github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
46 678 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

8260 Коммитов

Автор SHA1 Сообщение Дата
Max Schaefer 58e384558c JavaScript: Improve query name and help for `js/incomplete-sanitization`. 
The query applies more generally to all kinds of string escaping and encoding, not just sanitization.
 2018-09-03 08:20:01 +01:00
Max Schaefer 20bff709b1
Merge pull request #136 from esben-semmle/js/composed-function-taint 
JS: model composed functions (RC)
 2018-09-03 08:18:20 +01:00
Max Schaefer 7e3adec789
Merge pull request #135 from esben-semmle/js/pick-get-taint-steps 
JS: model property projection calls (RC)
 2018-09-03 08:17:42 +01:00
Max Schaefer 69ca103e06
Merge pull request #115 from esben-semmle/js/composed-function-taint 
JS: model composed functions
 2018-08-31 08:14:18 +01:00
Max Schaefer 7e18426fde
Merge pull request #113 from esben-semmle/js/pick-get-taint-steps 
JS: model property projection calls
 2018-08-31 08:13:40 +01:00
Esben Sparre Andreasen 90b3902244 JS: add a taint step for property projection 2018-08-30 09:39:02 +02:00
Esben Sparre Andreasen df97132519 JS: add model for property projection 2018-08-30 09:39:02 +02:00
Esben Sparre Andreasen 86ab9adb06 JS: support `push` and `sort` taint steps for arrays 2018-08-30 09:14:06 +02:00
Esben Sparre Andreasen dc72788746 JS: add a model of some function composition libraries 2018-08-30 08:17:01 +02:00
semmle-qlci d22a65a66b
Merge pull request #108 from esben-semmle/js/classify-generated-data-files 
Approved by xiemaisi
 2018-08-29 14:15:55 +01:00
Esben Sparre Andreasen 02d56306c9 JS: classify generated data files 2018-08-27 15:06:00 +02:00
Dave Bartolomeo d920fc7d94 Force LF line endings for .ql, .qll, and .qlref files 2018-08-24 11:58:58 -07:00
semmle-qlci 55ceb9be8b
Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers 
Approved by xiemaisi
 2018-08-24 08:37:41 +01:00
Esben Sparre Andreasen a1d79ef906 JS: make the new .*indexOfSanitizer-classes private 2018-08-23 15:59:27 +02:00
Esben Sparre Andreasen 2b41f62eb0 JS: introduce `RelationalComparison.isInclucive` 2018-08-23 14:51:39 +02:00
Max Schaefer 2187b0c245
Merge pull request #89 from esben-semmle/js/sharpen-type-confusion 
JS: remove emptiness checks from the type confusion `x.length` sinks
 2018-08-23 08:04:09 +01:00
Esben Sparre Andreasen 20b48a2d24 JS: support relational indexof comparison sanitizers 2018-08-22 15:58:47 +02:00
Esben Sparre Andreasen b4c77b8344 JS: s/can not/cannot/ 2018-08-22 14:08:14 +02:00
Esben Sparre Andreasen 218c0cb51a JS: address review comments 2018-08-22 13:54:07 +02:00
Esben Sparre Andreasen fef257b1ec JS: remove emptiness checks from the type confusion `x.length` sinks 2018-08-22 13:25:22 +02:00
Asger F 35aa2e6fbb TypeScript: update test output 2018-08-22 10:18:38 +01:00
Asger F 1569f73ed8 TypeScript: update stats 2018-08-22 10:18:38 +01:00
Asger F 4eeaf63a3a TypeScript: update related test output 2018-08-22 10:18:38 +01:00
Asger F d26aa04642 TypeScript: support optional and rest elements in static tuple type 2018-08-22 10:18:38 +01:00
Asger F 96005d2147 TypeScript: support unknown static type 2018-08-22 10:18:38 +01:00
Asger F 9a9bbac99e TypeScript: support syntax for unknown types 2018-08-22 10:18:38 +01:00
Asger F 4a9eb0fd3f TypeScript: Add tests for OptionalTypeExpr and RestTypeExpr 2018-08-22 10:18:38 +01:00
Asger F 241ce10da4 TypeScript: support syntax for rest elements in tuple types 2018-08-22 10:18:38 +01:00
