hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,982 Commits 1,673 Branches 157 Tags
d74c16f86c9a8713eab938ac86d178fe5ccf7ed5
Commit Graph

2760 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
d74c16f86c Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:36 +01:00
Esben Sparre Andreasen
380f66cb19 JS: rename Mongoose::CommonInterfase -> Mongoose::InvokeNode 2020-03-17 11:25:05 +01:00
Esben Sparre Andreasen
b75486bb58 JS: refactor NoSQL::Mongoose. Introduce Mongoose::CommonInterface 2020-03-16 22:12:30 +01:00
Esben Sparre Andreasen
833d1b1ab0 JS: fixup mongoose test 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
9d9926fdbf JS: model Mongoose Document for additional js/nosql-injection sinks 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
55ab519fbe JS: add Mongoose Document tests 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
dc27a8f52c JS: model mongoose Model on createConnection.<model/models> 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
730396df12 JS: add Mongoose createConnection tests 2020-03-16 22:11:22 +01:00
semmle-qlci
1d4dd2b2f7 Merge pull request #3057 from esbena/js/infer-this-as-exports 
Approved by asgerf
 2020-03-15 12:55:12 +00:00
semmle-qlci
7e093a8e5c Merge pull request #3041 from erik-krogh/JQueryAjax 
Approved by esbena
 2020-03-14 22:31:59 +00:00
semmle-qlci
ff03478ae8 Merge pull request #3049 from asger-semmle/js/fix-cyclic-join 
Approved by erik-krogh
 2020-03-14 16:19:25 +00:00
Erik Krogh Kristensen
486efbab77 refactor based on review 2020-03-14 14:53:38 +01:00
semmle-qlci
20cae302fd Merge pull request #3054 from erik-krogh/NoDeferred 
Approved by asgerf
 2020-03-14 13:36:16 +00:00
Esben Sparre Andreasen
4d6aa20990 Merge pull request #3004 from esbena/js/additional-mongodb-and-mongoose-injection-sinks 
JS: Mongoose and MongoDB improvements
 2020-03-14 12:31:43 +01:00
Esben Sparre Andreasen
2fac7434df JS: infer this to be module.exports in node modules 2020-03-13 14:10:35 +01:00
Esben Sparre Andreasen
ae8d38236b JS: add some tests for this 2020-03-13 14:09:23 +01:00
semmle-qlci
25b9fcfafd Merge pull request #3058 from asger-semmle/js/may-receive-argument-fix 
Approved by max-schaefer
 2020-03-13 11:49:49 +00:00
Erik Krogh Kristensen
799c3eb06c remove model of Deferred 2020-03-12 16:38:20 +01:00
Asger Feldthaus
4391b70b5f JS: Fix perf issue in mayReceiveArgument 2020-03-12 13:45:34 +00:00
Erik Krogh Kristensen
172c5ccaca changes based on review 2020-03-12 11:04:33 +01:00
Erik Krogh Kristensen
d32d14f572 model responseText and responseXml on jqXHR objects 2020-03-11 17:00:44 +01:00
Erik Krogh Kristensen
26d8e33434 Autoformat 2020-03-11 16:42:48 +01:00
Erik Krogh Kristensen
e88dac3dea remove FP for js/redundant-operation 2020-03-11 14:42:32 +01:00
Asger Feldthaus
6645df93ad JS: Blacklist another cyclic property 2020-03-11 13:09:37 +00:00
semmle-qlci
1d5fba85f9 Merge pull request #3034 from esbena/js/sharpen-useless-regexp-character-escape 
Approved by asgerf
 2020-03-11 12:29:45 +00:00
Erik Krogh Kristensen
cb5ef7dbed add basic support for jqXHR with ajax calls 2020-03-11 13:05:41 +01:00
Erik Krogh Kristensen
b987f2cf29 autoformat 2020-03-11 10:54:20 +01:00
Erik Krogh Kristensen
13e855910e add more ClientRequest models for JQuery 2020-03-10 17:21:22 +01:00
semmle-qlci
e3fed39f88 Merge pull request #3000 from asger-semmle/js/late-barrier-guards 
Approved by erik-krogh
 2020-03-10 15:38:35 +00:00
Esben Sparre Andreasen
5c8800a1c7 JS: make autoformatter happy 2020-03-10 13:11:31 +01:00
Esben Sparre Andreasen
5b1b945c35 JS: distinguishes escapes in strings and regular expression literals 2020-03-10 12:26:20 +01:00
Esben Sparre Andreasen
3bfda6cd38 JS: refactoring: make separate modules for mongoose Model and Query 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
480be06d86 JS: replace Model class with opaque type tracking predicate 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
dbeb216af0 JS: make use of TypeScript types for mongoose Model and Query 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
0c46e4d1af JS: fixup typetracking usage: t2 -> t2.continue() 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
aae92ad795 JS: add test for DatabaseAccess 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
6b9bd8bd97 JS: adjust tests slightly to also support DatabaseAccess testing 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
7a2faa0b6b JS: add additional mongoose and mongodb js/nosql-injection sinks 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
b6c616efd3 JS: support optional options argument to MongoClient.connect 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
f24f03e1f8 JS: add mongodb .connect tests 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
21e6e69f22 JS: support mongodb v3 (minimally) 
https://github.com/github/codeql-javascript-team/issues/79
 2020-03-10 09:57:45 +01:00
Max Schaefer
3c785ecaa7 JavaScript: Move flow summaries to experimental. 
Also update description and change note to call out their experimental character more clearly.
 2020-03-09 12:57:20 +00:00
Asger Feldthaus
a1d479e975 JS: Declassify sensitive exprs with special characters 2020-03-07 15:15:13 +00:00
Asger Feldthaus
2ef21ea4b8 JS: Only evaluate relevant barrier guards 2020-03-07 15:13:20 +00:00
Asger Feldthaus
fd1a14d3bd JS: Add qldoc to a private predicate 2020-03-07 15:13:20 +00:00
Asger Feldthaus
eed4204e04 JS: Lift some internal members to private top-level 2020-03-07 15:13:20 +00:00
semmle-qlci
7891f8621e Merge pull request #2982 from esbena/js/request-model-with-chaining 
Approved by asgerf
 2020-03-06 08:57:42 +00:00
Asger Feldthaus
2c8eae22d1 JS: Autoformat 2020-03-05 16:58:49 +00:00
semmle-qlci
0d76c71ed7 Merge pull request #2981 from asger-semmle/js/lower-syntax-error-severity 
Approved by max-schaefer
 2020-03-05 09:47:56 +00:00
semmle-qlci
98cee5cc1d Merge pull request #2967 from asger-semmle/js/flow-through-prop 
Approved by esbena
 2020-03-05 09:46:35 +00:00