codeql

mirror of https://github.com/github/codeql.git synced 2026-03-24 08:26:51 +01:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	ee7a6af7c7	JS: address review comments	2018-11-20 08:37:23 +01:00
Esben Sparre Andreasen	daed0653cb	JS: support property tracking of custom abstract values	2018-11-13 11:42:09 +01:00
Esben Sparre Andreasen	1d87c580b3	JS: introduce DefinedCustomAbstractValue	2018-11-13 11:40:31 +01:00
Max Schaefer	663bdd60a0	Merge pull request #396 from esben-semmle/js/unconditional-property-override JS: add query: js/unconditional-property-override	2018-11-12 17:10:32 +00:00
semmle-qlci	c9d77a2d6d	Merge pull request #443 from xiemaisi/js/improve-stack-trace-exposure Approved by asger-semmle	2018-11-12 08:40:26 +00:00
Max Schaefer	fa8736adbc	JavaScript: Introduce aliases for compatibility with other language libraries.	2018-11-09 11:27:14 +00:00
Max Schaefer	bdfe938d02	JavaScript: Improve `StackTraceExposure` query. It now also flags exposure of the entire exception object (not just the `stack` property).	2018-11-09 09:42:09 +00:00
semmle-qlci	a7290e5aeb	Merge pull request #434 from esben-semmle/js/type-confusion-with-taint-kinds Approved by asger-semmle	2018-11-09 08:25:55 +00:00
semmle-qlci	c19747803b	Merge pull request #425 from xiemaisi/js/lodash-recognition-extensible Approved by esben-semmle	2018-11-09 08:08:40 +00:00
Esben Sparre Andreasen	b7f424df41	JS: introduce DataFlow::PropWrite::getWriteNode	2018-11-08 13:23:19 +01:00
semmle-qlci	3c49bc6e67	Merge pull request #407 from asger-semmle/email-xss Approved by xiemaisi	2018-11-08 10:53:10 +00:00
semmle-qlci	29cabc0e09	Merge pull request #424 from esben-semmle/js/syntactic-nullOrUndefined Approved by asger-semmle	2018-11-08 10:52:44 +00:00
Asger F	e0d5557ef4	JS: add email HTML body as XSS sink	2018-11-07 11:31:40 +00:00
Esben Sparre Andreasen	f0343d0678	JS: use `isUserControlledObject` in js/type-confusion-through-parameter-tampering	2018-11-07 12:18:46 +01:00
Esben Sparre Andreasen	a2df4f9bfe	JS: mark Koa params as user-controlled objects	2018-11-07 12:18:46 +01:00
Max Schaefer	22640f891e	JavaScript: Make lodash/underscore recognition extensible.	2018-11-07 09:02:17 +00:00
Esben Sparre Andreasen	f04293f73c	JS: replace .stripParens library uses w. .getUnderlyingReference	2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen	030d9202de	JS: replace .stripParens library uses w. .getUnderlyingValue	2018-11-07 09:32:02 +01:00
semmle-qlci	4225e0bb44	Merge pull request #356 from asger-semmle/parameter-node Approved by xiemaisi	2018-11-07 08:31:05 +00:00
semmle-qlci	c20e24d549	Merge pull request #385 from asger-semmle/async-model Approved by xiemaisi	2018-11-07 08:28:37 +00:00
Max Schaefer	212a78b5fc	Merge pull request #323 from esben-semmle/js/always-return-type-inference JS: additional return type inference	2018-11-07 08:25:28 +00:00
Esben Sparre Andreasen	a79a6a07b8	JS: stop tracking properties of object literals	2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen	a07c094437	JS: introduce TypeInferredCalleeWithAnalyzedReturnFlow	2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen	fef3573152	JS: use global layer in AnalyzedNode::getABooleanValue and -getAType	2018-11-06 16:04:46 +01:00
Asger F	c991d67fcb	JS: fix typos	2018-11-06 12:12:43 +00:00
Asger F	460521616c	JS: rename getIteratee to getIteratorCallback	2018-11-06 12:12:43 +00:00
Asger F	97d65fb82f	JS: fix bad join ordering	2018-11-06 12:12:43 +00:00
Asger F	b40fa3845f	JS: add model of async package	2018-11-06 12:12:43 +00:00
semmle-qlci	76475fef3b	Merge pull request #406 from xiemaisi/js/configuration-fiddling Approved by asger-semmle	2018-11-06 11:51:12 +00:00
Esben Sparre Andreasen	4e54af3b41	JS: introduce 'Util::describeExpression'	2018-11-05 12:58:12 +01:00
semmle-qlci	b743ee4179	Merge pull request #314 from esben-semmle/js/json-stringify-as-command-line-injection-source-heuristic Approved by xiemaisi	2018-11-05 07:37:36 +00:00
Max Schaefer	e77ea62179	JavaScript: Tweak `storeStep` predicate.	2018-11-01 21:24:16 -04:00
Max Schaefer	94bba88080	JavaScript: Avoid unhelpful magic.	2018-11-01 21:22:51 -04:00
Max Schaefer	a72507a621	JavaScript: Remove a `pragma[noopt]`.	2018-11-01 21:22:03 -04:00
semmle-qlci	08833465a0	Merge pull request #386 from xiemaisi/js/lodash_partial Approved by esben-semmle	2018-11-01 09:44:14 +00:00
Max Schaefer	3d2a27b039	JavaScript: Make a useful member predicate public.	2018-10-31 06:46:09 -04:00
Max Schaefer	c75d785684	JavaScript: Fix modelling of `_.partial`. Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array; cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial.	2018-10-31 06:31:59 -04:00
Asger F	f07aa5bb2c	JS: ensure parameters always have a dataflow node	2018-10-31 10:28:31 +00:00
semmle-qlci	8b866ade0e	Merge pull request #373 from asger-semmle/jsx-factory-import Approved by xiemaisi	2018-10-30 10:35:49 +00:00
semmle-qlci	1509752df6	Merge pull request #345 from esben-semmle/js/intro-getUnderlying Approved by xiemaisi	2018-10-30 10:34:00 +00:00
Esben Sparre Andreasen	c9890fee1e	JS: address review comments	2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen	ec1722c4db	JS: add utility SyntacticConstants::isNullOrUndefined	2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen	7c7cd7c213	JS: make use of getUnderlyingValue	2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen	376245da06	JS: introduce Expr::getUnderlyingReference	2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen	8fc89e2e36	JS: introduce Expr::getUnderlyingValue	2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen	244d8d5778	JS: introduce `truncate` utility	2018-10-26 15:20:58 +02:00
Esben Sparre Andreasen	2565b35c3d	JS: Fix indentation	2018-10-26 15:19:43 +02:00
Asger F	47f59b4fd8	JS: fix typo	2018-10-26 14:08:44 +01:00
Asger F	3bd91bdf08	JS: introduce common class for Babel plugins	2018-10-26 12:55:37 +01:00
Asger F	91943ae2cb	JS: support transform-react-jsx plugin	2018-10-26 12:06:56 +01:00

1 2 3 4 5 ...

271 Commits