hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-09 15:41:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,115 Commits 1,754 Branches 167 Tags
d83f152f39fee3532092268a50c15717da302ba8
Commit Graph

1069 Commits

Author SHA1 Message Date
Asger F
d83f152f39 JS: Address review comments 2019-08-07 10:53:17 +01:00
Asger F
5e87d5c751 JS: Update syntactic heuristics 2019-08-07 10:53:17 +01:00
Asger F
f173e3024a JS: Add getConstantStringParts() and HTML concat node 2019-08-07 10:53:17 +01:00
Asger F
f101944c92 JS: Expand on the StringOps::Concatenation API 2019-08-07 10:53:17 +01:00
semmle-qlci
327d5acdcf Merge pull request #1686 from asger-semmle/lvalue-node 
Approved by xiemaisi
 2019-08-06 14:43:46 +01:00
semmle-qlci
5de6da4ee4 Merge pull request #1697 from esben-semmle/js/fix-missing-this-in-method 
Approved by xiemaisi
 2019-08-06 11:38:11 +01:00
Max Schaefer
5026a55c25 JavaScript: Fix a Cartesian product. 2019-08-05 15:42:20 +01:00
Max Schaefer
d230921b89 JavaScript: Remove two unused fields. 2019-08-05 15:41:55 +01:00
Esben Sparre Andreasen
bc2785d143 JS: add missing binding for this in BuiltinServiceCall 2019-08-05 14:10:21 +02:00
Esben Sparre Andreasen
bc296e74a1 JS: generalize internal AngularJS::BuiltinServiceCall to handle calls 2019-08-05 13:59:48 +02:00
Esben Sparre Andreasen
a652f754ee JS: rename internal AngularJS::ServiceMethodCall 2019-08-05 13:56:49 +02:00
semmle-qlci
f60af2cfba Merge pull request #1683 from asger-semmle/type-tracking-non-exp 
Approved by xiemaisi
 2019-08-05 11:06:53 +01:00
Asger F
8bec2fe7bf JS: Address comments 2019-08-05 10:44:39 +01:00
Asger F
5397da7579 JS: Handle implicit return in getImmediatePredecessor 2019-08-02 20:35:22 +01:00
Asger F
8e1893d0ed JS: Update range analysis to use getImmediatePredecessor 2019-08-02 20:35:22 +01:00
Asger F
9e949d0f44 JS: Add taint step through destructuring for-of loop 2019-08-02 20:35:21 +01:00
Asger F
de3c8bf711 JS: Introduce DataFlow::lvalueNode 2019-08-02 20:35:21 +01:00
semmle-qlci
d4e39a250d Merge pull request #1667 from xiemaisi/js/more-ranges 
Approved by esben-semmle
 2019-08-02 16:46:30 +01:00
Asger F
eb543c1ceb JS: Remove experimental warning from type tracking 2019-08-02 16:30:44 +01:00
semmle-qlci
07b97dcc07 Merge pull request #1672 from asger-semmle/flowlabel-issers 
Approved by xiemaisi
 2019-08-02 10:05:41 +01:00
semmle-qlci
bb4f00d770 Merge pull request #1015 from esben-semmle/js/cli-cli 
Approved by xiemaisi
 2019-08-02 09:57:19 +01:00
Asger F
e09c22e67d JS: Add FlowLabel.isData() and .isTaint() 2019-08-01 15:22:51 +01:00
semmle-qlci
691df0508e Merge pull request #1652 from xiemaisi/js/deprecate-isBarrier/2 
Approved by asger-semmle
 2019-08-01 09:47:04 +01:00
Max Schaefer
4141a98616 JavaScript: Replace Custom* with *::Range. 
The old names are kept as deprecated aliases.
 2019-08-01 09:45:44 +01:00
Esben Sparre Andreasen
bf4a324a86 JS: add query js/indirect-command-line-injection 2019-07-31 09:24:25 +02:00
Asger F
378b0bfb74 JS: Do not treat the empty string as a credential 2019-07-30 17:29:12 +01:00
Max Schaefer
3e6629d007 JavaScript: Deprecate multi-argument isBarrier and isSanitizer predicates. 
