codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00

Author	SHA1	Message	Date
semmle-qlci	f6af5da7f7	Merge pull request #2778 from erik-krogh/FalsySanitizer Approved by asgerf	2020-02-20 11:17:03 +00:00
semmle-qlci	8b277f7226	Merge pull request #2868 from asger-semmle/js/missing-await-void Approved by max-schaefer	2020-02-20 10:56:47 +00:00
semmle-qlci	091c6c063c	Merge pull request #2856 from esbena/js/fix-RegExp-getPredecessor-getSuccessor Approved by max-schaefer	2020-02-20 09:50:52 +00:00
Asger Feldthaus	77105f6572	JS: Do not flag void operands MissingAwait	2020-02-19 09:30:03 +00:00
Max Schaefer	4346691cdc	JavaScript: Distinguish `{lo}` and `{lo,}` in the regular expression parser.	2020-02-19 08:26:14 +00:00
Erik Krogh Kristensen	e359e1a373	use a barrier directly instead of a barrier guard	2020-02-18 10:57:28 +01:00
Esben Sparre Andreasen	abe7aeef7c	Merge pull request #2643 from esbena/js/unsafe-jquery JS: add query js/unsafe-jquery-plugin	2020-02-18 09:26:14 +01:00
Esben Sparre Andreasen	8a9587fc91	JS: fix RegExp::getSuccessor/getPredecessor for sequence end/starts	2020-02-17 13:40:53 +01:00
Esben Sparre Andreasen	c5ee436b16	JS: add RegExp::getSuccessor/getPredecessor tests	2020-02-17 13:06:55 +01:00
semmle-qlci	23ed2bcc64	Merge pull request #2782 from asger-semmle/js/export-as-ns Approved by erik-krogh, max-schaefer	2020-02-17 11:22:58 +00:00
Max Schaefer	f181111886	JavaScript: Add model of `http2` compatibility API. Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.	2020-02-14 11:14:31 +00:00
semmle-qlci	da566a4484	Merge pull request #2828 from erik-krogh/CVE24 Approved by esbena	2020-02-14 09:12:48 +00:00
semmle-qlci	769dce511b	Merge pull request #2788 from erik-krogh/CVE42-sink Approved by esbena	2020-02-14 08:00:00 +00:00
Erik Krogh Kristensen	897bb4d801	add test for chrome-remote-interface	2020-02-13 15:12:45 +01:00
Erik Krogh Kristensen	0f511c92b4	Merge remote-tracking branch 'upstream/master' into FalsySanitizer	2020-02-10 09:54:58 +01:00
semmle-qlci	76ba48c6fb	Merge pull request #2790 from esbena/js/model-send Approved by asgerf	2020-02-07 21:30:54 +00:00
Asger Feldthaus	ad10414604	JS: Update expected output of existing test	2020-02-07 16:57:57 +00:00
Erik Krogh Kristensen	06e13cb3a1	Merge branch 'master' of git.semmle.com:Semmle/ql into FalsySanitizer	2020-02-07 16:13:02 +01:00
Erik Krogh Kristensen	c6668da02e	expand how indirectCommandArguments are found	2020-02-07 15:00:05 +01:00
Erik Krogh Kristensen	1ece6b9afe	update expected output of tests	2020-02-07 12:57:51 +01:00
semmle-qlci	125c6a071c	Merge pull request #2787 from asger-semmle/js/lazy-cache-test-case Approved by esbena	2020-02-07 11:53:04 +00:00
Esben Sparre Andreasen	736ccb98c2	JS: model the `send` library for `js/path-injection`	2020-02-07 12:45:32 +01:00
Erik Krogh Kristensen	8ea6070120	add indirect command injection sink for a concatenated array	2020-02-07 11:04:34 +01:00
Asger Feldthaus	a2fa6bb41f	JS: Add test case for lazy-cache	2020-02-07 09:50:37 +00:00
Asger Feldthaus	f84af74d1d	JS: Handle more libraries	2020-02-06 14:59:52 +00:00
Asger Feldthaus	c559ab13e7	JS: Add test and handle parameter with source object	2020-02-06 14:59:52 +00:00
Erik Krogh Kristensen	2865723059	add test for new barrier	2020-02-06 15:44:33 +01:00
Asger Feldthaus	7090124a1d	JS: Implement type inference through export * as ns	2020-02-06 14:29:35 +00:00
Asger Feldthaus	2b77c7969d	JS: Add tests for 'export * as ns'	2020-02-06 14:04:12 +00:00
Asger Feldthaus	f5c805bad1	JS: Move tests into one file	2020-02-06 13:55:29 +00:00
Asger Feldthaus	54c521d41c	JS: Fix typo in test query	2020-02-06 13:50:06 +00:00
Erik Krogh Kristensen	1f7dda7fbc	add dataflow barrier for if(xrandr)	2020-02-06 12:55:44 +01:00
Erik Krogh Kristensen	d8a30c48a3	update expected output of TaintedPath tests	2020-02-06 09:47:15 +01:00
semmle-qlci	5125dc7939	Merge pull request #2730 from esbena/js/model-path-parse Approved by asgerf	2020-02-05 21:35:55 +00:00
semmle-qlci	163285bee7	Merge pull request #2735 from asger-semmle/prototype-pollution-manual-dataflow Approved by esbena	2020-02-05 12:52:59 +00:00
semmle-qlci	53763c789f	Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path Approved by erik-krogh	2020-02-05 10:53:39 +00:00
semmle-qlci	52f34d7178	Merge pull request #2715 from erik-krogh/PrivateFields Approved by asgerf	2020-02-05 10:20:28 +00:00
Esben Sparre Andreasen	f6ad22dd1f	Merge pull request #2758 from asger-semmle/js/string-concat-concat JS: Model concat() calls as string concatenation	2020-02-05 10:41:02 +01:00
Asger Feldthaus	b4df03767d	JS: Ignore obvious Array.prototype.concat calls	2020-02-04 16:36:41 +00:00
Asger Feldthaus	c185cededf	JS: More pruning and more data flow	2020-02-04 15:06:42 +00:00
semmle-qlci	4b89eee683	Merge pull request #2757 from max-schaefer/js/resolveMainModule-extensions Approved by asgerf	2020-02-04 13:07:08 +00:00
Erik Krogh Kristensen	15e26666cd	add declaration for private field in syntax error test	2020-02-04 14:05:09 +01:00
Asger Feldthaus	bf2c944b4f	JS: Model concat() calls as string concatenation	2020-02-04 10:20:37 +00:00
Max Schaefer	e21c24c60e	JavaScript: Add failing test case.	2020-02-04 09:39:04 +00:00
semmle-qlci	bd51ef35b7	Merge pull request #2731 from erik-krogh/CVE527 Approved by esbena	2020-02-04 08:38:26 +00:00
Esben Sparre Andreasen	bbd60f52ba	JS: add additional flow steps to js/path-injection	2020-02-03 16:36:25 +01:00
Erik Krogh Kristensen	e3189aaa47	raise syntax error on declaration of private method, and add syntax tests for private fields	2020-02-03 16:00:25 +01:00
semmle-qlci	3a7845e7fc	Merge pull request #2653 from erik-krogh/exceptionFPs Approved by esbena	2020-02-03 14:15:24 +00:00
Asger Feldthaus	9abf5f06e6	TS: Resolve imports using TypeScript symbols	2020-02-03 09:32:56 +00:00
Esben Sparre Andreasen	c70997febf	JS: address review comments for js/unsafe-jquery-plugin	2020-01-31 19:33:04 +01:00

1 2 3 4 5 ...

1446 Commits