hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,411 Commits 1,712 Branches 163 Tags
c7e428eb27f5d82755fe97e7c4ececb627014c74
Commit Graph

1064 Commits

Author SHA1 Message Date
Max Schaefer
c7e428eb27 JavaScript: Handle E4X/Flow lexical ambiguity. 2019-02-24 20:45:41 +00:00
Max Schaefer
d6deefed86 JavaScript: Accept CDATA in E4X content. 2019-02-24 20:45:41 +00:00
Max Schaefer
81b86d9a0f JavaScript: Skip XML processing instructions in E4X content. 2019-02-24 20:45:41 +00:00
Max Schaefer
be67d5129a JavaScript: Add QL library support for E4X. 2019-02-24 20:45:41 +00:00
Max Schaefer
5a89024507 JavaScript: Be more lenient about keywords used as identifiers. 2019-02-24 20:45:41 +00:00
Max Schaefer
dbbb961b48 JavaScript: Accept let expressions with an object literal as their body. 2019-02-24 20:45:41 +00:00
Max Schaefer
63ed569724 JavaScript: Recover from missing initializers in const/destructuring declarations. 2019-02-24 20:45:41 +00:00
Max Schaefer
fbf2774bb3 JavaScript: Accept expression-bodied function declarations in experimental mode. 2019-02-24 20:45:41 +00:00
Max Schaefer
a42bec7f44 JavaScript: Accept comments in E4X XML literals (but not in JSX HTML literals). 2019-02-24 20:45:41 +00:00
Max Schaefer
b2366c7a68 JavaScript: Refactor parsing of JSX element content. 2019-02-24 20:45:41 +00:00
Max Schaefer
88be67a4fc JavaScript: Add support for for-each-in comprehensions. 2019-02-24 20:45:41 +00:00
Max Schaefer
d3ae2954ff JavaScript: Add support for parsing postfix generator comprehensions. 2019-02-24 20:45:41 +00:00
Max Schaefer
bb93cef20a JavaScript: Refactor parsing of parenthesised expressions. 2019-02-24 20:45:41 +00:00
Max Schaefer
92c8501e67 JavaScript: Refactor parsing of generator/array comprehensions. 2019-02-24 20:45:41 +00:00
Max Schaefer
f3ea810c21 JavaScript: Add parser support for E4X. 2019-02-24 20:45:41 +00:00
Max Schaefer
1ad4867f2a JavaScript: Make parsing of decorators more restrictive. 
As per [the proposal](https://tc39.github.io/proposal-decorators/#sec-new-syntax), decorators can only contain identifiers or parenthesised expressions, optionally followed by property accesses and arguments.
 2019-02-24 20:45:41 +00:00
Max Schaefer
db9ac72e7a Merge pull request #957 from esben-semmle/js/another-autobinder-model 
JS: model one more 'autobind' for js/unbound-event-handler-receiver
 2019-02-22 20:58:17 +00:00
Max Schaefer
12ed2ca000 Merge pull request #958 from esben-semmle/js/improve-tainted-path 
JS: add taint steps for fs.realpath and fs.realpathSync
 2019-02-22 20:55:39 +00:00
Esben Sparre Andreasen
305a249280 JS: add taint steps for fs.realpath and fs.realpathSync 2019-02-21 09:48:35 +01:00
Esben Sparre Andreasen
27cae0c190 JS: model one more 'autobind' for js/unbound-event-handler-receiver 2019-02-21 08:23:54 +01:00
james
50ad8a4089 update link in vue.qll 2019-02-20 16:43:56 +00:00
semmle-qlci
f5e419e774 Merge pull request #933 from xiemaisi/js/createContextualFragment 
Approved by asger-semmle
 2019-02-20 12:42:27 +00:00
semmle-qlci
26525fc1b5 Merge pull request #929 from asger-semmle/typescript-no-expansion 
Approved by xiemaisi
 2019-02-13 18:20:41 +00:00
semmle-qlci
92a6e7e04c Merge pull request #932 from asger-semmle/cookbook-prepare 
Approved by xiemaisi
 2019-02-13 18:20:09 +00:00
Max Schaefer
5b2df068d3 Merge pull request #921 from asger-semmle/class-node-absval 
JS: use type inference to back up function-style classes
 2019-02-13 10:12:20 +00:00
semmle-qlci
c422ade739 Merge pull request #927 from xiemaisi/js/ambiguous-id-attr-templates 
Approved by esben-semmle
 2019-02-13 08:35:41 +00:00
Max Schaefer
2fce626c3a JavaScript: Add Range.prototype.createContextualFragment as an XSS sink. 2019-02-12 16:32:30 +00:00
Max Schaefer
41eb1ff9d0 JavaScript: Drop precision of AmbiguousIdAttribute to 'high'. 2019-02-12 16:31:29 +00:00
Max Schaefer
25f95d9fb1 JavaScript: Be more conservative about templates in AmbiguousIdAttribute. 