Asger F 204b2a3002 TypeScript: support syntax for optional tuple type elements 2018-08-22 10:18:38 +01:00
semmle-qlci 7e7e30c01c
Merge pull request #73 from esben-semmle/js/cleartext-logging-query 
Approved by xiemaisi
 2018-08-22 08:04:36 +01:00
semmle-qlci 7661a98909
Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference 
Approved by xiemaisi
 2018-08-22 08:02:27 +01:00
Esben Sparre Andreasen 2b9f5c3fa2 JS: remove check for test-environment in js/clear-text-logging 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen 3636708d30 JS: extract and expose StringConcatenationTaintStep in TaintTracking 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen 7607b6beff JS: use DataFlow::SourceNode in two additional locations 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen 6950bfe915 JS: review fixups in documentation and comments 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen 605695e117 JS: review fixups in documentation 2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen 19e5db75a3 JS: make AnalyzedFunction public and move getAReturnValue there 2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen ac947f10e7 JS: address some review comments 2018-08-21 22:08:08 +02:00
Esben Sparre Andreasen 6f5fb2a9fe JS: update queries and tests for improved type inference 2018-08-21 22:07:38 +02:00
Esben Sparre Andreasen 3692667af2 JS: improve inter-procedural type inference for "local functions" 2018-08-21 22:07:11 +02:00
Esben Sparre Andreasen 4e45ad2d5a JS: generalize inter procedural IIFE type inference 2018-08-21 21:59:30 +02:00
Esben Sparre Andreasen eb356d8d0b
Merge branch 'master' into js/format-string-taint-step 2018-08-21 15:47:31 +02:00
semmle-qlci 6969466202
Merge pull request #83 from esben-semmle/js/bitwise-indexof-sanitizer 
Approved by xiemaisi
 2018-08-21 14:17:20 +01:00
semmle-qlci a01a453045
Merge pull request #78 from xiemaisi/js/remove-old-test 
Approved by esben-semmle
 2018-08-21 09:04:52 +01:00
Esben Sparre Andreasen 2d63524f83 JS: explain sanitizer equivalence 2018-08-21 09:54:32 +02:00
Esben Sparre Andreasen bbdf6b0f1d JS: mark PrintfStyleCall as a taint step 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen c058b91587 JS: extract PrintfStyleCall out of TaintedFormatString 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen be8a32bb18 JS: add sanitizer support for `~whitelist.indexOf(x)` 2018-08-20 20:32:57 +02:00
Max Schaefer 46ef208e09 JavaScript: Remove spurious test file. 2018-08-20 15:02:51 +01:00
semmle-qlci e1f3637b66
Merge pull request #75 from asger-semmle/server-side-url-redirect-performance 
Approved by xiemaisi
 2018-08-20 14:53:16 +01:00
semmle-qlci 0adeef73ff
Merge pull request #74 from xiemaisi/js/multi-step-export-from 
Approved by asger-semmle
 2018-08-20 12:36:26 +01:00
Max Schaefer b2e304951e
Merge branch 'master' into ts-typescript2.9 2018-08-20 08:14:58 +01:00
Max Schaefer a9f1e21363 JavaScript: Fix exported name of default re-exports. 
A default re-export (not part of the standard yet) looks like this:

```
export f from 'mod';
```

What this means is that the default export of `mod` is re-exported under the name `f`.

Default re-export specifiers (like `f` in this example) are modelled as a kind of default export specifier in our library, but unlike normal default export specifiers they do not export the name `default`.

This was previously not modelled correctly, leading to surprising errors down the line, for example in type inference where we suddenly would no longer be able to resolve an import that otherwise looked resolvable.
