hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-12 02:09:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,749 Commits 1,754 Branches 167 Tags
f540dcb4860d3a25930c0aaa5d5e2566f71107fd
Commit Graph

662 Commits

Author SHA1 Message Date
Max Schaefer
f540dcb486 JavaScript: Address review comments. 2019-03-12 16:56:10 +00:00
Max Schaefer
77e59f1a47 JavaScript: Be more lenient about namespace matching. 2019-03-11 12:42:51 +00:00
Max Schaefer
41d83d5b7d JavaScript: Introduce additional flow steps between sockets. 2019-03-11 12:42:51 +00:00
Max Schaefer
36c9af977b JavaScript: Connect up client and server sockets. 2019-03-11 12:42:51 +00:00
Max Schaefer
dc614ebefe JavaScript: Introduce indices for sent/received items. 2019-03-11 12:42:51 +00:00
Max Schaefer
b47b26ca61 JavaScript: Add basic model of client-side socket.io API. 2019-03-11 12:42:34 +00:00
Max Schaefer
363c11e89d JavaScript: Improve handling of acknowledgment callbacks. 2019-03-11 12:41:19 +00:00
Max Schaefer
37bc36d92e JavaScript: Factor out handling of EventEmitter API. 2019-03-11 12:41:19 +00:00
Max Schaefer
f92f9594ea JavaScript: Add a convenience predicate to get the last parameter of a function. 2019-03-11 12:41:19 +00:00
Max Schaefer
eb07754eee JavaScript: Introduce representation of socket.io servers and namespaces. 2019-03-11 12:41:19 +00:00
semmle-qlci
4c3ecf0f76 Merge pull request #989 from asger-semmle/class-node-get-this-access 
Approved by xiemaisi
 2019-03-01 19:40:31 +00:00
Max Schaefer
83e0f3bc8d Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 
JS: Captured Nodes, type inference + a query
 2019-03-01 10:48:52 +00:00
semmle-qlci
6cafe222c4 Merge pull request #1013 from asger-semmle/closure-string-ops 
Approved by esben-semmle
 2019-03-01 10:31:27 +00:00
Max Schaefer
a6f3305edc Merge pull request #1006 from asger-semmle/express-end 
JS: Treat res.end() as alias for res.send() in Express
 2019-03-01 10:30:06 +00:00
Max Schaefer
8dcd8715b9 Merge pull request #889 from jcreedcmu/jcreed/tarslip 
JavaScript: Add new query for ZipSlip (CWE-022).
 2019-03-01 08:16:35 +00:00
Jason Reed
c1b218a5ff JS: Documentation fixes 2019-02-28 15:46:19 -05:00
Jason Reed
674d2790b4 JS: Address review comments 2019-02-28 15:46:07 -05:00
Jason Reed
2fc2a393b7 JS: Address review comments 2019-02-28 15:45:52 -05:00
Jason Reed
09b9a57783 JS: More efficient reasoning through pipe 2019-02-28 15:45:38 -05:00
Jason Reed
b0636dd410 JS: Better local flow through .pipe chaining 2019-02-28 15:45:33 -05:00
Jason Reed
32d48ba98b JS: Run auto-formatter 2019-02-28 15:45:20 -05:00
Jason Reed
abd2644af7 JS: Address review comments 2019-02-28 15:45:13 -05:00
Jason Reed
baa4f08259 JS: Add new query for ZipSlip (CWE-022) 2019-02-28 15:45:08 -05:00
Asger F
2bfb015218 JS: Add closure string ops 2019-02-28 16:47:53 +00:00
Asger F
03ef167c56 JS: Treat res.end() as alias for res.send() in Express 2019-02-28 12:37:11 +00:00
Max Schaefer
c8a37297f3 Merge pull request #997 from asger-semmle/closure-promise 
JS: model of closure Promises
 2019-02-28 10:05:12 +00:00
Max Schaefer
1b5887014b Merge pull request #988 from asger-semmle/spread-taint-step 
JS: add taint step through object/array spread operators
 2019-02-28 09:58:23 +00:00
semmle-qlci
6602b4dbda Merge pull request #992 from xiemaisi/js/socket.io 
Approved by asger-semmle
 2019-02-27 18:43:40 +00:00
Asger F
9497199cbd JS: add localFieldStep 2019-02-27 14:20:47 +00:00
Asger F
b6648def19 JS: Add ClassNode.getAReceiverNode 2019-02-27 14:20:47 +00:00
Asger F
3d400cc57f JS: basic model of closure Promises 2019-02-27 11:58:51 +00:00
semmle-qlci
999e0c8b95 Merge pull request #947 from asger-semmle/string-ops-concat 
Approved by xiemaisi
 2019-02-27 09:54:46 +00:00
Max Schaefer
37a3085466 Merge pull request #993 from asger-semmle/getacallee 
JS: document new behavior of overriding InvokeNode.getACallee()
 2019-02-27 09:00:59 +00:00
Max Schaefer
0648d7aa09 JavaScript: Sharpen result type of getAReceivedItem. 2019-02-27 08:51:43 +00:00
Max Schaefer
cd9ccd4c8d Merge pull request #983 from asger-semmle/closure-global-ref 
JS: add closure library in globalObjectRef
 2019-02-26 16:55:58 +00:00
Max Schaefer
db5fbe29a3 Merge pull request #941 from esben-semmle/js/vue-support-2 
JS: Vue security improvements
 2019-02-26 16:49:38 +00:00
Asger F
eaf3f52372 JS: document new behavior of overriding InvokeNode.getACallee() 2019-02-26 16:09:19 +00:00
Max Schaefer
739705865b JavaScript: Add basic model of socket.io. 2019-02-26 15:53:29 +00:00
semmle-qlci
86e646beb4 Merge pull request #975 from asger-semmle/global-closure-dataflow 
Approved by esben-semmle
 2019-02-26 13:57:39 +00:00
Asger F
29d2d620e4 JS: add taint step through object/array spread operators 2019-02-26 11:43:59 +00:00
Esben Sparre Andreasen
f9111f68e9 Update javascript/ql/src/semmle/javascript/dataflow/TypeInference.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-02-26 11:11:44 +01:00
Asger F
6b9157540b JS: mark globalFlowPred as internal 2019-02-26 09:56:22 +00:00
semmle-qlci
74a4103857 Merge pull request #976 from asger-semmle/closure-import-deep 
Approved by esben-semmle
 2019-02-26 09:34:04 +00:00
semmle-qlci
00d490e84d Merge pull request #945 from asger-semmle/extensible-module-import 
Approved by xiemaisi
 2019-02-26 09:26:28 +00:00
Esben Sparre Andreasen
9511bdf6ae JS: address review comment 2019-02-26 10:07:00 +01:00
Max Schaefer
c2a5350bf2 Merge pull request #982 from asger-semmle/closure-string-lib 
JS: model string functions from closure library
 2019-02-26 08:26:14 +00:00
Asger F
93440014a0 JS: only propagate through first argument of truncate() 2019-02-25 17:11:55 +00:00
Asger F
d45f670646 JS: remove duplicate modelling of urlDecode/urlEncode 2019-02-25 17:04:56 +00:00
Asger F
29de1411b7 JS: remove restriction on truncate calls 2019-02-25 17:00:47 +00:00
Asger F
50e8f83ad5 JS: use globalVarRef/SourceNode instead 2019-02-25 16:54:45 +00:00