Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JS: Support for matchAll #17910

Merged
merged 14 commits into from
Nov 14, 2024
Merged

JS: Support for matchAll #17910

merged 14 commits into from
Nov 14, 2024

Conversation

Napalys
Copy link
Contributor

@Napalys Napalys commented Nov 5, 2024

Added support for ES2020 feature, matchAll.
Related issue: github/codeql-javascript-team/issues/435

@Napalys Napalys added the JS label Nov 5, 2024
erik-krogh
erik-krogh reviewed Nov 5, 2024
View reviewed changes
Copy link
Contributor

@erik-krogh erik-krogh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A small suggestion, otherwise LGTM assuming the evaluations look good.

I think we should also look at MembershipCandidates.qll and TaintTracking.qll.

But lets do that in a followup PR.

javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql Outdated Show resolved Hide resolved
@Napalys Napalys force-pushed the napalys/matchAll-support branch 2 times, most recently from 9809499 to a96f9fc Compare November 7, 2024 12:20
erik-krogh
erik-krogh reviewed Nov 11, 2024
View reviewed changes
Copy link
Contributor

@erik-krogh erik-krogh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

Just one small comment.

javascript/ql/test/experimental/Security/CWE-918/check-regex.js Outdated Show resolved Hide resolved
@Napalys Napalys marked this pull request as ready for review November 11, 2024 14:46
@Napalys Napalys requested a review from a team as a code owner November 11, 2024 14:46
@Napalys Napalys changed the title Support for matchAll js JS: Support for matchAll Nov 11, 2024
@erik-krogh
Copy link
Contributor

Is there a DCA run with all the changes? But it looks like they're only for the first half of the PR.

Could you start one with source-suite: nightly-old, query-suite: code-scanning, and add meta.qls as meta-queries.

@Napalys
Copy link
Contributor Author

Napalys commented Nov 14, 2024

DCA experiment looks good, no new unexpected sinks.

@Napalys Napalys merged commit c8c15a0 into github:main Nov 14, 2024
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erik-krogh erik-krogh erik-krogh approved these changes

Assignees
No one assigned
Labels
documentation JS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Napalys @erik-krogh