 2018-08-20 08:02:15 +01:00
semmle-qlci 44e4b25f42
Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen 0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Esben Sparre Andreasen b4952e7bfd JS: improve and expose SensitiveActions::HeuristicNames 2018-08-20 08:27:42 +02:00
Esben Sparre Andreasen 804c06bd59 JS: add models of logging frameworks 2018-08-20 08:27:42 +02:00
Robert Marsh aaeda5dfcc JavaScript: add the ESLint attack as a test 2018-08-17 10:16:52 -07:00
Robert Marsh 4da9d6d795 JavaScript: add support for Electron http client 2018-08-17 10:16:51 -07:00
Asger F 3806e4b1aa JavaScript: add tests for "import" types 2018-08-17 14:26:32 +01:00
Asger F c902a4e880 TypeScript: add classes for "import" types 2018-08-17 14:26:32 +01:00
Asger F 875b6d0155 TypeScript: add "import" types to dbscheme 2018-08-17 14:26:32 +01:00
Asger F 4dc1462b6b JavaScript: fix performance issue in ServerSideUrlRedirect.qll 2018-08-17 14:02:19 +01:00
semmle-qlci 6132b2c419
Merge pull request #34 from esben-semmle/js/twitter_text-library 
Approved by xiemaisi
 2018-08-15 14:45:52 +01:00
semmle-qlci 8e5059f43a
Merge pull request #58 from xiemaisi/js/demote-heterogeneous-comparison 
Approved by asger-semmle
 2018-08-15 09:01:24 +01:00
Max Schaefer 105b6c9d84
Merge pull request #59 from tibbes/js/fix-qhelp-typo 
JS: fix typo in qhelp (parameter type confusion)
 2018-08-15 08:36:25 +01:00
Esben Sparre Andreasen a025dafcf5 JS: classify twitter-text library instances 2018-08-15 08:51:31 +02:00
Max Schaefer 303b0a0027 JavaScript: Demote `HeterogenousComparison` to warning level. 2018-08-14 15:54:07 +01:00
Julian Tibble 5456ffb64c JS: fix typo in qhelp (parameter type confusion) 2018-08-14 13:07:20 +01:00
Max Schaefer 886329689f JavaScript: Teach `globalVarRef` about top-level `this` and the `global` npm package. 2018-08-14 09:15:15 +01:00
Max Schaefer 9de527fbe2
Merge pull request #49 from asger-semmle/array-map-taint 
JavaScript: add taint steps through Array 'join' and 'map' methods
 2018-08-14 08:07:54 +01:00
Max Schaefer e67f36732a JavaScript: Update expected test output due to changes in Node.js detector. 2018-08-13 14:08:14 +01:00
Asger F d9ba5a1cab JavaScript: add test cases for new array steps 2018-08-13 12:27:12 +01:00
Asger F 66dcd7d4c7 JavaScript: add taint step from return value of 'map' callback 2018-08-13 12:15:24 +01:00
Asger F 0c124d2f8c JavaScript: add taint step through 'join' 2018-08-13 12:12:25 +01:00
semmle-qlci c0fe0a1d24
Merge pull request #46 from asger-semmle/html-sanitizers 
Approved by xiemaisi
 2018-08-13 10:16:15 +01:00
semmle-qlci 3d0748c542
Merge pull request #48 from xiemaisi/js/webview-sinks 
Approved by asger-semmle
 2018-08-13 09:37:33 +01:00
Max Schaefer 199990feea JavaScript: Add `WebView`-related taint sinks for `CodeInjection`, `DomBasedXss` and `ServerSideUrlRedirect`. 2018-08-10 15:59:27 +01:00
Max Schaefer 3ce82aff02 JavaScript: Add basic modelling of React Native `WebView`s. 2018-08-10 15:59:27 +01:00
semmle-qlci 945413a791
Merge pull request #42 from tibbes/qhelp/fix-links 
Approved by jbj, xiemaisi
 2018-08-10 13:00:17 +01:00
semmle-qlci 2478c6e150
Merge pull request #43 from xiemaisi/js/odasa-7275 
Approved by
 2018-08-10 12:52:05 +01:00
Asger F 1add8b0766 JavaScript: add doc comment 2018-08-10 12:27:39 +01:00
Asger Feldthaus 2b5684d1b9 JavaScript: Add library for HTML sanitizers 2018-08-10 12:27:39 +01:00
Julian Tibble 98e866e967 C++, JS: fix broken links in query help 2018-08-10 08:40:22 +01:00
Asger F b00938e9b3 Make NodeJSLib use moduleMember for ES6-compatibility 2018-08-09 15:10:21 +01:00