Previously, we only excluded attributes where the value of the attribute itself suggests templating happening. Now we exclude all attributes in documents where _any_ attribute value suggests templating.
 2019-02-12 16:31:01 +00:00
Anders Schack-Mulligen
15a6044445 Javascript: Autoformat qlls 2019-02-12 14:41:31 +01:00
Asger F
3290c174c3 JS: Add DataFlow::Node.getAFunctionValue 2019-02-12 13:38:46 +00:00
Asger F
2fd1ee60a2 JS: add DataFlow::Node.getIntValue() 2019-02-12 13:38:46 +00:00
Asger F
0fd9d157f8 JS: add DataFlow::Node.getStringValue() 2019-02-12 13:38:45 +00:00
Anders Schack-Mulligen
1182fca665 Javascript: Autoformat qls 2019-02-12 14:38:42 +01:00
semmle-qlci
c133362660 Merge pull request #910 from xiemaisi/js/regexp-taint 
Approved by esben-semmle
 2019-02-12 13:15:16 +00:00
Asger F
0444fa307d TS: update test expectations 2019-02-12 12:33:09 +00:00
Asger F
7a813cfb84 TS: disable type expansion by default 2019-02-12 12:21:11 +00:00
semmle-qlci
ac3f413b87 Merge pull request #920 from xiemaisi/js/field-as-prop-write 
Approved by asger-semmle
 2019-02-12 10:48:13 +00:00
semmle-qlci
10b00254ec Merge pull request #915 from asger-semmle/closure-uri-methods 
Approved by xiemaisi
 2019-02-11 10:51:07 +00:00
Max Schaefer
10ef945b51 JavaScript: Restrict InstanceFieldAsPropWrite to fields with initializers. 2019-02-11 08:17:53 +00:00
semmle-qlci
986afa1b1b Merge pull request #909 from xiemaisi/js/improve-incomplete-sanitization-alerts 
Approved by esben-semmle
 2019-02-08 17:39:36 +00:00
semmle-qlci
232d81a4ed Merge pull request #908 from xiemaisi/js/enable-ms-queries 
Approved by esben-semmle
 2019-02-08 17:38:27 +00:00
Asger F
74a9c4b500 JS: use type inference to back up function-style classes 2019-02-08 16:42:24 +00:00
Asger F
f6e0ccfcf0 JS: model URI and XHR methods from closure library 2019-02-08 15:18:27 +00:00
Asger F
fd2e9f1fcb JS: shift line numbers in RequestForgery test 2019-02-08 15:13:33 +00:00
semmle-qlci
937049e060 Merge pull request #891 from xiemaisi/js/simplify-sensitive-actions 
Approved by esben-semmle
 2019-02-08 14:12:47 +00:00
semmle-qlci
7e298cfbbe Merge pull request #900 from esben-semmle/js/defuse-default 
Approved by xiemaisi
 2019-02-08 11:28:32 +00:00
semmle-qlci
a48594ad8e Merge pull request #906 from asger-semmle/q-library 
Approved by xiemaisi
 2019-02-08 11:12:50 +00:00
Asger F
bfe88e9784 JS: make Closure::moduleImport handle member access. 2019-02-08 10:51:07 +00:00
Max Schaefer
b314c546e1 JavaScript: Track taint through RegExp.prototype.replace. 2019-02-08 09:57:07 +00:00