hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,825 Commits 1,673 Branches 157 Tags
e27a69960d480b496a8edfa53a47de589ddce17f
Commit Graph

2259 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
e27a69960d update description 2019-11-27 11:17:19 +01:00
Erik Krogh Kristensen
b5a57986c6 small changes based on review feedback 2019-11-26 15:57:31 +01:00
Erik Krogh Kristensen
f284b3a2bb Merge remote-tracking branch 'upstream/master' into exceptionXss 2019-11-26 10:54:04 +01:00
Erik Krogh Kristensen
7ee12a3420 change doc based on review feedback 2019-11-26 10:48:24 +01:00
semmle-qlci
fb44aa18bd Merge pull request #2428 from erik-krogh/useOfReturnlessFunctionSuperCalls 
Approved by max-schaefer
 2019-11-26 09:14:08 +00:00
Erik Krogh Kristensen
4efc71b7a2 remove FP in use-of-returnless-function FP related to calls to super() 2019-11-25 11:48:16 +01:00
Erik Krogh Kristensen
7d825af9a3 Added an XSS sink for Handlebars.SafeString 2019-11-22 15:56:21 +01:00
semmle-qlci
5c3c8eb35d Merge pull request #2406 from erik-krogh/returnlessFp 
Approved by asgerf
 2019-11-22 13:06:03 +00:00
Erik Krogh Kristensen
f40d79271d cleanup module imports and update expected outputs 2019-11-22 13:55:47 +01:00
Erik Krogh Kristensen
85b22536d0 adjust formatting 2019-11-22 13:36:16 +01:00
Esben Sparre Andreasen
5d34806e50 Merge pull request #2379 from asger-semmle/typescript-fixes 
TS: A bunch of TypeScript fixes
 2019-11-22 13:31:30 +01:00
Max Schaefer
83f5b614e9 JavaScript: Switch detection of callback-based string replacement to data flow. 2019-11-22 09:24:34 +00:00
Max Schaefer
1951461f55 JavaScript: Simplify DoubleEscaping. 
Undo previous work on generalising the concept of a replacement, which did not work out.
 2019-11-22 09:24:34 +00:00
Max Schaefer
ff002a7af4 JavaScript: Whitelist more harmless incomplete escapes. 2019-11-22 09:24:34 +00:00
Max Schaefer
659cc812fe JavaScript: Rephrase two predicates to help the optimiser. 2019-11-22 09:24:34 +00:00
Max Schaefer
db3eaa23ef JavaScript: Introduce modelling of String.prototype.replace and use it in two queries. 2019-11-22 09:24:34 +00:00
Max Schaefer
f43e843b20 JavaScript: Introduce class RegExpLiteralNode. 2019-11-22 09:24:34 +00:00
Max Schaefer
12ea81af9c JavaScript: Move getAMatchedConstant(RegExpTerm) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
a5a5debdc7 JavaScript: Move getStringValue(RegExpLiteral) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
0edb70f373 JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-11-22 09:24:34 +00:00
Max Schaefer
cb54618a5d JavaScript: Deal with (un-)escaping on captured variables. 2019-11-22 09:24:34 +00:00
Max Schaefer
61aa075e8d JavaScript: Fix regexes for escaping schemes. 2019-11-22 09:24:34 +00:00
Max Schaefer
4f899a9b0d JavaScript: Recognize string escaping using .replace with a callback. 2019-11-22 09:24:34 +00:00
Max Schaefer
5dcf55e113 JavaScript: Refactor DoubleEscaping.ql. 2019-11-22 09:24:34 +00:00
semmle-qlci
62859d140d Merge pull request #2394 from esbena/js/support-getDerivedFromError 
Approved by max-schaefer
 2019-11-22 07:45:45 +00:00
semmle-qlci
2c623372b6 Merge pull request #2405 from esbena/js/another-bind-model 
Approved by asgerf
 2019-11-22 07:35:58 +00:00
Erik Krogh Kristensen
94e9c0203d add test for exceptional taint-flow 2019-11-21 17:16:13 +01:00
semmle-qlci
8cca9b05ea Merge pull request #2393 from max-schaefer/js/improve-incomplete-sanitization-docs 
Approved by mchammer01
 2019-11-21 16:04:19 +00:00
Asger F
ec8ced7963 TS: Fix a typos and leftover todo 2019-11-21 15:39:37 +00:00
Asger F
01ab8f07eb TS: Fix a crash when allowJs: true was set 2019-11-21 15:39:37 +00:00
Asger F
2c916cb4f3 TS: Update stats 2019-11-21 15:39:37 +00:00
Asger F
dd50d29827 TS: Fix crash in case of missing type roots 2019-11-21 15:39:37 +00:00
Asger F
4a885cbf92 TS: Expose optional parameters at syntax level 2019-11-21 15:39:37 +00:00
Asger F
b6b8213e13 TS: Handle rest parameters in call signatures 2019-11-21 15:39:37 +00:00
Asger F
f2c3d734ea TS: Update some more tests 2019-11-21 15:39:37 +00:00
Asger F
0c41d6910f TS: Pass tsconfig options correctly 2019-11-21 15:39:37 +00:00
Asger F
8205a59688 TS: Unfold aliases in Type.unfold() 2019-11-21 15:39:37 +00:00
Asger F
e25ee182a0 TS: Extract type alias relation 2019-11-21 15:39:37 +00:00
Asger F
f11dc11ade TS: Fix type of RHS of TypeAliasDeclaration 2019-11-21 15:39:37 +00:00
Asger F
a3aef1e4e0 TS: Update TypeAlias test 2019-11-21 15:39:37 +00:00
Erik Krogh Kristensen
42a0a62e4c remove 3 FP sources from use-of-returnless-function 2019-11-21 14:27:04 +01:00
Esben Sparre Andreasen
03c83c9c9d JS: model React's getDerivedStateFromError 2019-11-21 13:18:43 +01:00
Esben Sparre Andreasen
23d29a80db JS: improve comment syntax 2019-11-21 13:16:40 +01:00
Esben Sparre Andreasen
6328a0a8b9 JS: improve FP filter for js/unbound-event-handler-receiver 2019-11-21 13:13:40 +01:00
semmle-qlci
77c869f528 Merge pull request #2220 from erik-krogh/processEnvTaint 
Approved by esbena, max-schaefer
 2019-11-20 13:16:43 +00:00
Max Schaefer
cb20de8070 JavaScript: Add a warning to IncompleteSanitization help. 
Sanitizing away multi-character strings using regular expressions is tricky business, and we should probably warn about it.
 2019-11-20 11:57:50 +00:00
Max Schaefer
5565be14fc JavaScript: Teach IncompleteSanitization to flag incomplete path sanitizers. 2019-11-19 15:06:16 +00:00
Erik Krogh Kristensen
1ba777a45d remove deep taint of objects 2019-11-19 15:50:50 +01:00
Erik Krogh Kristensen
c2b48eb546 rename getExceptionalNode to getExceptionTarget 2019-11-19 15:32:17 +01:00
Erik Krogh Kristensen
d8a5554666 update doc on getExceptionalNode 2019-11-19 14:10:35 +01:00