codeql

mirror of https://github.com/github/codeql.git synced 2026-03-06 23:56:48 +01:00

Author	SHA1	Message	Date
Asger F	c2abb0fbd0	JS: Remove reference to AdditionalSanitizerGuard from CachedStages	2024-12-03 14:30:04 +01:00
Asger F	82682d9a62	JS: Remove a non-deprecated reference to SanitizerGuardNode	2024-12-03 14:30:03 +01:00
Asger F	bc7753de29	JS: Remove non-deprecated reference to AdditionalBarrierGuardNode	2024-12-03 14:30:02 +01:00
Asger F	0cd2e3f9eb	JS: Deprecate old data flow library, except some guard-related nodes	2024-12-03 14:30:01 +01:00
Asger F	071189a9e9	Merge pull request #18175 from asgerf/jss/documentation JS: Update data flow documentation and tutorials for JavaScript	2024-12-03 14:23:29 +01:00
Asger F	e1aff15f29	Merge pull request #18125 from asgerf/jss/summary-type-tracker JS: Derive type-tracking steps from flow summaries	2024-12-03 12:40:56 +01:00
Asger F	27e61a1f3d	JS: Also update cheat sheet	2024-12-03 12:00:30 +01:00
Asger F	89463d73f5	JS: Remove mention of isAdditionalTaintStep	2024-12-03 11:51:46 +01:00
Asger F	935e1c065a	Update docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-12-03 11:49:45 +01:00
Asger F	89849fae87	Update docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-12-03 11:49:34 +01:00
Asger F	5e27257405	Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-12-03 11:49:22 +01:00
Asger F	054558d7b5	JS: Include content properties in type-tracker properties Reminder: we have two PropertyName classes because the one in Contents.qll can't depend on DataFlow::Node.	2024-12-03 09:58:54 +01:00
Asger F	8bca66493f	JS: Add test showing lack of inclusion in PropertyName	2024-12-03 09:57:02 +01:00
Asger F	404b0f24f2	JS: Fix another stray reference to BarrierGuardNode/SanitizerGuardNode	2024-12-02 13:29:52 +01:00
Asger F	422c089a39	JS: Remove redundant base class in TruthinessCheck	2024-12-02 13:26:37 +01:00
Asger F	628f60d2e3	JS: Update flow label tutorial	2024-12-02 10:34:02 +01:00
Asger F	2db89c1b02	JS: Update query17 from intro tutorial	2024-12-02 10:04:09 +01:00
Asger F	2722c45737	JS: Update global data flow tutorial .rst file	2024-12-02 10:04:08 +01:00
Asger F	103a6ea8a6	JS: Port tutorial query5	2024-12-02 10:04:07 +01:00
Asger F	02c5e49de8	JS: Port tutorial query4	2024-12-02 10:04:05 +01:00
Asger F	1f6335f9ba	JS: Port tutorial query3	2024-12-02 10:04:04 +01:00
Asger F	3319870d00	JS: Port tutorial query2	2024-12-02 10:04:02 +01:00
Asger F	32f020ee6f	JS: Port tutorial query1	2024-12-02 10:04:00 +01:00
Asger F	cab8a40d00	JS: Fix accidental recursion	2024-11-29 14:23:57 +01:00
Asger F	9c6b6981e2	JS: Add test to restrict dependencies	2024-11-29 14:23:56 +01:00
Asger F	2f0c80a98b	JS: Include summary steps in type tracking	2024-11-29 14:23:55 +01:00
Asger F	440cbb7f0a	JS: Add inline-expectation test for type tracking	2024-11-29 14:23:54 +01:00
Asger F	6349903110	JS: Move FlowSummary/Summaries.qll into testUtilities	2024-11-29 14:23:52 +01:00
Asger F	e34064e3b5	JS: Initial instantiation of sumamry type tracking Instantiates the library without using it yet.	2024-11-29 14:23:50 +01:00
Asger F	df12f255ac	JS: Rename propagatesFlowExt -> propagatesFlow	2024-11-29 14:23:49 +01:00
Asger F	66d6bda716	Merge pull request #18044 from asgerf/js/shared-dataflow-bump JS: Merge 'main' and implement 'speculativeTaintStep'	2024-11-27 15:43:27 +01:00
Asger F	805fd0b46e	JS: Refine speculative step definition	2024-11-26 15:56:56 +01:00
Asger F	8818fcc207	JS: Benign test output changes	2024-11-26 15:47:13 +01:00
Asger F	c94a01e6b6	JS: Remove reference to argsParseStep This was removed as part of the PR that introduced threat models.	2024-11-26 15:36:47 +01:00
Asger F	bf62582f53	JS: Implement 'speculativeTaintStep' It is a mandatory part of the interface now; just providing a bare-bones implementation for rather than 'none()'	2024-11-26 15:36:46 +01:00
Asger F	82d61e4194	Merge branch 'js/shared-dataflow-branch' into js/shared-dataflow-merge-main	2024-11-26 15:36:16 +01:00
Asger F	c2e9dca1de	Merge pull request #18043 from asgerf/jss/jump-and-test-exclusion JS: Fix jump steps generated by IIFEs and exception flow	2024-11-26 14:33:42 +01:00
Asger F	f073f3b791	JS: Rename file to foo.test.js	2024-11-26 13:44:00 +01:00
Asger F	65da9b41b5	JS: Add cross-file test in InsecureRandom	2024-11-26 13:43:24 +01:00
Asger F	b4bd8e701c	JS: Add test for file classification change	2024-11-26 12:33:39 +01:00
Asger F	930a7b6e28	JS: Update output changes to nodes/edges/subpaths	2024-11-21 13:33:39 +01:00
Asger F	7a77432024	JS: Update lost result in insecure-download The VariableCapture library consumes one component of the access path limit, which means we lose this result	2024-11-21 13:33:10 +01:00
Asger F	1ac7591faf	JS: Update missed flow in capture-flow.js We previously caught this flow because of a heuristic in capture flow. We'll have to fix it properly later.	2024-11-21 12:57:34 +01:00
Asger F	9dad2d62d7	JS: Update DataFlowConsistency	2024-11-21 12:54:11 +01:00
Asger F	ce00bd2cc9	JS: More docs	2024-11-21 11:06:43 +01:00
Asger F	4e62a512c5	JS: Only apply exception propagator when no other summary applies Previously a few Promise-related methods were special-cased, which is no longer needed.	2024-11-21 11:01:05 +01:00
Asger F	84820adf3c	Add test for exception flow out of finally()	2024-11-21 11:01:03 +01:00
Asger F	948d21ca07	JS: Propagate exceptions from summarized callables by default	2024-11-21 10:24:31 +01:00
Asger F	dcdb2e5133	JS: Fix callback check so it works without parameters	2024-11-21 10:24:29 +01:00
Asger F	b7dd455aff	JS: Add test case	2024-11-21 09:21:36 +01:00

1 2 3 4 5 ...

72465 Commits