hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
61e60de969d2454619f89bf05213e254a9d71e04
codeql/javascript/ql/test/library-tests
History
Rasmus Wriedt Larsen 61e60de969 JS: Model readline as a stdin threat-model source 
Technically not always true, but my assumption is that +90% of the time
that's what it will be used for, so while we could be more precise by
adding a taint-step from the `input` part of the construction, I'm not
sure it's worth it in this case.

Furthermore, doing so would break with the current way we model
threat-model sources, and how sources are generally modeled in JS... so
for a very pretty setup it would require changing all the other `file`
threat-model sources to start at the constructors such as
`fs.createReadStream()` and have taint-propagation steps towards the
actual use (like we do in Python)...

I couldn't see an easy path forwards for doing this while keeping the
Concepts integration, so I opted for the simpler solution here.
2024-10-31 14:29:30 +01:00
..
AMD
JS: Do not treat AMD pseudo-dependencies as file paths
2024-02-29 10:23:28 +01:00
Arrays
JS: Support spread arguments in array.splice
2024-06-14 15:33:17 +02:00
AST
fix out of bounds string access in isUsingDecl
2023-09-13 20:11:21 +02:00
Barriers
JS: Make implicit this receivers explicit
2023-05-03 15:31:00 +02:00
BasicBlocks
Javascript: Autoformat.
2019-01-11 11:02:42 +01:00
Bundling
Javascript: Autoformat.
2019-01-11 11:02:42 +01:00
CallGraphs
JS: More implied receiver steps
2024-03-26 10:23:08 +01:00
CFG
remove redundant cast where the type is enforced by an equality comparison
2021-10-28 18:08:20 +02:00
Classes
remove test .qll files that weren't imported
2022-03-13 23:54:53 +01:00
ClassNode
JS: Add ClassNode.getStaticMember
2022-04-20 11:14:41 +02:00
Closure
aggregate the tests in library-tests/Closure into a single .ql file
2020-10-20 14:08:54 +02:00
Comments
JavaScript: Fix bug in extraction of next_token.
2019-01-29 12:58:32 +00:00
Comprehensions
aggregate the tests in library-tests/Comprehensions into a single .ql file
2020-10-20 14:08:54 +02:00
Constants
Re-order expected test output of all JS tests
2023-10-31 16:38:22 +01:00
CryptoLibraries
JS: pick up CryptographicKeys used in asmCrypto encrypt/decrypt calls
2023-02-03 12:16:25 +00:00
CustomAbstractValueDefinitions
JS: fix ql/field-only-used-in-charpred within JavaScript
2022-01-20 09:41:13 +01:00
CustomLoadStoreSteps
autoformat
2020-03-27 14:54:34 +01:00
DataExtensions
JS: use test-local data extensions
2023-06-14 10:38:33 +02:00
DataFlow
Update tests.expected
2024-02-13 18:30:23 +01:00
Decorators
JS: Rename test files to avoid clash
2020-03-26 11:59:57 +00:00
DefUse
also deprecate the definitionReaches predicate, it was only used in a test
2022-03-14 10:14:15 +01:00
dependencies
JavaScript: Update Dependencies library to not rely on Files being Locatable.
2019-12-02 12:40:49 +00:00
DependencyModuleImports
remove redundant imports for JS
2023-12-08 16:56:54 +01:00
Directives
JS: Fix use of deprecated alias
2024-03-26 09:39:39 +01:00
DOM
Re-order expected test output of all JS tests
2023-10-31 16:38:22 +01:00
EmailClients
Javascript: Autoformat.
2019-01-11 11:02:42 +01:00
EndpointNaming
JS: More precise detection of classes with escaping instances
2024-02-29 11:15:37 +01:00
Errors
JavaScript: Move --tolerate-parse-errors extractor options into options file.
2019-11-06 13:01:28 +00:00
ES20xxFeatures
patch upper-case acronyms to be PascalCase
2022-03-11 11:10:33 +01:00
ESLint
JS: Update test output
2022-11-09 09:36:03 +01:00
Expr
Re-order expected test output of all JS tests
2023-10-31 16:38:22 +01:00
Extend
JS: Make implicit this receivers explicit
2023-05-03 15:31:00 +02:00
Externs
patch upper-case acronyms to be PascalCase
2022-03-11 11:10:33 +01:00
Files
JS: Update expected test output
2024-10-04 08:35:33 +02:00
FileTypes
JS: Rename test files to avoid clash
2020-03-26 11:59:57 +00:00
Flow
aggregate the tests in library-tests/Flow into a single .ql file
2020-10-20 14:08:54 +02:00
FlowCustomisation
Javascript: Autoformat.
2019-01-11 11:02:42 +01:00
FlowLabels
JS: Fix DefaultFlowLabels test
2020-10-16 18:13:13 +01:00
frameworks
JS: Updated .expected
2024-06-14 14:49:34 +02:00
Functions
Re-order expected test output of all JS tests
2023-10-31 16:38:22 +01:00
Generators
add support for delegating yield
2020-08-25 20:05:53 +02:00
GlobalAccessPaths
add stress test
2023-06-01 23:20:23 +02:00
HTML
autoformat
2020-10-20 14:27:09 +02:00
HtmlSanitizers
JS: Make implicit this receivers explicit
2023-05-03 15:31:00 +02:00
IIFE
Javascript: Autoformat.
2019-01-11 11:02:42 +01:00
InterProceduralFlow
JS: Update a test.
