Asger F
2712bf821a
JS: Fix a bug in isSafeClientSideUrlProperty
2024-09-12 13:42:23 +02:00
Asger F
bc04131c72
JS: Disallow implicit reads before an optional step
2024-09-12 13:42:22 +02:00
Asger F
3b09bc548e
JS: Add taint step for shift()
2024-09-12 13:42:17 +02:00
Asger F
3fcf4ef7a1
JS: More precise model of .shift()
...
Array.prototype.shift only returns the first array element.
The mutation of Argument[this] is not yet modelled, and is better handled when we have use-use flow.
2024-09-12 13:42:15 +02:00
Asger F
e4f7560bcd
JS: Add missing qldoc
2024-09-12 13:42:14 +02:00
Asger F
15fc450a9e
JS: Add reminder to update ClientSideUrlRedirect
2024-09-12 13:42:13 +02:00
Asger F
da696817a3
JS: Convert 'split' taint step to legacy taint step
2024-09-12 13:42:05 +02:00
Asger F
133b016c7c
JS: Remove old 'split' handling from TaintedUrlSuffix
2024-09-12 13:41:56 +02:00
Asger F
e87e543850
JS: Ensure optional steps/barriers are computed in the correct stage
2024-09-12 13:35:38 +02:00
Asger F
7790f68fe2
JS: Make the TaintedUrlSuffix library use optional steps/barriers
2024-09-12 13:35:36 +02:00
Asger F
3b34cd72f2
JS: Handle split() with '#' or '?' separator in a separate summary
...
This summary uses the notion of optional steps/barriers so it becomes configurable whether there is flow into the zero'th array element.
Also makes sure we handle the second-argument version of split().
2024-09-12 13:35:33 +02:00
Asger F
24983a5836
JS: Add OptionalStep and OptionalBarrier MaD tokens
...
OptionalStep[foo] and OptionalBarrier[foo] contribute steps/barriers that are not active by default, but can be opted into by specific queries or for specific flow states.
(Will be used in the following commits)
2024-09-12 13:30:39 +02:00
Sid Shankar
bc70d5ceb1
Adds change note
2024-09-11 00:52:21 +00:00
Asger F
87454a4f11
JS: Remove unused predicate
2024-09-10 14:44:49 +02:00
github-actions[bot]
97edff3f70
Post-release preparation for codeql-cli-2.18.4
2024-09-09 18:45:46 +00:00
github-actions[bot]
91537cdf9a
Release preparation for version 2.18.4
2024-09-09 16:08:48 +00:00
Asger F
3d4287b7cc
JS: Remove ContentSet#asArrayIndex()
...
For ContentSet it is ambiguous whether asArrayIndex() should get a singleton content set, or the KnownArrayElement content set. The user will now have to choose between asSingleton().asArrayIndex() or ContentSet::arrayElementKnown.
2024-09-09 13:28:32 +02:00
Asger F
013d226ae3
JS: Update comment
2024-09-09 13:26:27 +02:00
Asger F
55d4e7e742
JS: Use ArrayElementKnown when reading a constant array index
2024-09-09 13:26:25 +02:00
Asger F
094112c905
Merge pull request #17213 from asgerf/jss/spread-argument
...
JS: Improve handling of spread arguments and rest parameters [shared data flow branch]
2024-09-09 13:15:22 +02:00
Asger F
fb9732a33f
JS: Add another test and TODO about an issue with constant array indices
2024-09-06 08:43:11 +02:00
Asger F
a9a8351cce
JS: Fix one case of missing handling of unknown array index
2024-09-06 08:43:09 +02:00
Asger F
92bb4b3da8
JS: Address some comments from hvitved
2024-09-05 11:32:07 +02:00
erik-krogh
e2b16bd8f9
add some change-notes
2024-09-03 22:06:07 +02:00
erik-krogh
0fdd06fff5
use my script to delete outdated deprecations
2024-09-03 20:30:58 +02:00
Henry Mercer
3490067316
Merge branch 'main' into henrymercer/rc-3.15-mergeback
2024-08-29 19:48:01 +01:00
Asger F
4568967a76
JS: Do not use legacy taint steps in TaintedUrlSuffix
...
Tainted URL suffix steps are added as configuration-specific additional
steps, which means implicit reads may occur before any of these steps.
These steps accidentally included the legacy taint steps which include
a step from 'arguments' to all positional parameters. Combined with the
implicit read, arguments could escape their array index and flow to
any parameter while in the tainted-url flow state.
2024-08-29 13:48:30 +02:00
Asger F
a2d53c261b
JS: Update test output and add related TODO in model of 'async'
2024-08-27 11:35:35 +02:00
Asger F
837a8be1b8
JS: Update test output and add related TODO in 'markdown-table' model
2024-08-27 11:35:34 +02:00
Asger F
371f7ef551
JS: Add implicit taint read of array elements
2024-08-27 11:35:31 +02:00
Asger F
4389b5c999
JS: Fix issue for .apply() calls
2024-08-27 11:35:28 +02:00
Asger F
34e6864fa3
JS: Note issue with .apply() calls
2024-08-27 11:35:27 +02:00
Asger F
ac1dd1850e
JS: Remove taint step from array element to whole array
2024-08-27 11:35:26 +02:00
Asger F
895cb872ad
JS: Add taint into dynamic argument array
2024-08-27 11:35:24 +02:00
Asger F
6a083136d7
JS: Hide some nodes
2024-08-27 11:35:22 +02:00
Asger F
acdc896c04
JS: Support for dynamic args to flow summaries
2024-08-27 11:35:21 +02:00
Asger F
53a2a66dd0
Add new nodes to early stage
2024-08-27 11:35:20 +02:00
Asger F
60c3d077b2
Update DataFlowImplConsistency.qll
2024-08-27 11:35:17 +02:00
Asger F
bbb1c8c374
Remove old arguments-array position
2024-08-27 11:35:16 +02:00
Asger F
ed33a6e91b
JS: Add explicit model of .join()
2024-08-27 11:35:15 +02:00
Asger F
fa7ad03068
JS: Add store/load steps for the new argument arrays
2024-08-27 11:35:15 +02:00
Asger F
623dbda77d
Do not pass regular positional args into the rest parameter
2024-08-27 11:35:14 +02:00
Asger F
a72f79576a
JS: Add corresponding argument positions
2024-08-27 11:35:13 +02:00
Asger F
6c7d745a2b
JS: Add nodes for static/dynamic argument/parameter arrays
2024-08-27 11:35:12 +02:00
Asger F
7cfe3dae85
JS: Port step for dynamic imports
2024-08-23 10:07:28 +02:00
Asger F
423fd04545
JS: Update new xsjs-specific code to respect TEarlyStageNode
2024-08-22 13:22:35 +02:00
Asger F
c54f5858b1
Merge branch 'main' into js/shared-dataflow-merge-main
2024-08-22 13:22:05 +02:00
Asger F
a1688f6a1a
Merge pull request #17240 from knewbury01/knewbury01/fix-helmetrequiredsetting-model
...
Update JS helmet model structure
2024-08-22 11:59:28 +02:00
Asger F
09aca6b47e
Merge pull request #17212 from mbaluda/main
...
Add support for importing NPM modules in XSJS sources
2024-08-22 10:54:33 +02:00
github-actions[bot]
0724fd7ce2
Post-release preparation for codeql-cli-2.18.3
2024-08-21 18:25:54 +00:00
