Erik Krogh Kristensen
|
b74d1fdb1a
|
Merge pull request #8783 from erik-krogh/jsAbstractBi
JS: don't initialize sanitizer-guards in the standard library
|
2022-04-29 11:12:16 +02:00 |
|
Erik Krogh Kristensen
|
d389012b75
|
Merge branch 'main' into redundantImport
|
2022-04-26 14:24:51 +02:00 |
|
CodeQL CI
|
06e5962da7
|
Merge pull request #8791 from asgerf/js/static-accessors
Approved by erik-krogh
|
2022-04-22 13:39:32 +01:00 |
|
Erik Krogh Kristensen
|
8fcbaea273
|
Merge branch 'main' into labelNaming
|
2022-04-22 13:19:44 +02:00 |
|
Erik Krogh Kristensen
|
ff73dbc35c
|
delete redundant imports
|
2022-04-22 12:55:28 +02:00 |
|
Erik Krogh Kristensen
|
173e1d0262
|
move the DomBasedXss sources/sinks into the Customizations file
|
2022-04-20 18:10:53 +02:00 |
|
Asger Feldthaus
|
44216b29a9
|
JS: Autoformat
|
2022-04-20 11:14:42 +02:00 |
|
Asger Feldthaus
|
4c66f50352
|
JS: More tests
|
2022-04-20 11:14:42 +02:00 |
|
Asger Feldthaus
|
fec2837c1e
|
JS: Ensure accessors do not appear to be calls
|
2022-04-20 11:14:42 +02:00 |
|
Asger Feldthaus
|
ddb682b181
|
JS: Show all accessor calls in CG test
|
2022-04-20 11:14:41 +02:00 |
|
Asger Feldthaus
|
37a76f4441
|
JS: PropWrite is not a SourceNode
|
2022-04-20 11:14:41 +02:00 |
|
Asger Feldthaus
|
c9db6201ef
|
JS: Add call-graph test for accessor calls
|
2022-04-20 11:14:41 +02:00 |
|
Asger Feldthaus
|
37b3a6e5c0
|
JS: Add ClassNode.getStaticMember
|
2022-04-20 11:14:41 +02:00 |
|
Asger Feldthaus
|
cff8dc0537
|
JS: Improve flow through Array.prototype.reduce
|
2022-04-07 09:57:31 +02:00 |
|
Asger Feldthaus
|
75a84378ac
|
JS: Do not generate def-nodes for decorated parameters
|
2022-03-29 16:13:45 +02:00 |
|
Asger Feldthaus
|
ca145f21b0
|
JS: Add test showing why parameter-sinks wont actually work well in JS
|
2022-03-29 16:06:53 +02:00 |
|
Asger Feldthaus
|
3bcfca421f
|
JS: Add test case for decorated parameter sinks
|
2022-03-29 15:55:43 +02:00 |
|
Erik Krogh Kristensen
|
ae3b32409a
|
update expected output of tests that relied on API::Node::toString()
|
2022-03-29 10:59:08 +02:00 |
|
Asger Feldthaus
|
cf596a1856
|
JS: Add decorator edges in API graphs and corresponding MaD tokens
|
2022-03-28 15:34:40 +02:00 |
|
Erik Krogh Kristensen
|
20599d1846
|
Merge branch 'main' of github.com:github/codeql into labelNaming
|
2022-03-28 15:30:33 +02:00 |
|
Asger F
|
e5f2b830f3
|
Merge pull request #8577 from asgerf/fix-mad-warning
JS/Ruby: Fix regexp in MaD checking
|
2022-03-28 15:29:16 +02:00 |
|
Erik Krogh Kristensen
|
e79eecb640
|
update toString() of API::Node, and update expected output that depends on the former
|
2022-03-28 15:23:45 +02:00 |
|
Asger Feldthaus
|
7e6206ed36
|
JS: Fix the regexp for valid MaD token arguments
|
2022-03-28 12:43:43 +02:00 |
|
Asger Feldthaus
|
b0b795dbbb
|
JS: Autoformat
|
2022-03-23 19:15:01 +01:00 |
|
Asger Feldthaus
|
95122b2b6c
|
JS: Support Argument[this] token
|
2022-03-23 18:06:12 +01:00 |
|
Asger Feldthaus
|
d476f976fe
|
JS: Support Parameter[this] token
|
2022-03-23 18:06:12 +01:00 |