Max Schaefer e32dc08cd0
Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization 
JS: change alert location for js/incomplete-object-initialization
 2018-08-09 13:58:11 +01:00
Max Schaefer 41da997651 JavaScript: Teach `IncompleteSanitization` to recognize incomplete URL {en,de}coding. 2018-08-09 12:44:16 +01:00
Max Schaefer badb167962
Merge pull request #35 from esben-semmle/js/classify-application-insight 
JS: classify the ApplicationInsights library instance
 2018-08-09 08:12:12 +01:00
Max Schaefer 0de9eed71c
Merge pull request #32 from asger-semmle/export-import-flow 
TypeScript: bugfixes for import-assign statement
 2018-08-08 16:35:43 +01:00
Esben Sparre Andreasen 2589cf70c9 JS: classify the ApplicationInsights library instance 2018-08-08 15:39:22 +02:00
Max Schaefer 355302eac4
Merge pull request #29 from esben-semmle/js/fixup-angularjs-filter-argument-index 
JS: fix an off-by-one error in the AngularJS expression AST
 2018-08-08 14:03:55 +01:00
Max Schaefer 854dc0cbeb
Merge pull request #28 from esben-semmle/js/whitelist-empty-functions 
JS: permit some calls with spurious arguments to empty functions
 2018-08-08 14:03:18 +01:00
Asger F 94bac1253d TypeScript: bugfixes for import-assign statement 2018-08-08 12:02:28 +01:00
Esben Sparre Andreasen 8ee943f264 JS: restrict alert location to a single line 2018-08-08 10:50:42 +02:00
Esben Sparre Andreasen e1947f04df JS: change alert location for js/incomplete-object-initialization 2018-08-08 10:43:52 +02:00
Esben Sparre Andreasen 4e98ce21b4 JS: permit some calls with spurious arguments to empty functions 2018-08-08 10:13:02 +02:00
Max Schaefer 1a5585c83c
Merge pull request #21 from esben-semmle/js/urilibraries-members 
JS: refactor UriLibraries.qll models to use `DataFlow::moduleMember`
 2018-08-08 09:08:04 +01:00
Esben Sparre Andreasen 343b922c29 JS: fix an off-by-one error in the AngularJS expression AST 2018-08-08 09:58:57 +02:00
semmle-qlci 4d97570a1a
Merge pull request #17 from xiemaisi/js/rename-unused-var 
Approved by esben-semmle
 2018-08-07 15:01:37 +01:00
Esben Sparre Andreasen 3b00b9b8da JS: refactor UriLibraries.qll models to use `DataFlow::moduleMember` 2018-08-07 12:58:09 +02:00
semmle-qlci 6533ddfeaf
Merge pull request #20 from esben-semmle/js/more-auth-calls-and-rate-limiters 
Approved by xiemaisi
 2018-08-07 09:42:07 +01:00
Esben Sparre Andreasen c06edd3745
Merge pull request #15 from xiemaisi/js/call-graph-data-flow 
JavaScript: Lift call graph library to data flow graph.
 2018-08-07 07:56:08 +02:00
Esben Sparre Andreasen b6951d8249 JS: add tests for improved js/missing-rate-limiting 2018-08-06 15:15:44 +02:00
Esben Sparre Andreasen f7ab29aa2b JS: support "express-rate-limit" non-constructor calls 2018-08-06 15:15:44 +02:00
Esben Sparre Andreasen c6cfca3131 JS: add "verify" as an `Authorization` call word 2018-08-06 15:15:44 +02:00
Max Schaefer 06f43748b8 JavaScript: Generalize description of `js/unused-local-variable`. 
The query also flags unused imports, functions and classes (which, of course, are just unused variables at the end of the day). This is now made more explicit in the description.
 2018-08-06 09:34:38 +01:00
Max Schaefer 33741045f6 JavaScrip: Move deprecated `HTMLComments` query to `compatibility` suite. 2018-08-06 09:17:11 +01:00
Max Schaefer 9ba3d80bad JavaScript: Lift call graph library to data flow graph. 2018-08-06 08:34:06 +01:00
Asger F 156b94e436 JavaScript: Add model of JSON parsers 2018-08-03 15:27:35 +01:00
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00