4104 Commits

Author	SHA1	Message	Date
erik-krogh	e3455a9b21	add support for axios used as a global variable	2023-01-29 22:55:20 +01:00
Erik Krogh Kristensen	99bad77972	Merge pull request #11906 from erik-krogh/moreStem ... JS: expand what is parsed as the stem of a pathexpr	2023-01-25 08:44:44 +01:00
erik-krogh	49f5e89f36	update expected output for experimental query	2023-01-23 22:29:49 +01:00
Erik Krogh Kristensen	fc66c905ff	Merge pull request #11859 from erik-krogh/moreShell ... JS: slightly broaden the regular expression that recognizes bad string-concats used as shell commands	2023-01-23 22:26:17 +01:00
Erik Krogh Kristensen	a10b45e0db	Merge pull request #11927 from mvogelgesang/express-rate-limit ... JS: Updated express-rate-limit example to match implementation examples f…	2023-01-23 14:37:50 +01:00
erik-krogh	3cece50f78	add encodeURIComponent as a sanitizer for request-forgery	2023-01-23 13:53:53 +01:00
erik-krogh	be8ef1b324	add failing test	2023-01-23 13:52:36 +01:00
Erik Krogh Kristensen	1ee9957838	Merge pull request #9807 from erik-krogh/endFilter ... JS: recognize "-->" as a bad tag filter	2023-01-23 10:06:50 +01:00
Mark Vogelgesang	c9119848d9	Updated express-rate-limit example to match implementation examples found on packages README	2023-01-18 14:42:40 -05:00
erik-krogh	4b74dec18f	expand what is parsed as the stem of a pathexpr	2023-01-17 21:28:21 +01:00
Erik Krogh Kristensen	8ccc384043	Merge pull request #11858 from erik-krogh/moreSpawn ... JS: track shell:true more in js/shell-command-constructed-from-input	2023-01-16 13:24:50 +01:00
erik-krogh	7ae27bcc34	fix errors in JS printAst	2023-01-12 15:37:52 +01:00
erik-krogh	38ca68febb	recognize "-->" as a bad tag filter	2023-01-10 18:09:56 +01:00
Erik Krogh Kristensen	54c780bdf9	Merge pull request #11853 from erik-krogh/assignMore ... JS: add local flow when recognizing Object.assign calls for library-inputs	2023-01-10 17:04:29 +01:00
Tony Torralba	72a11e737d	Merge pull request #11775 from atorralba/atorralba/all/omittable-exists ... All: Remove omittable exists variables	2023-01-10 16:07:06 +01:00
erik-krogh	23a847b1cf	track shell:true more in js/shell-command-constructed-from-input	2023-01-10 15:27:37 +01:00
erik-krogh	5c388c554c	fix that the TypeTracker was unrestricted for the base-case of nonFirstLocationType	2023-01-10 13:39:50 +01:00
erik-krogh	e02b67af63	add failing test	2023-01-10 13:39:50 +01:00
Tony Torralba	3b6dae41cd	JavaScript: Remove omittable exists variables	2023-01-10 13:37:21 +01:00
erik-krogh	79e161e046	slightly broaden the regular expression that recognizes bad string-concats used as shell commands	2023-01-10 12:49:37 +01:00
erik-krogh	9f100ef2c6	add local flow when recognizing Object.assign calls for library-inputs	2023-01-09 17:44:11 +01:00
erik-krogh	90f9e3f825	recognize an infinite repetition of a char-class like regex as a char-class like regex	2023-01-09 17:25:08 +01:00
Calum Grant	ad55706527	Merge branch 'main' into calumgrant/remove-lgtm	2023-01-03 10:27:30 +00:00
Arthur Baars	98c5b81456	Merge pull request #11723 from aibaars/alert-suppression ... CodeQL alert suppression	2022-12-21 10:59:57 +01:00
Jacques	b99c500435	Fix associated test	2022-12-20 12:51:13 +09:00
Calum Grant	e982e144a4	JS: Update qltest output	2022-12-19 17:22:51 +00:00
Arthur Baars	0f313231bc	AlertSuppression: add more tests	2022-12-19 16:43:11 +01:00
Calum Grant	4a37c01c5f	JavaScript: Remove references to LGTM	2022-12-19 15:15:17 +00:00
Arthur Baars	c176606be5	AlertSuppression: allow //lgtm comments to scope over the next line	2022-12-19 16:10:26 +01:00
Erik Krogh Kristensen	1500fa5f67	Merge pull request #10663 from pwntester/restify_improvements ... Javascript: Improve Restify support and add new Spife support	2022-12-15 11:08:22 +01:00
Alvaro Muñoz	818c2da1aa	fix Spife tests (without heuristics)	2022-12-14 15:42:27 +01:00
Alvaro Muñoz	14faff4477	fix restify tests	2022-12-14 15:38:35 +01:00
Alvaro Muñoz	a71fc930a6	add tests	2022-12-14 13:11:02 +01:00
Asger F	6b15839221	JS: Add tests for the examples used in the docs	2022-12-13 11:33:12 +01:00
Asger F	afe7872838	Merge pull request #11565 from asgerf/js/rephined-variable-in-access-path ... JS: handle rephined variable in access path	2022-12-07 09:26:38 +01:00
Asger F	80777b8c50	JS: handle rephined variables in local access paths	2022-12-05 15:11:50 +01:00
Asger F	025cfe4064	JS: Add reproduction test case	2022-12-05 15:11:43 +01:00
Erik Krogh Kristensen	6b9cab23d4	Merge pull request #11248 from erik-krogh/js-redosMod ... JS: use the shared regex pack	2022-12-05 14:48:37 +01:00
Asger F	2d578c1a73	Merge branch 'main' into merge-package-type-columns	2022-12-02 10:00:44 +01:00
Erik Krogh Kristensen	1eec067474	Merge pull request #11294 from erik-krogh/fileDoc ... QL: improve the "this block-comment should have been a QLDoc"-query	2022-11-23 22:23:36 +01:00
Asger F	2e3413c9b8	JS: Merge package/type columns	2022-11-23 11:17:42 +01:00
Erik Krogh Kristensen	f67219965e	Merge pull request #11082 from erik-krogh/shellArr ... JS: treat arrays that gets executed with shell:true as a sink for `js/shell-command-constructed-from-input`	2022-11-22 13:03:50 +01:00
Erik Krogh Kristensen	06386b2cdd	Merge pull request #11072 from erik-krogh/slicing ... JS: poly-redos: don't sanitize calls through substring calls that just remove the start	2022-11-22 13:02:09 +01:00
erik-krogh	6b5cd9abc3	use RegExpTreeView insteaed of RegexTreeView in JS	2022-11-22 12:55:48 +01:00
erik-krogh	ba2734909f	JS: don't use deprecated files in tests	2022-11-17 22:12:50 +01:00
erik-krogh	fe49e41d7b	JS: convert some block-comments that could be QLDoc to QLDoc	2022-11-16 13:45:35 +01:00
Mauro Baluda	784475dd66	Merge branch 'main' into main	2022-11-16 11:06:27 +01:00
Mauro Baluda	ec04f0c88f	hapi/glue tests	2022-11-15 23:45:27 +01:00
erik-krogh	d4c6f873af	add test for auto-accessors	2022-11-15 22:07:25 +01:00
erik-krogh	65567fa1ce	add test for the more precise type-narrowing with the in operator	2022-11-15 22:07:25 +01:00