2023-07-11 15:24:09 +02:00
JSDoc
Re-order expected test output of all JS tests
2023-10-31 16:38:22 +01:00
JSLint
aggregate the tests in library-tests/JSLint into a single .ql file
2020-10-20 14:08:55 +02:00
JSON
Update JSONError.expected
2023-04-27 10:57:38 +02:00
JsonParsers
JS: Make implicit this receivers explicit
2023-05-03 15:31:00 +02:00
JSX
add support for namespaced JSX attributes
2023-06-01 21:52:14 +02:00
LabelledBarrierGuards
JS: Make implicit this receivers explicit
2023-05-03 15:31:00 +02:00
Lines
JavaScript: Move --extract-program-text extractor options into options files.
2019-11-06 13:01:55 +00:00
literals
Add test for Javascript literal with an unpaired surrogate character
2021-09-13 14:02:05 +01:00
LocalObjects
autoformat
2020-10-20 14:27:09 +02:00
MalformedPackageJson
patch upper-case acronyms to be PascalCase
2022-03-11 11:10:33 +01:00
meta/Extraction
JS: Rename test files to avoid clash
2020-03-26 11:59:57 +00:00
ModelGeneration
JS: Allow generated models to use (package)
2024-04-23 20:25:55 +02:00
ModuleImportNodes
Re-order expected test output of all JS tests
2023-10-31 16:38:22 +01:00
Modules
JS: Update expected test output
2024-10-04 08:35:33 +02:00
ModuleTypes
support the "type" field on package.json files while extracting
2020-08-20 14:26:15 +02:00
NodeJS
JS: Update expected test output
2024-10-04 08:35:33 +02:00
Nodes
make globalVarRef non recursive
2021-02-23 10:03:17 +01:00
NPM
Fix typo in test
2023-05-02 12:00:42 +09:00
OptionalChaining
JavaScript: Add options files with --experimental extractor options.
2019-11-06 13:01:23 +00:00
PackageExports
JS: Add test case
2021-10-01 12:02:40 +02:00
PartialInvokeNode
JS: Really autoformat everything
2020-03-02 10:48:33 +00:00
Patterns
aggregate the tests in library-tests/Patterns into a single .ql file
2020-10-20 14:08:54 +02:00
Portals
JS: Update test case output (new flow is correct)
2020-11-09 11:19:47 +00:00
PostDominance
Javascript: Autoformat.
2019-01-11 11:02:42 +01:00
ppNames
JS: Update test outputs
2019-07-17 09:16:15 +01:00
Promises
Re-order expected test output of all JS tests
2023-10-31 16:38:22 +01:00
PropWrite
Re-order expected test output of all JS tests
2023-10-31 16:38:22 +01:00
RangeAnalysis
Merge branch 'main' into explicit-this
2021-11-24 15:24:58 +01:00
Receiver
JS: rename getThisParameter to getReceiver
2018-12-13 10:19:44 +00:00
RecursionPrevention
JS: Simplify type hierarchy for SourceNode
2022-07-29 19:44:10 +02:00
Refinements
JS: Update test output
2020-04-14 10:31:31 +01:00
RegExp
fix parse errors related to char escapes and char ranges
2020-11-10 21:02:29 +01:00
RemoteFlowSources
JavaScript: Allow specifying additional remote flow sources through JSON.
2020-12-12 11:42:55 +00:00
Routing
JS: Rename Node.{getASource -> asSource, getASink -> asSink}
2022-05-24 11:57:30 +02:00
Security
JS: fix spanner test
2022-09-20 11:40:17 +02:00
SensitiveActions
refactor the SensitiveExpr to be a dataflow node
2022-09-05 16:11:54 +02:00
SourceMaps
patch upper-case acronyms to be PascalCase
2022-03-11 11:10:33 +01:00
SpreadRestProperties
JavaScript: Remove redundant --experimental extractor options.
2019-11-05 15:59:24 +00:00
SSA
JS: Update test output
2020-04-14 10:31:31 +01:00
stmts
Re-order expected test output of all JS tests
2023-10-31 16:38:22 +01:00
Strictness
Javascript: Autoformat.
2019-01-11 11:02:42 +01:00
StringConcatenation
use matches instead of regexpMatch
2021-11-18 15:41:25 +01:00
StringOps
JS: Fix 'match' call in StringOps::RegExpTest
2020-06-09 10:07:36 +01:00
TaintBarriers
JS: Add tests
2023-07-11 11:37:30 +02:00
TaintTracking
JS: Update expected output
2024-02-14 10:45:51 +01:00
Templates
aggregate the tests in library-tests/Templates into a single .ql file
2020-10-20 14:08:54 +02:00
ThisExpr
JS: infer this to be module.exports in node modules
2020-03-13 14:10:35 +01:00
threat-models
JS: Model readline as a stdin threat-model source
2024-10-31 14:29:30 +01:00
Tokens
Javascript: Autoformat.
2019-01-11 11:02:42 +01:00
TorrentLibraries
JS: Really autoformat everything
2020-03-02 10:48:33 +00:00
TrailingFunctionCommas
JavaScript: Remove redundant --experimental extractor options.
2019-11-05 15:59:24 +00:00
TypeAnnotations
JS: Update test
2020-09-03 14:01:40 +01:00
TypeInference
JS: Improv inter-procedural type inference for FunctionExpr
2021-12-10 01:09:49 +08:00
TypeScript
JS: Update expected test output
2024-10-04 08:35:33 +02:00
TypeTracking
JS: show test changes after #15823
2024-03-18 13:09:37 +01:00
Util
aggregate the tests in library-tests/Util into a single .ql file
2020-10-20 14:08:55 +02:00
variables
aggregate the tests in library-tests/variables into a single .ql file
2020-10-20 14:08:55 +02:00
XML
rename all occurrences of XML to Xml
2022-08-22 14:08:31 +02:00
YAML
JS: Update test output
2022-11-09 09:36:03 +01:00