|
Asger Feldthaus
|
59d5c54432
|
JS: Update test output from knex
|
2022-03-23 10:42:51 +01:00 |
|
CodeQL CI
|
b04c46f96d
|
Merge pull request #8478 from asgerf/js/store-load-flow-context-sensitivity-bug
Approved by erik-krogh
|
2022-03-21 08:54:51 +00:00 |
|
Asger F
|
929419abba
|
Merge pull request #8254 from asgerf/ruby/mad-prototype
Ruby: initial prototype of models-as-data
|
2022-03-18 10:48:33 +01:00 |
|
Asger Feldthaus
|
8753632193
|
JS: Fix bug in reachableFromStoreBase
|
2022-03-17 17:30:46 +01:00 |
|
Asger Feldthaus
|
8c6ca6582e
|
JS: Add test showing missing flow
|
2022-03-17 17:30:46 +01:00 |
|
Erik Krogh Kristensen
|
f083e87fa1
|
refactor the js/xss query to use three flowlabels and one configuration
|
2022-03-16 22:32:08 +01:00 |
|
Asger F
|
228570129e
|
Merge branch 'main' into ruby/mad-prototype
|
2022-03-16 13:50:31 +01:00 |
|
Asger Feldthaus
|
82750638c6
|
JS: Verify models even if package is not used in database
|
2022-03-15 10:51:44 +01:00 |
|
Asger Feldthaus
|
a19f06ffc0
|
JS: Port checks to JS
|
2022-03-15 10:35:49 +01:00 |
|
Asger Feldthaus
|
97ca1155c3
|
JS: Sync ApiGraphModels.qll and test
|
2022-03-15 09:29:34 +01:00 |
|
Jonas Jensen
|
d89c52f4b0
|
Merge pull request #8403 from erik-krogh/noUpper
Rename all upper-case variables, and all lower-case modules
|
2022-03-15 09:00:37 +01:00 |
|
Erik Krogh Kristensen
|
689f3c0478
|
update some references to deprecated module names
|
2022-03-14 13:28:34 +01:00 |
|
Erik Krogh Kristensen
|
7d6700a943
|
Merge branch 'main' into depMore
|
2022-03-14 11:49:18 +01:00 |
|
Erik Krogh Kristensen
|
6d66ea4253
|
also deprecate the definitionReaches predicate, it was only used in a test
|
2022-03-14 10:14:15 +01:00 |
|
Erik Krogh Kristensen
|
5e52a71091
|
remove test .qll files that weren't imported
|
2022-03-13 23:54:53 +01:00 |
|
Erik Krogh Kristensen
|
4f8f7cd57d
|
JS: update expected output of test
|
2022-03-11 11:18:14 +01:00 |
|
Erik Krogh Kristensen
|
25690759fd
|
JS: update expected test output
|
2022-03-11 11:17:41 +01:00 |
|
Erik Krogh Kristensen
|
69353bb014
|
patch upper-case acronyms to be PascalCase
|
2022-03-11 11:10:33 +01:00 |
|
Erik Krogh Kristensen
|
c48a5a1294
|
JS: update tests to not use deleted deprecations
|
2022-03-09 18:28:12 +01:00 |
|
Erik Krogh Kristensen
|
4734f1916e
|
Merge pull request #7598 from erik-krogh/fieldOnlyUsedInCharPred
QL: field only used in charPred
|
2022-03-08 11:25:57 +01:00 |
|
Erik Krogh Kristensen
|
4c58f9781b
|
add support for TypeScript 4.6
|
2022-03-01 09:56:21 +01:00 |
|
Asger F
|
02c4966109
|
Merge pull request #7878 from asgerf/dot-separated-access-paths
Shared: Switch to dot-separated access paths in summary specs
|
2022-02-21 13:29:09 +01:00 |
|
Esben Sparre Andreasen
|
1d437dd722
|
Merge pull request #8043 from github/esbena/sharpen-hardcoded-credentials
JS: Sharpen hardcoded credentials
|
2022-02-21 10:02:58 +01:00 |
|
Asger Feldthaus
|
2c2a82a070
|
Shared: allow spaces between arguments in a token
|
2022-02-21 08:21:53 +01:00 |
|