hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

1433 Commits

Author SHA1 Message Date
Asger F
de2f323172 JS: Mark unused parameter nodes as incomplete 2019-05-21 16:53:39 +01:00
Asger F
69dbbcf1c8 JS: Mark destructuring nodes as incomplete 2019-05-21 16:52:35 +01:00
Asger F
faa47029d5 JS: Mark exceptional nodes as incomplete 2019-05-21 13:51:59 +01:00
Asger F
68ae409947 JS: Test for mismatch between taint and type inference 2019-05-21 13:26:02 +01:00
semmle-qlci
8cd3cb501a Merge pull request #1346 from xiemaisi/js/revert-1078 
Approved by esben-semmle
 2019-05-21 12:19:57 +01:00
Max Schaefer
924664afcf JavaScript: Manually revert #1078. 
In its present form, `getAnUndefinedReturn` does not handle `finally`
blocks correctly. For example, in this snippet

```
try {
  return 42;
} finally {
  cleanup();
}
```

the call to `cleanup` is erroneously considered an undefined return.

We currently don't use the predicate anywhere, so it seems best to back
it out for the time being.
 2019-05-21 08:26:58 +01:00
Asger F
d4880540e8 JS: Update .expected after rebasing 2019-05-20 11:21:50 +01:00
Asger F
9989fcee21 JS: Add DataFlow::Configuration test 2019-05-20 09:22:02 +01:00
Asger F
87e0831872 JS: Fix flow for nested destructurings 2019-05-20 09:22:02 +01:00
Asger F
a3cf07af7e JS: Add flow steps through iteration callback 2019-05-07 13:52:31 +01:00
Asger F
e7bf485807 JS: Add another interprocedural flow test case 2019-05-07 10:33:01 +01:00
Asger F
3cbd6d3786 JS: Test case for nested statements 2019-05-07 10:26:30 +01:00
Asger F
f3a4acf0b2 JS: Add async functions to test 2019-05-07 10:11:42 +01:00
Asger F
1f897b4b63 JS: step through Error constructor and accept the potential FP 2019-05-07 10:11:41 +01:00
Asger F
b0090c2fe6 JS: Add test case for flow through new Error() 2019-05-07 10:11:41 +01:00
Asger F
36cefd8fc6 JS: Track taint through exceptions 2019-05-07 10:11:41 +01:00
Asger F
5c8dd7eedd TS: Add workaround for 'globalThis' getProperties() crash 2019-04-30 12:44:58 +01:00
Asger F
686d72c356 TS: Fix handling of 'export =' 2019-04-30 12:41:59 +01:00
semmle-qlci
3f70d91a11 Merge pull request #1288 from xiemaisi/js/fix-end-node-labels 
Approved by asger-semmle
 2019-04-30 07:32:29 +01:00
Asger F
e9fcb670ff JS: Provide source locations for JSDocTypeExpr 2019-04-26 16:56:04 +01:00
Asger F
cf8c327a10 JS: make TypeAnnotation extend Locatable 2019-04-26 16:56:04 +01:00
Asger F
e295c3a224 JS: Add JSDoc test 2019-04-26 16:56:04 +01:00
Asger F
6b2b64cb2e JS: test case with unresolved types in TS 2019-04-26 16:56:04 +01:00
semmle-qlci
3231b60e6b Merge pull request #1272 from asger-semmle/access-path-capture 
Approved by xiemaisi
 2019-04-25 11:32:54 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
Max Schaefer
7faa4fd938 JavaScript: Add test case exposing two bugs in data flow library. 
This test case exposes two bugs in our data flow library (fixed by the
two previous commits):

  - the charpreds of `SourcePathNode` and `SinkPathNode` only ensured
    that they were on a path from a source to a sink, not that they
    actually were the source/sink themselves;
  - function summarization would allow for non-level paths; in the
    test case, this meant that one of the summaries for `source`
    represented the path returning from `source` on line 13 and then
    flowing back into the call on line 15, in the process transforming
    the parity of the flow label and hence causing a spurious flow.
 2019-04-23 13:16:30 +01:00
Asger F
f3c80c738e JS: Unify access paths for captured variables 2019-04-18 11:27:15 +01:00
Asger F
e543097c45 JS: Add test 2019-04-18 11:26:39 +01:00
semmle-qlci
ff25a3ee5a Merge pull request #1243 from asger-semmle/access-path-refinements 
Approved by xiemaisi
 2019-04-16 09:57:51 +01:00
Max Schaefer
ce53a7d575 Merge pull request #1175 from psygnisfive/NullSensitiveContext 
[JS] Null Sensitive Context (new library)
 2019-04-15 08:50:14 +01:00
Rebecca Valentine
fb40548be5 fixes semicolon issues 2019-04-12 10:56:31 -07:00
Rebecca Valentine
a66d1c0e09 fixes test errors 2019-04-12 10:39:34 -07:00
Asger F
b8ec7083d4 JS: Update isBarrier test output 2019-04-12 16:35:01 +01:00
Asger F
b36075ca46 JS: step through refinements in AccessPaths 2019-04-12 11:12:50 +01:00
Asger F
720555be45 JS: Add test case 2019-04-12 11:11:26 +01:00
semmle-qlci
ccbb7ce04b Merge pull request #1224 from asger-semmle/cheerio 
Approved by esben-semmle
 2019-04-11 15:21:44 +01:00
semmle-qlci
a1cc2fbed3 Merge pull request #1233 from xiemaisi/js/amd-type-inference 
Approved by asger-semmle
 2019-04-11 15:20:00 +01:00
semmle-qlci
ed5fd96603 Merge pull request #1227 from asger-semmle/typescript3.4 
Approved by xiemaisi
 2019-04-11 10:39:57 +01:00
Max Schaefer
301dab0e40 JavaScript: Improve AMD support in type inference. 
Now leverages the recently introduced logic for resolving AMD imports
based on unique matching paths.
 2019-04-10 09:47:54 -07:00
Max Schaefer
20312fc3bf JavaScript: Improve socket.io model. 
Recognise `io` imports and use type-tracking to better track handlers.
 2019-04-10 08:02:40 -07:00
Asger F
bfa6208a58 TS: Fix test output 2019-04-10 15:44:37 +01:00
Asger F
c1c7ebfc48 TS: Support const type assertions 2019-04-10 12:54:42 +01:00
Asger F
d5ae69d40a TS: Support readonly type expressions 2019-04-10 12:26:46 +01:00
Asger F
8304ce1e16 TS: Update test output with new toString value 2019-04-10 11:34:27 +01:00
Asger F
bd1d9ed810 JS: Add test 2019-04-09 12:21:54 +01:00
Esben Sparre Andreasen
e7adb62288 Merge pull request #1221 from asger-semmle/contextual-typing 
TS: Extract contextual type for object/array literals
 2019-04-09 10:43:01 +02:00
Asger F
db9fd3f721 TS: update test change 2019-04-08 15:17:40 +01:00
semmle-qlci
f54366bf95 Merge pull request #1214 from asger-semmle/taint-addexpr-phi 
Approved by esben-semmle, xiemaisi
 2019-04-08 11:55:06 +01:00
Asger F
50c2921625 TS: Use contextual typing for literals 2019-04-05 18:43:51 +01:00
Asger F
d7bfeeefd0 TS: add test case with nested literals 2019-04-05 18:40:24 +01:00