TypeScript: disable queries that rely on token information#150
Merged
semmle-qlci merged 3 commits intogithub:rc/1.18from Sep 5, 2018
Merged
TypeScript: disable queries that rely on token information#150semmle-qlci merged 3 commits intogithub:rc/1.18from
semmle-qlci merged 3 commits intogithub:rc/1.18from
Conversation
xiemaisi
suggested changes
Sep 4, 2018
xiemaisi
left a comment
xiemaisi
left a comment
There was a problem hiding this comment.
LGTM as a temporary workaround, but needs a change note.
xiemaisi
reviewed
Sep 4, 2018
| | Missing rate limiting | More true-positive results, fewer false-positive results | This rule now recognizes additional rate limiters and expensive route handlers. | | ||
| | Missing X-Frame-Options HTTP header | Fewer false-positive results | This rule now treats header names case-insensitively. | | ||
| | Reflected cross-site scripting | Fewer false-positive results | This rule now treats header names case-insensitively. | | ||
| | Semicolon insertion | Fewer results | This rule now ignores TypeScript files as it did not work correctly. | |
There was a problem hiding this comment.
Perhaps also mention the other rules? Also, we may want to emphasise that they are only disabled temporarily.
xiemaisi
approved these changes
Sep 4, 2018
Contributor
|
This looks as if it may be ready to merge. |
aibaars
pushed a commit
that referenced
this pull request
Oct 14, 2021
Create `ast_node_parent` relation
smowton
pushed a commit
to smowton/codeql
that referenced
this pull request
Dec 6, 2021
Extract local functions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This works around an issue in extraction of TypeScript tokens, where we get an incorrect token stream in some cases. The issue doesn't affect the AST so only queries that specifically rely on tokens are affected.
It's too late to get the proper fix into 1.18, so doing this quick fix for 1.18, and then a proper fix later for 1.19.