hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 09:49:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,144 Commits 1,756 Branches 167 Tags
d541bd58fb77c4d539baf3bb657c511704370869
Commit Graph

723 Commits

Author SHA1 Message Date
Max Schaefer
d541bd58fb JavaScript: Unify (most) overrides of getAnImportedModule. 2019-03-29 08:11:29 +00:00
Max Schaefer
6a78e37d93 JavaScript: Make AMD dependencies Imports. 2019-03-29 08:11:29 +00:00
semmle-qlci
35ea746045 Merge pull request #1172 from asger-semmle/hostname-prefix-sanitizer 
Approved by xiemaisi
 2019-03-28 11:55:10 +00:00
semmle-qlci
86040575b1 Merge pull request #1161 from esben-semmle/js/classify-mode-html 
Approved by xiemaisi
 2019-03-27 12:56:04 +00:00
Asger F
d4c7312d80 JS: more sanitizing prefixes 2019-03-27 11:22:31 +00:00
Max Schaefer
3e16d16525 JavaScript: Make type tracking-related parameter and predicate names more consistent. 2019-03-26 13:00:09 +00:00
Max Schaefer
bf04664bd7 Update javascript/ql/src/semmle/javascript/GeneratedCode.qll 
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com>
 2019-03-26 10:01:24 +01:00
Esben Sparre Andreasen
3cd93129a6 JS: classify HTML files with > 20 elements on a line as generated 2019-03-26 08:03:56 +01:00
Max Schaefer
c50067b597 JavaScript: Refactor type tracking to avoid computing very large relations. 2019-03-25 20:38:58 +00:00
Max Schaefer
084159dcfd JavaScript: Teach type trackers to track flow through one level of properties. 2019-03-25 20:38:58 +00:00
Max Schaefer
9fbc0eb717 JavaScript: Switch from path summaries to step summaries for type tracking. 
This is sufficient since we are not doing summarisation.
 2019-03-25 20:37:05 +00:00
Max Schaefer
8e926333a9 JavaScript: Simplify a few newtypes and remove unused predicates. 2019-03-25 16:57:46 +00:00
Max Schaefer
55394df96f JavaScript: Refactor HTTP libraries to use type tracking instead of tracked nodes. 2019-03-25 16:57:46 +00:00
Max Schaefer
74db8b1979 JavaScript: Use type tracking instead of tracked nodes in Express. 2019-03-25 16:57:46 +00:00
Max Schaefer
276f216ef9 JavaScript: Use type tracking to improve modelling of socket.io. 2019-03-25 16:57:46 +00:00
Max Schaefer
4702790696 JavaScript: Refactor AMD/CommonJS path expression analysis to avoid bad magic. 2019-03-25 16:57:46 +00:00
Max Schaefer
0e0fe2545d JavaScript: Refactor Closure::isTopLevelExpr to avoid unhelpful magic. 2019-03-25 16:57:46 +00:00
Max Schaefer
c17f4d7d41 JavaScript: Cache SourceNode::track and SourceNode::backtrack. 2019-03-25 16:57:46 +00:00
Max Schaefer
2b778afdf5 JavaScript: Cache a bunch of flow steps to avoid recomputation. 2019-03-25 16:57:46 +00:00
Esben Sparre Andreasen
335a969946 JS: fix performance in ObjectDefinePropertyAsPropWrite::getRhs 2019-03-22 12:29:34 +01:00
Max Schaefer
8c460ae385 Merge remote-tracking branch 'upstream/master' into rc/1.20-merge-master 
Conflict in `javascript/extractor/src/com/semmle/js/extractor/Main.java` resolved
in favour of `master`.
