github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
67 318 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

9667 Коммитов

Автор SHA1 Сообщение Дата
Asger F 2dcb5fbd16 Ensure props are included in MkMemberLabel 2024-04-17 14:46:00 +02:00
Asger F 3eb4e39251 JS: Also do this for use-steps and exclude pseudo-properties 2024-04-17 14:45:58 +02:00
Asger F 55b9724f59 JS: Add store step into namespace re-export specifier 2024-04-17 14:14:12 +02:00
Asger F 0a7af90454 JS: Add test with ESModule re-exports 2024-04-17 14:14:12 +02:00
Henry Mercer 902f0f91b0
Merge pull request #16218 from github/henrymercer/remove-ml-powered-queries 
JS: Remove ML-powered queries
 2024-04-17 12:54:05 +01:00
Asger F 5e7026c6c6 JS: Use AccessPath as parameter type 2024-04-17 13:31:51 +02:00
Alexander Eyers-Taylor da3fa22cbd
Merge pull request #16228 from github/post-release-prep/codeql-cli-2.17.1 
Post-release preparation for codeql-cli-2.17.1
 2024-04-17 11:24:34 +01:00
Asger F f78ea26c3b
Merge pull request #16161 from RasmusWL/js/strict-mode 
JS: Parser: Never run in strict mode
 2024-04-17 09:21:29 +02:00
Asger F ed80e4e284 JS: Change note 2024-04-17 08:41:27 +02:00
Asger F c4eeda1560 JS: Bump EXTRACTOR_VERSION 2024-04-17 08:34:26 +02:00
Asger F be64daf265 Merge branch 'main' into js/graph-export 2024-04-16 20:23:33 +02:00
Cornelius Riemenschneider 6ba27dc863 Upgrade rules_pkg to 0.10.1. 2024-04-16 16:29:56 +02:00
github-actions[bot] 622e176a16 Post-release preparation for codeql-cli-2.17.1 2024-04-16 14:21:32 +00:00
github-actions[bot] 9bfe4ea90a Release preparation for version 2.17.1 2024-04-15 17:34:47 +00:00
Henry Mercer 8747438613 JS: Remove ML-powered queries 2024-04-15 17:35:32 +01:00
Asger F 330229c463
Update javascript/ql/lib/semmle/javascript/frameworks/data/ModelsAsData.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-04-12 15:00:17 +02:00
Tom Hvitved e7dc120456 Add deprecation comments 2024-04-12 13:40:15 +02:00
Tom Hvitved 9d8b93ed45 JS: No longer use models-as-data CSV interface 2024-04-12 13:40:15 +02:00
Tom Hvitved fdb77457b3 Sync files 2024-04-12 13:40:14 +02:00
Asger F 15eabb42ef JS: Address review comments 2024-04-12 11:35:34 +02:00
Anders Schack-Mulligen fdfb4a1a18 JS: Adapt to shared ApiGraphModels.qll changes. 2024-04-12 09:20:13 +02:00
Anders Schack-Mulligen 44147b9520 JS: Sync. 2024-04-12 09:20:11 +02:00
Rasmus Wriedt Larsen 16e2ac898f
JS: Parser: Remove direct `this.strict` assignment 2024-04-09 14:58:14 +02:00
Rasmus Wriedt Larsen 1985dd629d
JS: Parser: Never run in strict mode 
This initial change is a bit of a hacky way to achieve our goals (since
it doesn't rewrite all the uses of this.strict), but it is easy to
understand is correct. Let's accept test changes NOW, and ensure that
later changes don't change things further.
