github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
10 679 коммитов 1 542 Ветки 132 Теги 495 MiB
Граф коммитов

3014 Коммитов

Автор SHA1 Сообщение Дата
semmle-qlci 57b3e6addf
Merge pull request #2958 from erik-krogh/InnerPrefix 
Approved by asgerf
 2020-03-03 11:10:44 +00:00
semmle-qlci 7f3f629d39
Merge pull request #2913 from asger-semmle/js/prototype-pollution-path 
Approved by erik-krogh
 2020-03-03 10:29:47 +00:00
semmle-qlci b3cbf8baa8
Merge pull request #2960 from erik-krogh/OverloadsWithThis 
Approved by asgerf
 2020-03-03 10:10:00 +00:00
semmle-qlci e1c5449885
Merge pull request #2867 from erik-krogh/UselessCat 
Approved by esbena
 2020-03-03 09:10:25 +00:00
Erik Krogh Kristensen d2d5af42bf add IndirectInclusionTest and IndirectEndsWith 2020-03-02 21:42:08 +01:00
Erik Krogh Kristensen 97c16929ca implement getPolarity and forward to inner StartsWith 2020-03-02 21:38:22 +01:00
Erik Krogh Kristensen 68fb8c52e9 check the type of the this-type, instead of the AST-node 2020-03-02 16:35:16 +01:00
Erik Krogh Kristensen e0fcc4af6a handle this parameters when finding unreachable overloads 2020-03-02 16:26:00 +01:00
Erik Krogh Kristensen 019266e537 change name of Useless cat 2020-03-02 13:06:08 +01:00
Erik Krogh Kristensen 26fd17bf39 recognize utility functions implementing a StartsWith check 2020-03-02 13:00:58 +01:00
Erik Krogh Kristensen 391b6a833c add link to The Useless Use of Cat Award 2020-03-02 12:28:51 +01:00
Asger Feldthaus e405a9769c JS: Really autoformat everything 2020-03-02 10:48:33 +00:00
Erik Krogh Kristensen 71ff32e930 recognize another prefix check for js/path-injection 2020-02-28 14:55:41 +01:00
Erik Krogh Kristensen 5e0ae7b4d0 add end </p> tag 2020-02-28 10:23:03 +01:00
Erik Krogh Kristensen ce9cd53bf1 Merge remote-tracking branch 'upstream/master' into UselessCat 2020-02-28 09:56:23 +01:00
Erik Krogh Kristensen d8a96dd771 change name to suggestion from previous code review 2020-02-28 09:55:15 +01:00
Erik Krogh Kristensen 922779e049 remove double a/an and adjust line lenghts 2020-02-28 09:48:07 +01:00
Erik Krogh Kristensen 17f1974e05
Apply suggestions from code review 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-02-28 09:43:32 +01:00
semmle-qlci ec90627a64
Merge pull request #2909 from yo-h/experimental 
Approved by aschackmull, jbj, max-schaefer, tausbn
 2020-02-28 03:15:58 +00:00
Asger Feldthaus 52ebe49a0b JS: Flag deep assignments in prototype pollution query 2020-02-27 12:17:55 +00:00
Erik Krogh Kristensen a872d7c5c5 add comment about negative optionsArg 2020-02-27 12:42:22 +01:00
Erik Krogh Kristensen bb911bbbf1
Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-27 12:38:06 +01:00
Asger Feldthaus fefcf1a7a6 JS: Autoformat everything 2020-02-27 09:41:01 +00:00
Erik Krogh Kristensen 9c06c48dc7
Merge pull request #2884 from esbena/js/practically-exploitable-redos 
JS: add query js/exploitable-polynomial-redos
 2020-02-27 10:19:17 +01:00
Esben Sparre Andreasen 1b73cee692 JS: add js/exploitable-polynomial-redos 2020-02-27 08:42:43 +01:00
Erik Krogh Kristensen dc6bfad023 Merge remote-tracking branch 'upstream/master' into CVE481 2020-02-25 16:25:03 +01:00
semmle-qlci 03b882381a
Merge pull request #2723 from esbena/js/support-path-is-inside 
Approved by asgerf
 2020-02-25 11:21:24 +00:00
Erik Krogh Kristensen c83c27cbc4 add extra sanity-check that the output looks good 2020-02-25 11:11:58 +01:00
Erik Krogh Kristensen 8d26f32199 arg -> param 2020-02-25 10:53:07 +01:00
Erik Krogh Kristensen 87d283aa6c add tests for third party command execution libraries (and two small fixes) 2020-02-25 10:50:59 +01:00
Erik Krogh Kristensen d540caecdd
Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-25 10:04:51 +01:00
Asger F 160fc48803
Merge pull request #2896 from asger-semmle/typescript-3.8 
TS: Support Typescript 3.8
 2020-02-25 08:19:01 +00:00
Esben Sparre Andreasen 5baba62154 JS: model `path-is-inside`+`is-path-inside` for `js/path-injection` 2020-02-24 23:10:15 +01:00
Esben Sparre Andreasen 86b836cd29 JS: add tests for js/path-injection 2020-02-24 23:03:42 +01:00
semmle-qlci aadb148c1c
Merge pull request #2855 from asger-semmle/js/returned-partial-call 
Approved by esbena
 2020-02-24 21:37:41 +00:00
yo-h 43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00
Erik Krogh Kristensen afd6ea2628 small correction in doc + autoformat 2020-02-24 17:54:29 +01:00
Erik Krogh Kristensen b20e8520f6 add default message if not pretty printed call can be created 2020-02-24 14:52:08 +01:00
semmle-qlci 317356e591
Merge pull request #2898 from asger-semmle/js/prototype-pollution-isobject-sanitizers 
Approved by erik-krogh
 2020-02-24 13:35:32 +00:00
Erik Krogh Kristensen a779ae58a8 add qhelp 2020-02-24 14:03:41 +01:00
Erik Krogh Kristensen fb94af9764 remove the last dependency on PrettyPrinting 2020-02-24 13:18:15 +01:00
Erik Krogh Kristensen 051de247b0 change regexpMatch to regexpFind 2020-02-24 13:11:30 +01:00
Erik Krogh Kristensen a768e937f0 complete qldoc 2020-02-24 13:08:50 +01:00
Erik Krogh Kristensen 473787a426 refactor the getOptionsArg predicate into the SystemCommandExecution class 2020-02-24 12:59:20 +01:00
Asger Feldthaus 01309d7c2e TS: Add test for named re-export and exportsAs 2020-02-24 11:40:28 +00:00
Asger Feldthaus 78954489fb TS: Fix expected output 2020-02-24 11:40:28 +00:00
Asger Feldthaus 4e1bd9056c TS: Fix javadoc 2020-02-24 11:40:28 +00:00
Asger Feldthaus 18974bad1c TS: Add upgrade script and stats 2020-02-24 11:40:27 +00:00
Asger Feldthaus 47673c6e21 TS: Disable export analysis for type-only exports 2020-02-24 11:40:27 +00:00
Asger Feldthaus 16c909b433 TS: Add test case for import type * as ns 2020-02-24 11:40:27 +00:00