github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
11 377 коммитов 1 541 ветка 130 Теги 480 MiB
Граф коммитов

3245 Коммитов

Автор SHA1 Сообщение Дата
Erik Krogh Kristensen 2c0bae4937
Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-02 20:28:04 +02:00
Erik Krogh Kristensen 75b183bc33 update expected output 2020-04-01 20:46:49 +02:00
Erik Krogh Kristensen 32b86ab91a autoformat 2020-04-01 20:44:47 +02:00
Erik Krogh Kristensen 957b60f84b split fuzzy read/writes on collections into 2 pseudo-properties 2020-04-01 14:25:41 +02:00
Erik Krogh Kristensen b1bf7f9f3d introduce pseudoProperty helper predicates 2020-04-01 14:08:56 +02:00
Erik Krogh Kristensen 59840149e8 introduce a PseudoProperty type in Collections.qll 2020-04-01 12:16:09 +02:00
Erik Krogh Kristensen b2b009cdd9 qldoc adjustment 2020-04-01 11:34:25 +02:00
Erik Krogh Kristensen 1be326a37b add a CopyStep type-tracking step, for loadStoreSteps that loads and stores the same property 2020-04-01 11:21:05 +02:00
Erik Krogh Kristensen 9fc8ed17cd remove unused import 2020-04-01 11:18:11 +02:00
Erik Krogh Kristensen a188c6f804 qldoc changes and renaming 2020-04-01 11:12:54 +02:00
Erik Krogh Kristensen 49a8a48a72 autoformat 2020-03-31 20:27:05 +02:00
Erik Krogh Kristensen cec2cd3b14 update expected output 2020-03-31 14:05:05 +02:00
Erik Krogh Kristensen 64c813612f autoformat 2020-03-31 13:56:01 +02:00
Erik Krogh Kristensen 8ae55fb1c4 add top level QLDoc to MapAndSet.qll 2020-03-31 13:55:34 +02:00
Erik Krogh Kristensen 546431c83d dataflow and typetracking steps for Maps and Sets 2020-03-31 11:21:34 +02:00
Erik Krogh Kristensen 25aea900b6 add more dataflow steps for Arrays 2020-03-31 11:21:25 +02:00
Erik Krogh Kristensen a02213e745 change LoadStoreStep such that it can store in different property 2020-03-31 11:20:57 +02:00
semmle-qlci 0feb7f87e4
Merge pull request #2761 from erik-krogh/UrlSearch 
Approved by asgerf
 2020-03-31 09:46:48 +01:00
semmle-qlci 5c920eb625
Merge pull request #3120 from asger-semmle/js/prefer-typescript-file 
Approved by esbena
 2020-03-31 09:32:14 +01:00
semmle-qlci 73dd4c8686
Merge pull request #3133 from asger-semmle/js/dictionary-taint-step-regression 
Approved by esbena
 2020-03-31 09:28:55 +01:00
semmle-qlci fce04f0bd0
Merge pull request #3127 from erik-krogh/PromiseTrack 
Approved by asgerf
 2020-03-30 11:56:33 +01:00
Asger Feldthaus a317b87b81 JS: Fix perf issue in DictionaryTaintStep 2020-03-30 11:23:47 +01:00
Erik Krogh Kristensen 4864e77430 Merge branch 'master' of git.semmle.com:Semmle/ql into UrlSearch 2020-03-27 15:59:29 +01:00
Erik Krogh Kristensen 0ebbd80745 autoformat 2020-03-27 14:54:34 +01:00
semmle-qlci fad902fc9b
Merge pull request #3095 from erik-krogh/MorePerf 
Approved by asgerf
 2020-03-27 12:51:37 +00:00
semmle-qlci 9b3400337b
Merge pull request #3130 from erik-krogh/PreciseSteps 
Approved by asgerf
 2020-03-27 12:18:28 +00:00
semmle-qlci 1975a83cdd
Merge pull request #3116 from max-schaefer/js/postgres-type-tracking 
Approved by asgerf
 2020-03-27 09:23:52 +00:00
Erik Krogh Kristensen 58af63d8cc add test case for XSS on url suffix 2020-03-27 10:02:24 +01:00
Erik Krogh Kristensen d3e1a258fa autoformat 2020-03-27 09:34:56 +01:00
Erik Krogh Kristensen be11418c77 autoformat 2020-03-27 00:18:41 +01:00
Erik Krogh Kristensen 6b507c6933 add urlSuffix support to DomBasedXSS 2020-03-26 15:47:59 +01:00
Erik Krogh Kristensen a850616927 delete Xss.actual 2020-03-26 15:40:37 +01:00
Erik Krogh Kristensen e2d2c2341e autoformat and update expected output 2020-03-26 15:38:00 +01:00
Erik Krogh Kristensen baf50c832c more precise charpreds in taint steps 2020-03-26 15:30:43 +01:00
Asger Feldthaus 816968d102 JS: Rename test files to avoid clash 2020-03-26 11:59:57 +00:00
Erik Krogh Kristensen 1cefa12315 update expected output 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen 8f45c8fe83 use LoadStoreStep for type-tracking promises 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen 1a2983fe39 support small steps for promise tracking 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen 00181e059b add tests for type-tracking promises 2020-03-25 23:54:56 +01:00
Erik Krogh Kristensen 9a78d38df0 add a new LoadStoreStep as a StepSummary for TypeTracking 2020-03-25 23:54:56 +01:00
semmle-qlci e7fd97e72b
Merge pull request #3119 from erik-krogh/SockJS 
Approved by esbena
 2020-03-25 21:36:29 +00:00
Erik Krogh Kristensen 4b0bc6b2b3 autoformat 2020-03-25 19:47:41 +01:00
Asger Feldthaus ad1e0ec50b JS: Inline variable again 2020-03-25 14:01:33 +00:00
Asger Feldthaus 54021a1c30 JS: Update old entry point and add a test 2020-03-25 13:24:18 +00:00
Asger Feldthaus a78f1b864b JS: Fix trailing whitespace 2020-03-25 12:45:48 +00:00
Asger Feldthaus 6c9e35c22e JS: Skip .js files with a same-named .ts file next to it 2020-03-25 12:45:37 +00:00
semmle-qlci cf5b1f0cd5
Merge pull request #3019 from erik-krogh/ArrayStep 
Approved by asgerf
 2020-03-25 12:08:44 +00:00
Erik Krogh Kristensen abcdfe3c53 use LibraryName class for websocket library names 2020-03-25 13:06:21 +01:00
Erik Krogh Kristensen f2b9e2019c remove isRelevant from flowStep 2020-03-25 09:46:07 +01:00
Erik Krogh Kristensen 6f0e507242 outline predicate to fix join-ordering 2020-03-25 09:44:03 +01:00