 2019-03-21 14:46:29 +00:00
Max Schaefer
4533e1f6fe JavaScript: Add model of adm-zip library for ZipSlip query. 2019-03-21 08:04:06 +00:00
Asger F
aaa8bfb874 TS: allow namespace imports as types 2019-03-20 10:09:18 +00:00
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
Jason Reed
aa9ba9557c JavaScript: Include 'unzipper' library in ZipSlip. 2019-03-15 09:32:39 -04:00
Jason Reed
8124980f58 JavaScript: Add change note and comment. 2019-03-15 09:32:39 -04:00
Jason Reed
a674dbb5cd JavaScript: Update docstrings to reflect generalization. 2019-03-15 09:31:26 -04:00
Jason Reed
6589813ec7 JavaScript: Add tar-stream extraction to ZipSlip query. 2019-03-15 09:31:26 -04:00
Max Schaefer
5441352d41 Merge pull request #1113 from esben-semmle/js/useless-property-assign-setter 
JS: improve use of attributes from ~Object.defineProperty~
 2019-03-15 12:11:50 +00:00
semmle-qlci
cb86687302 Merge pull request #1078 from psygnisfive/UndefinedReturns 
Approved by xiemaisi
 2019-03-15 08:37:12 +00:00
Rebecca Valentine
f3683794d6 stylistic changes per PR change req. in description 
https://github.com/Semmle/ql/pull/1078#pullrequestreview-214401005
 2019-03-14 09:49:02 -07:00
semmle-qlci
d549a0dcb8 Merge pull request #1111 from xiemaisi/js/performance-fiddling 
Approved by esben-semmle
 2019-03-14 14:56:26 +00:00
semmle-qlci
5d9d23ee71 Merge pull request #1110 from xiemaisi/js/yield-in-non-generator 
Approved by asger-semmle
 2019-03-14 11:59:43 +00:00
Max Schaefer
8e52528219 JavaScript: Refactor reachableFromInput to improve join. 2019-03-14 11:53:46 +00:00
Max Schaefer
993345fb7b JavaScript: Track Electron browser objects locally only. 2019-03-14 11:53:46 +00:00
Esben Sparre Andreasen
bd7eef08e8 JS: introduce CallToObjectDefineProperty::getAPropertyAttribute 2019-03-14 11:59:27 +01:00
Max Schaefer
69c63110c1 JavaScript: Teach Function.isGenerator to check for yield. 2019-03-14 10:48:44 +00:00
Rebecca Valentine
64f731c8aa adds clarification in docs 2019-03-13 10:46:39 -07:00
Rebecca Valentine
688e7a9730 improves docs 2019-03-13 10:10:57 -07:00
Rebecca Valentine
7ef33de9d2 add tests to ignore generators and async functions per PR change request in description 
https://github.com/Semmle/ql/pull/1078#discussion_r265010018
 2019-03-13 10:04:23 -07:00
Max Schaefer
e2cb8c5ceb JavaScript: Fix example in TypeBackTracker qldoc. 2019-03-13 15:20:41 +00:00
Max Schaefer
8f6cb1cdb9 JavaScript: Add models for many more base64 packages. 
No tests; there are too many of these.
 2019-03-13 12:27:23 +00:00
Max Schaefer
f76efcb558 JavaScript: Fix modelling of Buffer base64 encoders and decoders. 2019-03-13 12:27:23 +00:00
Esben Sparre Andreasen
3e8e2ca890 JavaScript: Accept review suggestion. 
Co-Authored-By: xiemaisi <max@semmle.com>
 2019-03-13 08:47:17 +00:00
Max Schaefer
2dccd39bb7 JavaScript: Fix two comments. 2019-03-13 08:20:58 +00:00
Max Schaefer
28d8011bcf JavaScript: Add models for popular base64 transcoders. 2019-03-13 08:20:58 +00:00
semmle-qlci
6baf52614e Merge pull request #1074 from xiemaisi/js/socket.io-comm 
Approved by esben-semmle
 2019-03-13 07:38:12 +00:00
Rebecca Valentine
64e64c16a8 resolves PR change req mentioned in description 
https://github.com/Semmle/ql/pull/1078#discussion_r264557257
 2019-03-12 11:29:43 -07:00
Rebecca Valentine
9a7f9aa808 resolves PR change req mentioned in description 
2affd2bef6 (r264557539)
 2019-03-12 11:23:46 -07:00
Max Schaefer
f540dcb486 JavaScript: Address review comments. 2019-03-12 16:56:10 +00:00