc TS: refactor to fix AutoBuildTest 2018-11-16 12:52:26 +00:00
Asger F
c06c9a02f7 JS: fix copy pasta and test output 2018-11-16 10:47:02 +00:00
Asger F
dd5f485fff JS: use original sanitizer for SSRF query 2018-11-16 10:46:14 +00:00
Asger F
6ec13feab4 JS: recognize sanitizing slashes in URL redirection queries 2018-11-16 10:43:25 +00:00
Asger F
b5d3dd5e22 TS: do more work in parallel 2018-11-16 10:39:27 +00:00
semmle-qlci
0647743333 Merge pull request #467 from xiemaisi/js/amd-imports 
Approved by asger-semmle
 2018-11-16 09:31:50 +00:00
Asger F
737ec70ca2 Merge pull request #460 from xiemaisi/js/in-dist-trap-cache 
JavaScript: Teach `AutoBuild` to use in-dist externs trap cache.
 2018-11-15 13:08:44 +00:00
Asger F
fb1908465c Merge pull request #469 from xiemaisi/js/bye-bye-rhino 
JavaScript: Remove dependency on esregex, doctrine and Rhino.
 2018-11-15 09:52:58 +00:00
Asger F
df202eff76 Merge pull request #468 from xiemaisi/js/has{Path,Flow}+ 
JavaScript: Rename `hasPathFlow` to `hasFlowPath` for consistency with other languages.
 2018-11-14 16:48:47 +00:00
semmle-qlci
4a14bef507 Merge pull request #466 from xiemaisi/js/more-data-flow-predicates 
Approved by asger-semmle
 2018-11-14 16:07:59 +00:00
Max Schaefer
406511fb5f JavaScript: Update .classpath. 2018-11-14 14:06:33 +00:00
Max Schaefer
585347fb5d JavaScript: Remove obsolete Rhino interface classes. 2018-11-14 14:06:33 +00:00
Max Schaefer
2cd5702aa6 JavaScript: Remove doctrine. 2018-11-14 14:06:33 +00:00
Max Schaefer
5506cec35e JavaScript: Remove esregex. 2018-11-14 14:06:33 +00:00
semmle-qlci
025054e44a Merge pull request #461 from xiemaisi/js/bye-bye-rhino 
Approved by esben-semmle
 2018-11-14 14:00:07 +00:00
semmle-qlci
77213aa0d8 Merge pull request #462 from xiemaisi/js/security-paths 
Approved by esben-semmle
 2018-11-14 13:01:34 +00:00
Aditya Sharad
696178e6cc Merge pull request #465 from esben-semmle/js/fixup-suite-master 
JS: rename query file in suite
 2018-11-14 12:01:37 +00:00
Max Schaefer
6f6b3b0d5e JavaScript: Add a convenience method to SourceNode and use it in a few places. 2018-11-14 11:58:45 +00:00
Esben Sparre Andreasen
7585e61af6 JS: rename query file in suite 2018-11-14 12:55:53 +01:00