hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-09 15:41:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,922 Commits 1,754 Branches 167 Tags
cafdcfa4de32a9d11758bf620d52a8b0b79cb288
Commit Graph

1799 Commits

Author SHA1 Message Date
Asger Feldthaus
cafdcfa4de JS: Preserve reflective calls in getAMethodCall 2020-04-23 13:57:14 +01:00
Asger Feldthaus
1703ffe6a1 JS: Cache some SourceNode getter methods differently 2020-04-21 10:33:07 +01:00
semmle-qlci
2ecef33c9d Merge pull request #3299 from asger-semmle/js/flows-to-redundant-check 
Approved by esbena
 2020-04-21 10:00:34 +01:00
Asger Feldthaus
ca60e8264e JS: Autoformat 2020-04-20 14:42:41 +01:00
Asger Feldthaus
bccc27f1e7 JS: Rephrase flowsTo to avoid redundant SourceNode::Range check 2020-04-20 10:57:52 +01:00
Asger Feldthaus
bb9fea5a27 JS: Refactor isAmbient computation 2020-04-19 22:45:19 +01:00
Erik Krogh Kristensen
4a93b91d59 make maybePromisified private 2020-04-17 11:47:03 +02:00
Erik Krogh Kristensen
4f32157a78 rename func to callback 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-17 11:36:48 +02:00
Erik Krogh Kristensen
eca98b42d2 basic support for util.promisify for NodeJSFileSystemAccess 2020-04-17 09:54:37 +02:00
Erik Krogh Kristensen
ea0f6a367d refactor into maybePromisified predicate 2020-04-17 09:50:08 +02:00
Erik Krogh Kristensen
e8dc77d508 add support for util.promisify with child_process calls 2020-04-15 19:16:30 +02:00
semmle-qlci
bfd80b42a7 Merge pull request #3260 from asger-semmle/js/location-tweaks 
Approved by erik-krogh
 2020-04-15 10:47:35 +01:00
Asger F
34d40b5035 Merge pull request #3237 from asger-semmle/js/sparse-capture 
JS: Add CapturedVariableNode to avoid N^2 edges
 2020-04-15 10:42:48 +01:00
Asger Feldthaus
1107e7c6a6 JS: Rename other uses of getURL 2020-04-14 19:45:09 +01:00
Asger F
c178eecd43 Update javascript/ql/src/semmle/javascript/Variables.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-14 14:40:21 +01:00
Asger Feldthaus
88667206fc JS: Remove default hasLocationInfo case 2020-04-14 10:03:10 +01:00
Asger Feldthaus
5da968e34c JS: Specialize ASTNode.getFile 2020-04-14 10:03:10 +01:00
Asger Feldthaus
244a304e1d JS: Implement getFile() directly instead of via locations 2020-04-14 10:03:10 +01:00
Asger Feldthaus
dc084628cc JS: Avoid the special name getURL 2020-04-14 10:03:09 +01:00
Erik Krogh Kristensen
e47575ce5b more precise getChild for matching "../" 2020-04-14 10:24:08 +02:00
Asger Feldthaus
25d5cc78cb JS: Use entry location instead of whole container 2020-04-09 09:18:26 +01:00
Asger Feldthaus
d9f81b082b JS: Autoformat 2020-04-09 07:45:00 +01:00
Asger Feldthaus
47934310ef JS: Hide captured nodes in path explanations 2020-04-08 19:58:36 +01:00
semmle-qlci
404f7225a1 Merge pull request #3196 from asger-semmle/js/unnecessary-source-node-range 
Approved by esbena
 2020-04-08 18:44:02 +01:00
Asger Feldthaus
4ca3ac5ee9 JS: Add another warning 2020-04-08 10:30:45 +01:00
Asger F
4acb9da2cf Update javascript/ql/src/semmle/javascript/frameworks/LazyCache.qll 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-08 10:30:21 +01:00
Asger Feldthaus
1f496d3c6b JS: Add CapturedVariableNode 2020-04-07 19:02:46 +01:00
Erik Krogh Kristensen
9c2053168b writing out the truth table for DotDotSlashPrefixRemovingReplace 2020-04-03 15:46:47 +02:00
Erik Krogh Kristensen
94751c1b31 dst can be relative for "../" replace call 2020-04-03 11:08:31 +02:00
Erik Krogh Kristensen
e46cde17a1 add a "../" removing taint-step for js/path-injection 2020-04-03 09:42:05 +02:00
Asger Feldthaus
ffbbdd7779 JS: Autoformat 2020-04-02 23:04:24 +01:00
Asger Feldthaus
93971e9433 JS: Make local flow not depend on SourceNode 2020-04-02 23:03:29 +01:00
Asger Feldthaus
346867f425 JS: Remove Import->SourceNode dependency from AMD 2020-04-02 23:03:29 +01:00
Asger Feldthaus
3804d3fcfd JS: Remove Import->SourceNode dependency from lazy cache 2020-04-02 23:03:20 +01:00
Asger Feldthaus
8f930fc3e6 JS: Remove recursive SourceNode from AngularJS 2020-04-02 12:25:33 +01:00
Asger Feldthaus
ee106b1103 JS: Remove tautological SourceNode::Range subclasses 2020-04-02 12:21:17 +01:00
semmle-qlci
0feb7f87e4 Merge pull request #2761 from erik-krogh/UrlSearch 
Approved by asgerf
 2020-03-31 09:46:48 +01:00
semmle-qlci
73dd4c8686 Merge pull request #3133 from asger-semmle/js/dictionary-taint-step-regression 
Approved by esbena
 2020-03-31 09:28:55 +01:00
semmle-qlci
fce04f0bd0 Merge pull request #3127 from erik-krogh/PromiseTrack 
Approved by asgerf
 2020-03-30 11:56:33 +01:00
Asger Feldthaus
a317b87b81 JS: Fix perf issue in DictionaryTaintStep 2020-03-30 11:23:47 +01:00
Erik Krogh Kristensen
4864e77430 Merge branch 'master' of git.semmle.com:Semmle/ql into UrlSearch 2020-03-27 15:59:29 +01:00
semmle-qlci
fad902fc9b Merge pull request #3095 from erik-krogh/MorePerf 
Approved by asgerf
 2020-03-27 12:51:37 +00:00
semmle-qlci
9b3400337b Merge pull request #3130 from erik-krogh/PreciseSteps 
Approved by asgerf
 2020-03-27 12:18:28 +00:00
semmle-qlci
1975a83cdd Merge pull request #3116 from max-schaefer/js/postgres-type-tracking 
Approved by asgerf
 2020-03-27 09:23:52 +00:00
Erik Krogh Kristensen
d3e1a258fa autoformat 2020-03-27 09:34:56 +01:00
Erik Krogh Kristensen
be11418c77 autoformat 2020-03-27 00:18:41 +01:00
Erik Krogh Kristensen
6b507c6933 add urlSuffix support to DomBasedXSS 2020-03-26 15:47:59 +01:00
Erik Krogh Kristensen
baf50c832c more precise charpreds in taint steps 2020-03-26 15:30:43 +01:00
Erik Krogh Kristensen
8f45c8fe83 use LoadStoreStep for type-tracking promises 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen
1a2983fe39 support small steps for promise tracking 2020-03-25 23:54:57 +01:00