hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,672 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

6849 Commits

Author SHA1 Message Date
Asger Feldthaus
cb12d894a6 JS: Add test 2020-06-29 15:54:06 +01:00
Asger Feldthaus
326c7af4eb JS: Fix incorrect classification of Vue files 2020-06-29 15:49:07 +01:00
semmle-qlci
da8725aa5c Merge pull request #3823 from dellalibera/js/fancy-log 
Approved by erik-krogh
 2020-06-29 14:46:51 +01:00
semmle-qlci
b3e68ef81c Merge pull request #3806 from erik-krogh/moreDownloads 
Approved by asgerf
 2020-06-29 13:53:10 +01:00
Asger Feldthaus
b05942b599 JS: Add HTML file example 2020-06-29 13:45:01 +01:00
Asger Feldthaus
3938856e61 JS: Make this work in qltest 2020-06-29 13:42:55 +01:00
Asger Feldthaus
e46a9dac65 JS: Count lines of code correctly 2020-06-29 09:59:17 +01:00
Asger Feldthaus
1e5f846168 JS: Use StringReplaceCall 2020-06-29 09:31:56 +01:00
Erik Krogh Kristensen
27b2c02693 remove todo comment 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-29 09:58:59 +02:00
Asger Feldthaus
da3d1a3b5f JS: Recognize 'lang' attribute of script tags 2020-06-29 08:15:52 +01:00
Asger F
bdb7e3def3 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-29 07:55:15 +01:00
Asger Feldthaus
03c91a66c5 JS: Update expected output 2020-06-29 07:52:25 +01:00
Alessio Della Libera
ce32d646dc Update javascript/ql/src/semmle/javascript/frameworks/Logging.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-06-28 21:58:45 +02:00
Asger Feldthaus
9ca25d5bef JS: Support .hash extraction via a few more methods 2020-06-28 01:38:59 +01:00
Asger Feldthaus
19db418395 JS: Add missing store step in Xss query 2020-06-28 01:26:11 +01:00
Asger Feldthaus
3e616e998e JS: Add test 2020-06-27 21:31:40 +01:00
Asger Feldthaus
84d21074e5 JS: Support Vue class components 2020-06-27 21:24:46 +01:00
Asger Feldthaus
ac5b9cd168 JS: Autoformat 2020-06-26 23:15:04 +01:00
ubuntu
9135bbd5c8 JS: model fancy-log (and recognize the 'dir' log level) 2020-06-26 21:33:52 +02:00
Asger Feldthaus
6707e3424d JS: Prevent bad join ordering 2020-06-26 20:21:56 +01:00
Asger Feldthaus
06dd3ab2ca JS: Propagate into RegExp.$x 2020-06-26 18:58:43 +01:00
Asger Feldthaus
17af8f7650 JS: Add test for taint propagating into RegExp.$1 2020-06-26 18:58:43 +01:00
semmle-qlci
3aefb7fad9 Merge pull request #3613 from erik-krogh/Reassigned 
Approved by asgerf
 2020-06-26 17:05:45 +01:00
semmle-qlci
b015c735d0 Merge pull request #3809 from max-schaefer/util-deprecate 
Approved by asgerf
 2020-06-26 14:20:14 +01:00
Erik Krogh Kristensen
0b050204ad add missing dot in qldoc 2020-06-26 15:07:12 +02:00
Erik Krogh Kristensen
e4fe236d37 autoformat 2020-06-26 13:59:06 +02:00
Max Schaefer
640c194c92 JavaScript: Model util.deprecate as a pre call-graph step. 2020-06-26 11:47:19 +01:00
Max Schaefer
712a216461 Add self-verifying type-tracking tests. 2020-06-26 11:47:19 +01:00
semmle-qlci
f81fc77e9e Merge pull request #3782 from erik-krogh/promiseSteps 
Approved by asgerf
 2020-06-26 10:11:10 +01:00
semmle-qlci
92cc59b47b Merge pull request #3800 from esbena/js/npmlog 
Approved by erik-krogh
 2020-06-26 07:54:08 +01:00
Erik Krogh Kristensen
7cb6516bc4 make internal predicates within DominatingPaths smaller. 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
1ec2c549d2 autoformat 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
8b3ca73c1c autoformat 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
081b03c8f4 add tests that access-path domination can happen within a statement 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
47d52870f2 Use a ControlFlowNode based API to determine domination 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
926f2c139f require that a write must dominate the enclosing stmt of a read 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
55565a51df don't use getEnclosingStmt 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
34d6a4dcf8 use Rhs of a prop-write 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
cc2e61531e update expected output 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
f7c42ca1b5 autoformat 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
252f805db4 performance improvement 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
21e5a522b0 give the same rank to all expressions inside a single stmt 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
e467d3ccbf use dominating write check in js/path-injection 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
6bc821b1ab add tests for dominating writes 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
2b2d691e45 don't treated a property from a tainted object as tainted when there exists a dominating write 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
5e4acfbe19 implement predicate for finding dominating writes to an access-path 2020-06-25 23:00:52 +02:00
semmle-qlci
056e1a8c4b Merge pull request #3599 from asger-semmle/js/nameditem 
Approved by esbena
 2020-06-25 17:34:14 +01:00
Erik Krogh Kristensen
690bde47aa remove a .getALocalSource() that isn't needed 2020-06-25 16:51:10 +02:00
semmle-qlci
cf0cd00458 Merge pull request #3627 from asger-semmle/js/unneeded-defensive-return 
Approved by erik-krogh
 2020-06-25 15:28:57 +01:00
semmle-qlci
c39dce4d66 Merge pull request #3781 from asger-semmle/js/deprecate-type-member-lookup 
Approved by erik-krogh
 2020-06-25 14:56:17 +01:00