hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 14:34:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
74ab346348e4257d12a9bc3bb66ed4854f4b6a64
codeql/javascript/ql/lib
History
Asger F 74ab346348 JS: Do not include taint steps in TaintedUrlSuffix::step 
TaintedUrlSuffix is currently only used in TaintTracking configs meaning it is already propagated
by taint steps. The inclusion of these taint steps here however meant that implicit reads could appear prior to any of these steps.

This was is problematic for PropRead steps as an expression like x[0] could spuriously read from array element 1 via the path:

x [element 1]
x [empty access path] (after implicit read)
x[0] (taint step through PropRead)
2024-09-12 13:42:25 +02:00
..
change-notes/released
Release preparation for version 2.18.2
2024-08-07 14:02:38 +00:00
Declarations
JS: Make implicit this receivers explicit
2023-05-03 15:31:00 +02:00
Expressions
delete old deprecations
2023-06-02 11:58:08 +02:00
external
JS: move ExternalArtifact.qll into lib/ folder to fix ql/db-type-outside-core
2022-01-20 14:00:57 +01:00
LanguageFeatures
semmle
JS: Do not include taint steps in TaintedUrlSuffix::step
2024-09-12 13:42:25 +02:00
upgrades
JS: Use entities in reorder directives
2024-05-03 11:17:13 -07:00
BUILD.bazel
Upgrade rules_pkg to 0.10.1.
2024-04-16 16:29:56 +02:00
CHANGELOG.md
Release preparation for version 2.18.2
2024-08-07 14:02:38 +00:00
codeql-pack.release.yml
Release preparation for version 2.18.2
2024-08-07 14:02:38 +00:00
Customizations.qll
default.qll
definitions.qll
Merge branch 'main' into missDocParam
2022-07-13 09:58:04 +02:00
IDEContextual.qll
Share getFileBySourceArchiveName implementation
2024-02-23 11:25:49 +01:00
javascript.qll
move TypeORM library file and tests to experimental
2023-11-21 19:59:06 +01:00
localDefinitions.ql
Move contextual queries from src to lib
2022-06-29 07:51:26 -07:00
localReferences.ql
Move contextual queries from src to lib
2022-06-29 07:51:26 -07:00
printAst.ql
Move contextual queries from src to lib
2022-06-29 07:51:26 -07:00
qlpack.lock.yml
qlpack.yml
Post-release preparation for codeql-cli-2.18.2
2024-08-08 12:56:21 +00:00
semmlecode.javascript.dbscheme
add JS support the using keyword
2023-08-24 20:30:26 +02:00
semmlecode.javascript.dbscheme.stats
add to the stat file
2023-08-24 20:30:26 +02:00