hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 09:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,290 Commits 1,693 Branches 161 Tags
d182eae868aada28abe51ba5a29da13210f0fa16
Commit Graph

1371 Commits

Author SHA1 Message Date
Asger F
29ffeb6da5 JS: Fix qldoc 2024-02-20 14:00:32 +01:00
Asger F
c324b2aed8 JS: Refactor 2024-02-19 13:59:49 +01:00
Asger F
eb7d0244c2 JS: Global names don't have to be defined in externs 2024-02-19 13:59:49 +01:00
Asger F
493b37774f JS: More precise isFunctionSource 2024-02-19 13:59:49 +01:00
Asger F
6d597bea0d JS: Refactor 2024-02-19 13:59:49 +01:00
Asger F
8a5b907912 JS: Handle wrapper functions more gracefully 2024-02-19 13:59:48 +01:00
Asger F
d96f29d6c2 JS: Disallow return steps in getASinkNode 2024-02-19 13:59:48 +01:00
Asger F
29258ad8c2 WIP new aliasing rule 2024-02-19 13:59:15 +01:00
Asger F
d94d4591da JS: Name instance methods using API nodes instead of special-casing 2024-02-14 15:08:19 +01:00
Asger F
c4a0f36a08 JS: Fix handling of unknown properties 
These would shorten the expected distance to a node, but would never be usable as an edge, meaning we failed to pick a preferred predecessor.
 2024-02-14 15:08:19 +01:00
Asger F
9838da5395 JS: Simplify isExported 2024-02-14 15:08:19 +01:00
Asger F
a3dc19fd31 JS: Check privacy earlier 2024-02-14 15:08:19 +01:00
Asger F
75a95ffcd1 Merge pull request #15602 from asgerf/js/block-logical-and-flow 
JS: Fix flow through &&
 2024-02-14 12:29:40 +01:00
Asger F
2172c4863f Merge pull request #15380 from asgerf/js/endpoint-naming 
JS: Add library for naming endpoints
 2024-02-14 10:48:13 +01:00
Asger F
7122a7502a JS: Fix flow through && 
This is a long-standing bug we've been unable to fix due to noise from type inference.
 2024-02-13 14:43:03 +01:00
Asger F
543e183d99 JS: Describe 1-step aliasing rule 2024-02-13 09:29:15 +01:00
Asger F
baa3c35d6f JS: Refactor aliasing relation 2024-02-13 09:24:00 +01:00
Asger F
8d3a19aaad JS: Fix termination criteria 
Previously it was theoretically possible to create a cycle of preferred predecessors, since badness had higher precedence than depth. We now require the preferred predecessor to have lower depth.

With this criteria we can remove the arbitray cap on badness.
 2024-02-12 11:44:52 +01:00
Asger F
0fbe530d9e JS: Fix some broken comments 2024-02-12 11:39:40 +01:00
Asger F
6d01ba67f7 JS: Check isPrivateLike in isExported instead 2024-02-12 11:39:29 +01:00
Asger F
8a2485a22f JS: Address some comments 2024-02-01 20:54:27 +01:00
Asger F
aa5cccdddd JS: Make sinkHasPrimaryName public 2024-01-31 20:39:25 +01:00
James Ockers
eb5e0123d6 exclude certification from maybeCertificate() regexes 2024-01-30 13:16:18 -08:00
Asger F
19ba9fed99 Handle externs 2024-01-30 17:13:02 +01:00
Asger F
1737ba1a6b JS: Add library for naming endpoints 2024-01-30 16:36:51 +01:00
Asger F
8930ce74af JS: Do not view packages as nested in a private package 2024-01-30 13:20:57 +01:00
Asger F
2d8d11fa78 JS: Restrict type-only exports in API graphs 2024-01-30 13:20:57 +01:00
Asger F
0e0fb0e52d JS: Remove API graph edge causing ambiguity 2024-01-30 13:20:56 +01:00
Asger F
e441dd472b JS: Expose hasBothNamedAndDefaultExports() 2024-01-30 13:20:55 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Asger F
96f8a02a72 JS: Treat private-field methods as private 2024-01-15 13:00:39 +01:00
Asger F
59c9ac735a Merge pull request #15295 from asgerf/js/type-model-export 
JS: Include sink nodes as base-case when resolving types
 2024-01-11 20:47:32 +01:00
Erik Krogh Kristensen
d782bd9b1f Merge pull request #13624 from jorgectf/seclab/dotjs 
JS: Add `dot.js` support
 2024-01-11 14:57:19 +01:00
Asger F
82cee61999 JS: Include sink nodes as base-case when resolving types 2024-01-11 13:41:21 +01:00
Erik Krogh Kristensen
3000b4b9b3 rename PropsTaintStep to PropsFlowStep 
Co-authored-by: Asger F <asgerf@github.com>
 2024-01-10 09:45:29 +01:00
erik-krogh
a9f2b3fad6 promote PropsTaintStep to a PreCallGraphStep 2024-01-04 10:45:22 +01:00
Jorge
f8cfd698fa Merge branch 'main' into seclab/dotjs 2023-12-19 10:44:52 +01:00
Remco Vermeulen
133a243298 Add support for XML attributes in the data flow graph 2023-12-14 11:33:53 -08:00
Tom Hvitved
a46964dfe8 Address review comments 2023-12-12 13:55:52 +01:00
Tom Hvitved
28373e0fdf JS: Adapt to changes in shared code 2023-12-10 11:25:43 +01:00
erik-krogh
e8f9e366d5 remove redundant imports for JS 2023-12-08 16:56:54 +01:00
Jorge
8abd1d9855 Merge branch 'main' into seclab/dotjs 2023-11-30 19:42:18 +01:00
erik-krogh
abb8d65483 Merge branch 'main' into amammad-js-SQLI 2023-11-23 21:17:58 +01:00
amammad
60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
amammad
999ec7053e fix Query class docstring 2023-11-21 18:56:05 +01:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
amammad
c858e4974d fix Sqlite and BetterSqlite3 issues according to Review 2023-11-06 14:57:40 +01:00
Arthur Baars
5cc94e1105 Express.js: add req.path as remote input source 2023-10-31 12:44:26 +01:00