 2024-04-09 14:37:07 +02:00
Asger F 8cb80d6014 JS: Switch from hasLocationInfo to Location 2024-04-09 14:32:59 +02:00
Asger F 81b96a8041 JS: Ensure MkClassInstance exists for base classes 2024-04-09 14:32:58 +02:00
Asger F 29a61458e0 JS: Add test case showing problem with chains going through internal classes 2024-04-09 14:32:58 +02:00
Asger F 56ebe6c727 JS: More re-export logic to handle subclass export 2024-04-09 14:32:58 +02:00
Asger F f2ea88aa4c JS: Add test showing missing re-export of base class relationship 2024-04-09 14:32:58 +02:00
Asger F 9313564e64 JS: Add subclassing test and fix lack of subclassing handling 2024-04-09 14:32:58 +02:00
Asger F ef7767b6cd JS: Add partial test for subclassing 2024-04-09 14:32:58 +02:00
Asger F 3022c59654 JS: Add access path alias test 2024-04-09 14:32:58 +02:00
Asger F ab3c03d2d6 JS: Add test where root export object is a function 2024-04-09 14:32:58 +02:00
Asger F f4e05cc621 JS: Add tests with semi-internal class problem 2024-04-09 14:32:58 +02:00
Asger F 946f0b4dc4 JS: Add test for class with aliases 2024-04-09 14:32:58 +02:00
Asger F 348c95ebe1 JS: Add a test case with fluent flow 2024-04-09 14:32:58 +02:00
Asger F c55e03c588 Dynamic/JS: Add support for re-exporting type models 2024-04-09 14:32:58 +02:00
Asger F acef9b7111 Dynamic/JS: Add library for exporting models 2024-04-09 14:32:58 +02:00
Asger F f08e8b1d5e
Merge pull request #16136 from asgerf/js/instance-to-subclasses 
JS: Make getInstance() propagate to subclasses
 2024-04-08 14:37:42 +02:00
Asger F ad9838d0fe JS: Add change note 2024-04-08 10:02:28 +02:00
Asger F 6e931000c2 JS: Rewrite docs for API::Node#getInstance() 2024-04-08 10:02:22 +02:00
Asger F cd84fa4bee JS: Make getInstance() propagate to subclasses 2024-04-05 15:12:02 +02:00
Asger F b8b8e2b991
Merge pull request #16054 from asgerf/js/call-graph-improvement2 
JS: more implied receiver steps
 2024-04-04 15:54:06 +02:00
Tom Hvitved 1dc13cc169
Merge pull request #15923 from hvitved/shared-xml-impl 
Properly shared `XML.qll` implementation
 2024-04-03 11:39:50 +02:00
Asger F 2feb00bb2e
Merge pull request #13303 from asgerf/js/use-server-and-client 
JS: Move Directive subclasses into module and support "use client/server"
 2024-04-02 15:13:45 +02:00
Rasmus Wriedt Larsen f33222c83b
JS: Add change-note 2024-04-02 11:10:53 +02:00
github-actions[bot] 8e61c6625b Post-release preparation for codeql-cli-2.17.0 2024-04-01 15:27:42 +00:00
github-actions[bot] ec97d9a304 Release preparation for version 2.17.0 2024-04-01 13:46:57 +00:00
Rasmus Wriedt Larsen df463e51c1
JS: Extractor: Fix `experimental` flag value for NodeJSDetectorTests 2024-03-26 17:02:47 +01:00
Rasmus Wriedt Larsen 60944a9bcb
JS: Accept new trap files 
As I see it, these all seem to have invalid code initially anyway, but
this is definitely something a JS expert should review :)
 2024-03-26 17:01:57 +01:00
Rasmus Wriedt Larsen 1d51d182ec
JS: Extractor: Explain how to make `replaceExpectedOutput` work now with bazel 2024-03-26 17:01:57 +01:00
Rasmus Wriedt Larsen 04a0740ccb
JS: Extractor: More robust ES2015 checking 
Created shared AbstractDetector to not duplicate all the tedious logic
;)

I took inspiration from the tests in  `javascript/extractor/tests/esnext/input/dynamic-import.js`
 2024-03-26 17:01:57 +01:00
Rasmus Wriedt Larsen cd84500c56
JS: Extractor: Separate base detector logic into own file 
Should hopefully make it easier to review these changes to have it split into its' own commit :)
 2024-03-26 17:01:57 +01:00
Henry Mercer 0646744928 Merge branch 'main' into henrymercer/merge-back-rc-3.13 2024-03-26 12:59:12 +00:00
Asger F 22b56a4a40 JS: More implied receiver steps 2024-03-26 10:23:08 +01:00
Asger F f2939bd05b JS: Add test case 2024-03-26 10:23:08 +01:00
Asger F f8641dd82d JS: Fix use of deprecated alias 2024-03-26 09:39:39 +01:00
Asger F a0b49b23f5 JS: Add UseServer and UseClient directives 2024-03-26 09:39:39 +01:00
Asger F 1d22e65851 JS: Move Directive subclasses into Directive module 2024-03-26 09:39:37 +01:00
github-actions[bot] f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot] 71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
Rasmus Wriedt Larsen 0515b12305
JS: Add example of bad NodeJS detection 
