Max Schaefer
6a78e37d93
JavaScript: Make AMD dependencies Imports.
2019-03-29 08:11:29 +00:00
Asger F
4908902f47
JS: Update to use TypeTracker::end()
2019-03-28 15:26:55 +00:00
Asger F
365db0ff1f
JS: track document and dom values using type tracking
2019-03-28 15:24:00 +00:00
semmle-qlci
35ea746045
Merge pull request #1172 from asger-semmle/hostname-prefix-sanitizer
...
Approved by xiemaisi
2019-03-28 11:55:10 +00:00
Max Schaefer
c097031c7e
JavaScript: Fix uses of TypeTracker with custom flow steps.
...
These steps need to check that the type hasn't been tracked into a property.
2019-03-28 10:33:04 +00:00
Max Schaefer
b2faac30c9
JavaScript: Add a few missing doc comments.
2019-03-28 10:12:08 +00:00
Rebecca Valentine
e4c5fd4f61
autoformats
2019-03-27 17:12:10 -07:00
Rebecca Valentine
a049d9a4c6
moves lib to right place
2019-03-27 16:58:33 -07:00
Rebecca Valentine
2d3c522efc
cleans up naming conventions
2019-03-27 16:57:35 -07:00
Rebecca Valentine
336eb9dcf3
adds initial qll
2019-03-27 16:31:49 -07:00
Asger F
0eb9231cb1
JS: Make use of TypeTracker::end()
2019-03-27 13:25:01 +00:00
Asger F
208bcd438b
JS: Make type-tracking predicates private
2019-03-27 13:21:45 +00:00
Asger F
7bfad8c360
JS: trailing whitespace
2019-03-27 13:21:45 +00:00
Asger F
9bbdf84e5d
JS: missing qldoc
2019-03-27 13:21:45 +00:00
Asger F
28a776a82b
JS: dataflow -> data flow
2019-03-27 13:21:45 +00:00
Asger F
c0b58f6b09
JS: Capitalize Firebase in comments
2019-03-27 13:21:45 +00:00
Asger F
99cc09df8c
JS: use TypeBackTracker where appropriate
2019-03-27 13:21:45 +00:00
Asger F
ad592d7cd1
JS: handle .after and .before
2019-03-27 13:21:45 +00:00
Asger F
0401b26b48
JS: handle CloudFunctions
2019-03-27 13:21:45 +00:00
Asger F
49a746b87a
JS: handle Reference.transaction()
2019-03-27 13:21:45 +00:00
Asger F
f554f859aa
JS: handle 'firebase-admin' package
2019-03-27 13:21:45 +00:00
Asger F
e0c06cb518
JS: handle Query methods
2019-03-27 13:21:45 +00:00
Asger F
06b0851072
JS: Add Firebase model
2019-03-27 13:21:45 +00:00
semmle-qlci
86040575b1
Merge pull request #1161 from esben-semmle/js/classify-mode-html
...
Approved by xiemaisi
2019-03-27 12:56:04 +00:00
Asger F
d4c7312d80
JS: more sanitizing prefixes
2019-03-27 11:22:31 +00:00
Max Schaefer
3e16d16525
JavaScript: Make type tracking-related parameter and predicate names more consistent.
2019-03-26 13:00:09 +00:00
Max Schaefer
bf04664bd7
Update javascript/ql/src/semmle/javascript/GeneratedCode.qll
...
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com >
2019-03-26 10:01:24 +01:00
Esben Sparre Andreasen
3cd93129a6
JS: classify HTML files with > 20 elements on a line as generated
2019-03-26 08:03:56 +01:00
Max Schaefer
c50067b597
JavaScript: Refactor type tracking to avoid computing very large relations.
2019-03-25 20:38:58 +00:00
Max Schaefer
084159dcfd
JavaScript: Teach type trackers to track flow through one level of properties.
2019-03-25 20:38:58 +00:00
Max Schaefer
9fbc0eb717
JavaScript: Switch from path summaries to step summaries for type tracking.
...
This is sufficient since we are not doing summarisation.
2019-03-25 20:37:05 +00:00
Max Schaefer
8e926333a9
JavaScript: Simplify a few newtypes and remove unused predicates.
2019-03-25 16:57:46 +00:00
Max Schaefer
55394df96f
JavaScript: Refactor HTTP libraries to use type tracking instead of tracked nodes.
2019-03-25 16:57:46 +00:00
Max Schaefer
74db8b1979
JavaScript: Use type tracking instead of tracked nodes in Express.
2019-03-25 16:57:46 +00:00
Max Schaefer
276f216ef9
JavaScript: Use type tracking to improve modelling of socket.io.
2019-03-25 16:57:46 +00:00
Max Schaefer
4702790696
JavaScript: Refactor AMD/CommonJS path expression analysis to avoid bad magic.
2019-03-25 16:57:46 +00:00
Max Schaefer
0e0fe2545d
JavaScript: Refactor Closure::isTopLevelExpr to avoid unhelpful magic.
2019-03-25 16:57:46 +00:00
Max Schaefer
c17f4d7d41
JavaScript: Cache SourceNode::track and SourceNode::backtrack.
2019-03-25 16:57:46 +00:00
Max Schaefer
2b778afdf5
JavaScript: Cache a bunch of flow steps to avoid recomputation.
2019-03-25 16:57:46 +00:00
Esben Sparre Andreasen
335a969946
JS: fix performance in ObjectDefinePropertyAsPropWrite::getRhs
2019-03-22 12:29:34 +01:00
Max Schaefer
8c460ae385
Merge remote-tracking branch 'upstream/master' into rc/1.20-merge-master
...
Conflict in `javascript/extractor/src/com/semmle/js/extractor/Main.java` resolved
in favour of `master`.
2019-03-21 14:46:29 +00:00
Max Schaefer
4533e1f6fe
JavaScript: Add model of adm-zip library for ZipSlip query.
2019-03-21 08:04:06 +00:00
Asger F
aaa8bfb874
TS: allow namespace imports as types
2019-03-20 10:09:18 +00:00
Max Schaefer
6fbf487524
Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19
2019-03-19 14:09:03 +00:00
Max Schaefer
77c383aee2
JavaScript: Simplify flow-summary queries.
...
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.
I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
2019-03-19 10:58:49 +00:00
Jason Reed
aa9ba9557c
JavaScript: Include 'unzipper' library in ZipSlip.
2019-03-15 09:32:39 -04:00
Jason Reed
8124980f58
JavaScript: Add change note and comment.
2019-03-15 09:32:39 -04:00
Jason Reed
a674dbb5cd
JavaScript: Update docstrings to reflect generalization.
2019-03-15 09:31:26 -04:00
Jason Reed
6589813ec7
JavaScript: Add tar-stream extraction to ZipSlip query.
2019-03-15 09:31:26 -04:00
Max Schaefer
5441352d41
Merge pull request #1113 from esben-semmle/js/useless-property-assign-setter
...
JS: improve use of attributes from ~Object.defineProperty~
2019-03-15 12:11:50 +00:00
