codeql

mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00

Author	SHA1	Message	Date
Asger F	eab034ccfd	JS: add ModuleImportNode::Range	2019-02-25 11:31:08 +00:00
semmle-qlci	014d4b9ed0	Merge pull request #934 from asger-semmle/module-import Approved by xiemaisi	2019-02-25 09:46:52 +00:00
Max Schaefer	d4dbe3bfb6	JavaScript: Back out parsing of qualified XML identifiers. Their syntax conflicts with the proposed function-bind operator, which is more important to support.	2019-02-24 21:30:59 +00:00
Max Schaefer	6a90459d6a	JavaScript: Add upgrade script.	2019-02-24 21:06:29 +00:00
Max Schaefer	7491b5ea53	JavaScript: Add a comment.	2019-02-24 21:02:12 +00:00
Max Schaefer	f726125b71	JavaScript: Restrict E4X processing instruction disambiguation to the `<?xml ...?>` case.	2019-02-24 20:56:43 +00:00
Max Schaefer	cc216ad250	JavaScript: Buffer recoverable syntax errors during speculative parsing. Analogous to how we buffer tokens, we need to delay reporting these errors until we have committed to a parse.	2019-02-24 20:45:41 +00:00
Max Schaefer	c7e428eb27	JavaScript: Handle E4X/Flow lexical ambiguity.	2019-02-24 20:45:41 +00:00
Max Schaefer	d6deefed86	JavaScript: Accept CDATA in E4X content.	2019-02-24 20:45:41 +00:00
Max Schaefer	81b86d9a0f	JavaScript: Skip XML processing instructions in E4X content.	2019-02-24 20:45:41 +00:00
Max Schaefer	be67d5129a	JavaScript: Add QL library support for E4X.	2019-02-24 20:45:41 +00:00
Max Schaefer	5a89024507	JavaScript: Be more lenient about keywords used as identifiers.	2019-02-24 20:45:41 +00:00
Max Schaefer	dbbb961b48	JavaScript: Accept let expressions with an object literal as their body.	2019-02-24 20:45:41 +00:00
Max Schaefer	63ed569724	JavaScript: Recover from missing initializers in const/destructuring declarations.	2019-02-24 20:45:41 +00:00
Max Schaefer	fbf2774bb3	JavaScript: Accept expression-bodied function declarations in experimental mode.	2019-02-24 20:45:41 +00:00
Max Schaefer	a42bec7f44	JavaScript: Accept comments in E4X XML literals (but not in JSX HTML literals).	2019-02-24 20:45:41 +00:00
Max Schaefer	b2366c7a68	JavaScript: Refactor parsing of JSX element content.	2019-02-24 20:45:41 +00:00
Max Schaefer	88be67a4fc	JavaScript: Add support for `for-each-in` comprehensions.	2019-02-24 20:45:41 +00:00
Max Schaefer	d3ae2954ff	JavaScript: Add support for parsing postfix generator comprehensions.	2019-02-24 20:45:41 +00:00
Max Schaefer	bb93cef20a	JavaScript: Refactor parsing of parenthesised expressions.	2019-02-24 20:45:41 +00:00
Max Schaefer	92c8501e67	JavaScript: Refactor parsing of generator/array comprehensions.	2019-02-24 20:45:41 +00:00
Max Schaefer	f3ea810c21	JavaScript: Add parser support for E4X.	2019-02-24 20:45:41 +00:00
Max Schaefer	1ad4867f2a	JavaScript: Make parsing of decorators more restrictive. As per [the proposal](https://tc39.github.io/proposal-decorators/#sec-new-syntax), decorators can only contain identifiers or parenthesised expressions, optionally followed by property accesses and arguments.	2019-02-24 20:45:41 +00:00
Max Schaefer	db9ac72e7a	Merge pull request #957 from esben-semmle/js/another-autobinder-model JS: model one more 'autobind' for js/unbound-event-handler-receiver	2019-02-22 20:58:17 +00:00