We informally deprecated them in 1.21, this commit deprecates them properly and removes support from the implementation. The predicates themselves will be removed in a future release.
 2019-07-30 16:32:08 +01:00
Max Schaefer
7b3c835bc6 JavaScript: Fix semantic merge conflict. 
https://github.com/Semmle/ql/pull/1621 vs https://github.com/Semmle/ql/pull/1613
 2019-07-30 12:34:30 +01:00
semmle-qlci
0f9a286284 Merge pull request #1621 from asger-semmle/no-recursive-import 
Approved by xiemaisi
 2019-07-30 11:25:11 +01:00
semmle-qlci
d63e53f3a4 Merge pull request #1628 from asger-semmle/self-globalobj 
Approved by xiemaisi
 2019-07-30 11:23:54 +01:00
semmle-qlci
3dfc697585 Merge pull request #1642 from xiemaisi/json_locations 
Approved by asger-semmle
 2019-07-29 14:55:33 +01:00
semmle-qlci
904c94ec9e Merge pull request #1644 from xiemaisi/js/more-examples 
Approved by asger-semmle
 2019-07-29 14:36:20 +01:00
Max Schaefer
d282ba04ae JavaScript: Add concrete syntax examples to JSDoc, RegExp, Tokens, Variables and XML. 2019-07-29 12:17:25 +01:00
semmle-qlci
143016ed96 Merge pull request #1635 from xiemaisi/js/dont-taint-for-in 
Approved by asger-semmle
 2019-07-26 08:32:14 +01:00
Max Schaefer
9a00f4d0f0 JavaScript: store YAML locations in yaml_locations table instead of hasLocation. 2019-07-25 16:52:44 +01:00
Max Schaefer
6b3abbbde5 JavaScript: Store JSON locations in json_locations table instead of hasLocation. 2019-07-25 16:52:44 +01:00
semmle-qlci
137427fc40 Merge pull request #1613 from asger-semmle/canonical-name-defs 
Approved by xiemaisi
 2019-07-24 18:51:08 +01:00
Asger F
6f158182d1 JS: Add self as global object alias 2019-07-24 17:10:59 +01:00
semmle-qlci
2a292c7dee Merge pull request #1626 from xiemaisi/js/more-examples 
Approved by asger-semmle
 2019-07-24 14:15:04 +01:00
Max Schaefer
74397daeb8 JavaScript: Add concrete syntax examples to ES2015Modules, Externs, JSON, YAML. 2019-07-24 11:56:11 +01:00
semmle-qlci
29e49ae9b2 Merge pull request #1620 from asger-semmle/hardcoded-creds-import 
Approved by xiemaisi
 2019-07-24 09:57:12 +01:00
Asger F
ff8529d3ec JS: Address comments 2019-07-23 17:14:56 +01:00
Asger F
1c3ce09607 JS: Downgrade the contract for getImmediatePredecessor 2019-07-23 17:14:56 +01:00
Asger F
28efadea73 JS: Use defSourceNode from getRhsNode 2019-07-23 17:14:56 +01:00
Asger F
747c320c35 JS: cache getEnclosingContainer 2019-07-23 17:14:56 +01:00
Asger F
498e4d2d57 JS: Avoid materializing DataFlow::Node.getFile 2019-07-23 17:14:56 +01:00
Asger F
421ad89bf9 JS: Fix join order 2019-07-23 17:14:56 +01:00
Asger F
197b4d5637 JS: Add TypeAnnotation.getClass 2019-07-23 17:14:56 +01:00
Asger F
106539c495 JS: Compute qualified name of classes 2019-07-23 17:14:56 +01:00
Asger F
44f7e2d5c5 JS: Handle IIFE parameters 2019-07-23 17:14:56 +01:00