11940 Commits

Author	SHA1	Message	Date
Max Schaefer	9de527fbe2	Merge pull request #49 from asger-semmle/array-map-taint ... JavaScript: add taint steps through Array 'join' and 'map' methods	2018-08-14 08:07:54 +01:00
Max Schaefer	e67f36732a	JavaScript: Update expected test output due to changes in Node.js detector.	2018-08-13 14:08:14 +01:00
Asger F	d9ba5a1cab	JavaScript: add test cases for new array steps	2018-08-13 12:27:12 +01:00
Asger F	66dcd7d4c7	JavaScript: add taint step from return value of 'map' callback	2018-08-13 12:15:24 +01:00
Asger F	0c124d2f8c	JavaScript: add taint step through 'join'	2018-08-13 12:12:25 +01:00
semmle-qlci	c0fe0a1d24	Merge pull request #46 from asger-semmle/html-sanitizers ... Approved by xiemaisi	2018-08-13 10:16:15 +01:00
semmle-qlci	3d0748c542	Merge pull request #48 from xiemaisi/js/webview-sinks ... Approved by asger-semmle	2018-08-13 09:37:33 +01:00
Max Schaefer	199990feea	JavaScript: Add WebView-related taint sinks for CodeInjection, DomBasedXss and ServerSideUrlRedirect.	2018-08-10 15:59:27 +01:00
Max Schaefer	3ce82aff02	JavaScript: Add basic modelling of React Native WebViews.	2018-08-10 15:59:27 +01:00
semmle-qlci	945413a791	Merge pull request #42 from tibbes/qhelp/fix-links ... Approved by jbj, xiemaisi	2018-08-10 13:00:17 +01:00
semmle-qlci	2478c6e150	Merge pull request #43 from xiemaisi/js/odasa-7275 ... Approved by	2018-08-10 12:52:05 +01:00
Asger F	1add8b0766	JavaScript: add doc comment	2018-08-10 12:27:39 +01:00
Asger Feldthaus	2b5684d1b9	JavaScript: Add library for HTML sanitizers	2018-08-10 12:27:39 +01:00
Julian Tibble	98e866e967	C++, JS: fix broken links in query help	2018-08-10 08:40:22 +01:00
Asger F	b00938e9b3	Make NodeJSLib use moduleMember for ES6-compatibility	2018-08-09 15:10:21 +01:00
Max Schaefer	e32dc08cd0	Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization ... JS: change alert location for js/incomplete-object-initialization	2018-08-09 13:58:11 +01:00
Max Schaefer	41da997651	JavaScript: Teach IncompleteSanitization to recognize incomplete URL {en,de}coding.	2018-08-09 12:44:16 +01:00
Max Schaefer	badb167962	Merge pull request #35 from esben-semmle/js/classify-application-insight ... JS: classify the ApplicationInsights library instance	2018-08-09 08:12:12 +01:00
Max Schaefer	0de9eed71c	Merge pull request #32 from asger-semmle/export-import-flow ... TypeScript: bugfixes for import-assign statement	2018-08-08 16:35:43 +01:00
Esben Sparre Andreasen	2589cf70c9	JS: classify the ApplicationInsights library instance	2018-08-08 15:39:22 +02:00
Max Schaefer	355302eac4	Merge pull request #29 from esben-semmle/js/fixup-angularjs-filter-argument-index ... JS: fix an off-by-one error in the AngularJS expression AST	2018-08-08 14:03:55 +01:00
Max Schaefer	854dc0cbeb	Merge pull request #28 from esben-semmle/js/whitelist-empty-functions ... JS: permit some calls with spurious arguments to empty functions	2018-08-08 14:03:18 +01:00
Asger F	94bac1253d	TypeScript: bugfixes for import-assign statement	2018-08-08 12:02:28 +01:00
Esben Sparre Andreasen	8ee943f264	JS: restrict alert location to a single line	2018-08-08 10:50:42 +02:00
Esben Sparre Andreasen	e1947f04df	JS: change alert location for js/incomplete-object-initialization	2018-08-08 10:43:52 +02:00
Esben Sparre Andreasen	4e98ce21b4	JS: permit some calls with spurious arguments to empty functions	2018-08-08 10:13:02 +02:00
Max Schaefer	1a5585c83c	Merge pull request #21 from esben-semmle/js/urilibraries-members ... JS: refactor UriLibraries.qll models to use `DataFlow::moduleMember`	2018-08-08 09:08:04 +01:00
Esben Sparre Andreasen	343b922c29	JS: fix an off-by-one error in the AngularJS expression AST	2018-08-08 09:58:57 +02:00
semmle-qlci	4d97570a1a	Merge pull request #17 from xiemaisi/js/rename-unused-var ... Approved by esben-semmle	2018-08-07 15:01:37 +01:00
Esben Sparre Andreasen	3b00b9b8da	JS: refactor UriLibraries.qll models to use DataFlow::moduleMember	2018-08-07 12:58:09 +02:00
semmle-qlci	6533ddfeaf	Merge pull request #20 from esben-semmle/js/more-auth-calls-and-rate-limiters ... Approved by xiemaisi	2018-08-07 09:42:07 +01:00
Esben Sparre Andreasen	c06edd3745	Merge pull request #15 from xiemaisi/js/call-graph-data-flow ... JavaScript: Lift call graph library to data flow graph.	2018-08-07 07:56:08 +02:00
Esben Sparre Andreasen	b6951d8249	JS: add tests for improved js/missing-rate-limiting	2018-08-06 15:15:44 +02:00
Esben Sparre Andreasen	f7ab29aa2b	JS: support "express-rate-limit" non-constructor calls	2018-08-06 15:15:44 +02:00
Esben Sparre Andreasen	c6cfca3131	JS: add "verify" as an Authorization call word	2018-08-06 15:15:44 +02:00
Max Schaefer	06f43748b8	JavaScript: Generalize description of js/unused-local-variable. ... The query also flags unused imports, functions and classes (which, of course, are just unused variables at the end of the day). This is now made more explicit in the description.	2018-08-06 09:34:38 +01:00
Max Schaefer	33741045f6	JavaScrip: Move deprecated HTMLComments query to compatibility suite.	2018-08-06 09:17:11 +01:00
Max Schaefer	9ba3d80bad	JavaScript: Lift call graph library to data flow graph.	2018-08-06 08:34:06 +01:00
Asger F	156b94e436	JavaScript: Add model of JSON parsers	2018-08-03 15:27:35 +01:00
Pavel Avgustinov	b55526aa58	QL code and tests for C#/C++/JavaScript.	2018-08-02 17:53:23 +01:00