Max Schaefer	12ed2ca000	Merge pull request #958 from esben-semmle/js/improve-tainted-path JS: add taint steps for fs.realpath and fs.realpathSync	2019-02-22 20:55:39 +00:00
Esben Sparre Andreasen	305a249280	JS: add taint steps for fs.realpath and fs.realpathSync	2019-02-21 09:48:35 +01:00
Esben Sparre Andreasen	27cae0c190	JS: model one more 'autobind' for js/unbound-event-handler-receiver	2019-02-21 08:23:54 +01:00
james	50ad8a4089	update link in vue.qll	2019-02-20 16:43:56 +00:00
semmle-qlci	f5e419e774	Merge pull request #933 from xiemaisi/js/createContextualFragment Approved by asger-semmle	2019-02-20 12:42:27 +00:00
semmle-qlci	26525fc1b5	Merge pull request #929 from asger-semmle/typescript-no-expansion Approved by xiemaisi	2019-02-13 18:20:41 +00:00
semmle-qlci	92a6e7e04c	Merge pull request #932 from asger-semmle/cookbook-prepare Approved by xiemaisi	2019-02-13 18:20:09 +00:00
Asger F	dfe3f254de	JS: generalize to include default imports	2019-02-13 18:03:57 +00:00
Max Schaefer	5b2df068d3	Merge pull request #921 from asger-semmle/class-node-absval JS: use type inference to back up function-style classes	2019-02-13 10:12:20 +00:00
semmle-qlci	c422ade739	Merge pull request #927 from xiemaisi/js/ambiguous-id-attr-templates Approved by esben-semmle	2019-02-13 08:35:41 +00:00
Asger F	d532815efe	JS: remove unused predicate	2019-02-12 17:34:21 +00:00
Asger F	be10f24de7	JS: make moduleImport() work for named imports	2019-02-12 17:22:06 +00:00
Max Schaefer	2fce626c3a	JavaScript: Add `Range.prototype.createContextualFragment` as an XSS sink.	2019-02-12 16:32:30 +00:00
Max Schaefer	41eb1ff9d0	JavaScript: Drop precision of `AmbiguousIdAttribute` to 'high'.	2019-02-12 16:31:29 +00:00
Max Schaefer	25f95d9fb1	JavaScript: Be more conservative about templates in `AmbiguousIdAttribute`. Previously, we only excluded attributes where the value of the attribute itself suggests templating happening. Now we exclude all attributes in documents where _any_ attribute value suggests templating.	2019-02-12 16:31:01 +00:00
Anders Schack-Mulligen	15a6044445	Javascript: Autoformat qlls	2019-02-12 14:41:31 +01:00
Asger F	3290c174c3	JS: Add DataFlow::Node.getAFunctionValue	2019-02-12 13:38:46 +00:00
Asger F	2fd1ee60a2	JS: add DataFlow::Node.getIntValue()	2019-02-12 13:38:46 +00:00
Asger F	0fd9d157f8	JS: add DataFlow::Node.getStringValue()	2019-02-12 13:38:45 +00:00
Anders Schack-Mulligen	1182fca665	Javascript: Autoformat qls	2019-02-12 14:38:42 +01:00
semmle-qlci	c133362660	Merge pull request #910 from xiemaisi/js/regexp-taint Approved by esben-semmle	2019-02-12 13:15:16 +00:00
Asger F	0444fa307d	TS: update test expectations	2019-02-12 12:33:09 +00:00
Asger F	7a813cfb84	TS: disable type expansion by default	2019-02-12 12:21:11 +00:00
semmle-qlci	ac3f413b87	Merge pull request #920 from xiemaisi/js/field-as-prop-write Approved by asger-semmle	2019-02-12 10:48:13 +00:00
semmle-qlci	10b00254ec	Merge pull request #915 from asger-semmle/closure-uri-methods Approved by xiemaisi	2019-02-11 10:51:07 +00:00
Max Schaefer	10ef945b51	JavaScript: Restrict `InstanceFieldAsPropWrite` to fields with initializers.	2019-02-11 08:17:53 +00:00

1 2 3 4 5 ...

1074 Commits