11726 Commits

Author	SHA1	Message	Date
Max Schaefer	60a1357092	JavaScript: Make all taint-based security queries have @kind path-problem.	2018-11-14 09:16:40 +00:00
Max Schaefer	65bcf0f526	JavaScript: Refactor security queries for uniformity.	2018-11-14 09:16:40 +00:00
Max Schaefer	9b4ae9e4d3	JavaScript: Refactor HostHeaderPoisoningInEmailGeneration query.	2018-11-14 09:16:40 +00:00
Max Schaefer	c51cd50133	JavaScript: Remove a few unnecessary imports.	2018-11-14 09:16:40 +00:00
semmle-qlci	d83381918d	Merge pull request #458 from xiemaisi/js/more-externs ... Approved by asger-semmle	2018-11-14 08:31:15 +00:00
Arthur Baars	969c2796a0	Merge pull request #457 from adityasharad/merge/1.18-master-131118 ... Merge rc/1.18 into master.	2018-11-13 22:25:03 +01:00
Max Schaefer	a499009f59	Merge pull request #395 from esben-semmle/js/useless-defensive-code ... JS: add query: js/useless-defensive-code	2018-11-13 16:55:59 +00:00
Max Schaefer	4fdfbb77cc	Merge pull request #444 from esben-semmle/js/browser-based-client-requests ... JS: add models of $.ajax, $.getJSON and XMLHttpRequst	2018-11-13 16:53:52 +00:00
Max Schaefer	96989a1fd6	Merge pull request #427 from adityasharad/eclipse/remove-plugin-metadata ... Eclipse plugins: Remove plugin metadata.	2018-11-13 13:12:49 +00:00
Aditya Sharad	bc06831d01	Merge rc/1.18 into master.	2018-11-13 10:55:08 +00:00
Esben Sparre Andreasen	daed0653cb	JS: support property tracking of custom abstract values	2018-11-13 11:42:09 +01:00
Esben Sparre Andreasen	1d87c580b3	JS: introduce DefinedCustomAbstractValue	2018-11-13 11:40:31 +01:00
semmle-qlci	86e31a584e	Merge pull request #447 from esben-semmle/js/indirect-sanitization ... Approved by asger-semmle	2018-11-13 09:14:28 +00:00
Max Schaefer	851e71c7d0	JavaScript: Warn about externs trap cache absence/miss.	2018-11-13 08:41:53 +00:00
Max Schaefer	d9d4051184	JavaScript: Extract auxiliary method.	2018-11-13 08:41:38 +00:00
Max Schaefer	79a6cfdf38	JavaScript: Add generic externs for BDD/TDD-style testing frameworks.	2018-11-13 08:30:35 +00:00
Esben Sparre Andreasen	5666deac14	JS: rename js/useless-defensive-code to js/unneeded-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	1db2e6ca55	JS: add source code examples to docstrings	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	3aae1d17db	JS: avoid two uses of getChildExpr(0)	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	15123da0b7	JS: minor fixup: only traverse LogNotExprs	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8ea9fd4cca	JS: address review comments	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8b71b25a2a	JS: annotate test file with expected results	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	7d4cf49545	JS: fixup double reporting of alerts	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	f440c9221a	JS: replace some Expr.stripParens with Expr.getUnderlyingValue	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	358e6188d9	JS: downgrade other alerts to js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	e29c57a58e	JS: add whitelist to js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	b073fcfca2	JS: add query: js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	7b215ecb2b	JS: recognize defensive programming patterns using typeof	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	c403416fef	JS: recognize defensive expressions that prevents exceptions	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	6e77489a3b	JS: add utilities for expression guards to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a2ecf40878	JS: recognize defensive expressions for null/undefined	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	2b6ef24bc2	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8086e88587	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a5eeba3c3a	JS: prepare DefensiveProgramming.qll for additions	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	c2fb14640e	JS: move isDefensiveInit to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	ce0dd241f6	JS: add models of $.ajax, $.getJSON and XMLHttpRequst	2018-11-13 08:14:51 +01:00
semmle-qlci	2f0e693b38	Merge pull request #450 from xiemaisi/js/improve-externs-extractor-options ... Approved by esben-semmle	2018-11-12 20:32:35 +00:00
Max Schaefer	663bdd60a0	Merge pull request #396 from esben-semmle/js/unconditional-property-override ... JS: add query: js/unconditional-property-override	2018-11-12 17:10:32 +00:00
Aditya Sharad	271628c280	Version: Bump to 1.18.3 dev.	2018-11-12 14:55:26 +00:00
Max Schaefer	2c1a37c652	JavaScript: Add WebRTC externs.	2018-11-12 12:25:32 +00:00
Jonas Jensen	1500237009	Merge remote-tracking branch 'upstream/master' into mergeback-20181112	2018-11-12 13:24:27 +01:00
Esben Sparre Andreasen	eaad84bb4f	JS: add support for dis- and conjunctions in SanitizingFunction	2018-11-12 10:23:52 +01:00
Esben Sparre Andreasen	ffc3d6ba49	JS: simplify test (move alerts four lines up)	2018-11-12 10:21:41 +01:00
Esben Sparre Andreasen	6d0c93b6a8	JS: introduce TaintTracking::AdditionalSanitizingCall	2018-11-12 10:21:39 +01:00
Esben Sparre Andreasen	2033bf81cc	JS: address docstring review comments	2018-11-12 10:03:08 +01:00
Tom Hvitved	40def8d364	Merge pull request #418 from dave-bartolomeo/dave/FormatConfig ... Allow mixed whitespace in certain test and external directories	2018-11-12 09:43:39 +01:00
semmle-qlci	c9d77a2d6d	Merge pull request #443 from xiemaisi/js/improve-stack-trace-exposure ... Approved by asger-semmle	2018-11-12 08:40:26 +00:00
Max Schaefer	01b43dff72	JavaScript: Make in-dist trap cache read-only.	2018-11-12 08:33:11 +00:00
Max Schaefer	032ed12242	JavaScript: Use in-dist trap cache when extracting externs.	2018-11-12 08:28:08 +00:00
Max Schaefer	f26d47aacb	JavaScript: Bump extractor version. ... This is not so much because extractor output has changed (it hasn't, except for corner cases) but to disable trap caching so as to help us to flush out bugs.	2018-11-12 08:19:17 +00:00