Notice the TRAP lines

```
is_module(#20001)
is_es2015_module(#20001)
```
 2024-03-25 11:36:21 +01:00
Erik Krogh Kristensen 45ce988943
Merge pull request #16002 from erik-krogh/tarBlank 
JS: change the precision of the `js/unsafe-external-link` query to `low`
 2024-03-22 17:12:58 +01:00
Erik Krogh Kristensen 7d968184fd
improve the change-note 
Co-authored-by: Asger F <asgerf@github.com>
 2024-03-22 13:58:34 +01:00
Arthur Baars c219b1a3c7
Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Henry Mercer 4e3a6e2140
Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
erik-krogh 54a1c25276
change the precision of the js/unsafe-external-link query to low 2024-03-21 10:32:15 +01:00
Henry Mercer a76832f4e0 Mark LOC queries as `debug` instead 2024-03-20 21:18:55 +00:00
Dave Bartolomeo 311ba8ea1b Merge from `main` to resolve conflicts 2024-03-19 10:41:31 -04:00
Tom Hvitved 61ef9e2e5c JS: Switch to shared `XML.qll` implementation 2024-03-19 13:17:50 +01:00
Rasmus Wriedt Larsen d78efdb67b
Merge pull request #15883 from RasmusWL/js-cg-tests 
JS: show test changes after #15823
 2024-03-19 09:58:20 +01:00
Tom Hvitved 5ab1047b14
Merge pull request #15882 from hvitved/js/dataflow-node-get-location 
JS: Add `DataFlow::Node.getLocation`
 2024-03-19 09:21:00 +01:00
github-actions[bot] aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
Rasmus Wriedt Larsen c82f5dad56
JS: show test changes after #15823 2024-03-18 13:09:37 +01:00
Rasmus Wriedt Larsen 28c3d35e9b
Merge commit '7c35309732dd2aa4dc0b4e2949922272ad448854' into js-cg-tests 2024-03-18 13:08:46 +01:00
Rasmus Wriedt Larsen f9309cec0b
JS: Add tests before #15823 changes 2024-03-18 13:08:39 +01:00
github-actions[bot] 0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Tom Hvitved 54fa8181da Address review comment 2024-03-13 20:03:01 +01:00
Erik Krogh Kristensen bd121b98ae
Merge pull request #15893 from erik-krogh/more-filter-taint 
JS: allow more flow through .filter()
 2024-03-13 16:19:28 +01:00
Erik Krogh Kristensen 53502a8662
Merge pull request #15510 from yoff/ts-54 
JS: Add support for TS 5.4
 2024-03-13 14:22:24 +01:00
Tom Hvitved 16cef92106 JS: Add `DataFlow::Node.getLocation` 2024-03-13 13:06:16 +01:00
Asger F c5a02dae2b
Merge pull request #15768 from asgerf/js/amd-pseudo-deps 
JS: Do not treat AMD pseudo-dependencies as imports
 2024-03-13 12:49:17 +01:00
erik-krogh 129286aa1c
allow more flow through .filter() 2024-03-13 12:03:00 +01:00
erik-krogh 6be0ed1dc3
narrow the version specifier used for TypeScript 2024-03-12 13:42:58 +01:00
erik-krogh 95a5ec7f27
add test that the new `Object.groupBy` method has a type 2024-03-12 13:22:11 +01:00
erik-krogh 9f410eb2d6
Merge branch 'main' into ts-54 2024-03-11 18:07:52 +01:00
Henry Mercer c325ff8a23 Mark lines of code queries as telemetry queries 
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.

The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
 2024-03-11 16:40:31 +00:00
Rasmus Lerchedahl Petersen d73f43477f update ts to released version 54 2024-03-11 16:32:19 +01:00
Asger F 7c35309732
Merge pull request #15823 from asgerf/js/lift-cg-restriction 
JS: Call graph improvements
 2024-03-08 13:40:38 +01:00
Asger F 245cd5c0b5
Merge pull request #15760 from asgerf/js/summarised-tt-store-steps 
JS: Summarise store steps for type tracking
 2024-03-08 13:16:25 +01:00
Asger F ac4601cb8f
Update javascript/ql/lib/semmle/javascript/dataflow/internal/CallGraphs.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-03-08 13:01:38 +01:00
Asger F fc5b9e2796 JS: Expand test case 2024-03-08 10:34:39 +01:00
Asger F 81b04863b2 JS: Change note 2024-03-07 13:35:50 +01:00
Asger F c7295a09cd JS: Benign test output update 2024-03-07 11:55:56 +01:00
github-actions[bot] dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
github-actions[bot] 2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen ce31f8641a
Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
Asger F a54a73c9a2 JS: Detect more FunctionStyleClasses 2024-03-06 11:37:20 +01:00
github-actions[bot] 661e68dab5 Release preparation for version 2.16.4 2024-03-05 18:13:58 +00:00
Angela P Wen 967963a653
Revert "Release preparation for version 2.16.4" 2024-03-05 08:53:33 -08:00