2351 Commits

Author	SHA1	Message	Date
Asger F	4d1200fd13	Revert changes in synced files	2025-12-08 13:26:19 +01:00
Asger F	294089fe35	JS: Use question-mark variant in all overlay annotations	2025-12-08 13:13:09 +01:00
Asger F	b8cff77cab	Merge pull request #20873 from github/shared-xml-discard ... Share XML discard predicates	2025-12-01 10:06:02 +01:00
Asger F	6257bed089	Sync OverlayXml.qll	2025-11-28 09:23:49 +01:00
Asger F	0896be0df6	Merge pull request #20844 from Eliav2/20823-globalVarRef-document-defaultView ... javascript: Add support for `document.defaultView` in global variable references	2025-11-27 11:50:23 +01:00
Asger F	d8027fb6d6	Merge pull request #20885 from asgerf/js/local-module-exports ... JS: Split module exports into a local and global variant	2025-11-27 10:05:22 +01:00
Eliav2	69ba764e9d	Merge branch 'main' into 20823-globalVarRef-document-defaultView	2025-11-26 23:26:26 +02:00
Asger F	dbf14c190a	Factor XML discard predicates into OverlayXml.qll	2025-11-26 11:48:32 +01:00
Asger F	b33af5b377	JS: Fix typo	2025-11-26 11:40:41 +01:00
Asger F	e95b3590f0	JS: Fix project layout detection for Next.js apps ... Some parts of the code did not handle case where 'pages' was located at 'app/pages'.	2025-11-25 15:54:45 +01:00
Asger F	51e1bda608	JS: Move isTypeOnly() check into a direct check, instead of an override	2025-11-21 13:10:32 +01:00
Asger F	9c4f85f15b	JS: Split getSourceNode into getDirectSourceNode and getReExportedSourceNode	2025-11-21 12:42:30 +01:00
Asger F	94566e5e1e	JS: Remove unnecessary override in OriginalExportDeclaration	2025-11-21 12:42:10 +01:00
Asger F	3a393ecd54	Fixup! qldoc for reExportsAs	2025-11-21 12:41:34 +01:00
Asger F	78c8ab11f2	JS: Split exportsAs into exportsDirectlyAs and reExportsAs	2025-11-21 12:31:34 +01:00
Asger F	74d725ef21	JS: Remove unnecessary override in OriginalExportDeclaration	2025-11-21 12:31:09 +01:00
Asger F	ce9986c449	JS: Change signature of isShadowedFromBulkExport	2025-11-21 12:30:31 +01:00
Eliav2	6df789d114	Merge branch 'main' into 20823-globalVarRef-document-defaultView	2025-11-20 15:18:15 +02:00
Asger F	efa438a352	JS: Move identityFunctionStep back into CachedSteps module	2025-11-19 13:47:30 +01:00
Asger F	8fef60464e	JS: Remove out-commented code	2025-11-19 13:46:10 +01:00
Asger F	a0965f33e3	JS: Also discard JSON, YAML, and XML	2025-11-18 13:29:00 +01:00
Asger F	4b57b4418f	JS: Factor out some code	2025-11-17 10:48:15 +01:00
Asger F	a405b7b3e0	JS: Add discard predicates for locations	2025-11-17 10:47:37 +01:00
eliav	8047450668	javascript: Update property access for `document.defaultView as getAPropertyRead ... Changed the method for accessing `defaultView` from `getAPropertyReference` to `getAPropertyRead` to improve accuracy in data flow analysis for global variable references.	2025-11-17 01:05:58 +02:00
eliav	30cc91421d	javascript: Add support for document.defaultView in global variable references ... Updated the data flow analysis to include `document.defaultView` as a source node for global variable references. Added a new test file `tst4.js` and updated existing tests to verify the inclusion of `defaultView` and its properties in the expected results.	2025-11-17 00:52:06 +02:00
Asger F	c7341f295d	JS: Fix bad join in BarrierGuards.qll	2025-11-13 09:46:27 +01:00
Asger F	578355ac27	JS: Fix bad join in CallGraphs.qll	2025-11-13 09:46:25 +01:00
Asger F	46b1387846	JS: Make isAssignedInUniqueFile global, as it should be	2025-11-13 09:46:20 +01:00
Asger F	6498cd1b07	JS: Remove obsolete overlay[global] annotations	2025-11-13 09:46:18 +01:00
Asger F	0594f84dfc	JS: Improve join orders related to getABooleanValue()	2025-11-13 09:46:16 +01:00
Asger F	4645f327a5	JS: Avoid more bad joins due to locality	2025-11-13 09:46:14 +01:00
Asger F	269489e817	JS: Avoid bad join in shared predicate induced by 'forex'. ... Use manual recursion instead.	2025-11-13 09:46:12 +01:00
Asger F	e72232fd1d	JS: Add more overlay[caller?] annotations	2025-11-13 09:46:06 +01:00
Asger F	66febb263d	JS: Add some overlay[caller] and a pragma[nomagic] annotations	2025-11-13 09:46:05 +01:00
Asger F	c09563f775	JS: Make more general-purpose data flow things local	2025-11-13 09:46:01 +01:00
Asger F	b1418e1d70	JS: Add overlay[local?] to new summaries after rebasing	2025-11-13 09:46:00 +01:00
Asger F	2b338fc1d9	JS: Fix getRawEnclosingStmt call	2025-11-13 09:45:58 +01:00
Asger F	23e42c89ee	JS: Overlay annotations for AST layer	2025-11-13 09:45:56 +01:00
Asger F	c583b480af	JS: Add pragma[nomagic] just to be safe ... The DIL is unchanged	2025-10-30 15:31:51 +01:00
Asger F	a5819a14be	JS: Fix bad join order in getNextToken()	2025-10-30 15:31:51 +01:00
Nora Dimitrijević	a0975e7e19	Constrain location overrides to actual sources/sinks	2025-10-28 09:42:20 +01:00
Nora Dimitrijević	bcdbe0b50a	JS/PolynomialReDoSQuery ... javascript/ql/src/Performance/PolynomialReDoS.ql	2025-10-28 09:40:16 +01:00
Nora Dimitrijević	94343254e3	JS/ShellCommandInjectionFromEnvironmentQuery ... javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql	2025-10-28 09:40:14 +01:00
Nora Dimitrijević	71cf042607	JS/IndirectCommandInjectionQuery ... javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql	2025-10-28 09:40:11 +01:00
Nora Dimitrijević	2a30ea923a	JS/CommandInjectionQuery ... javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql javascript/ql/src/Security/CWE-078/CommandInjection.ql	2025-10-28 09:40:09 +01:00
Asger F	8d49f26f3d	Merge pull request #20397 from asgerf/js/build-artifact-leak-fp ... JS: Fix FP in js/build-artifact-leak when keys come from an array of constants	2025-10-28 06:40:13 +01:00
Asger F	c6577c8590	JS: Avoid magic and improve a join in type resolution	2025-10-15 11:54:28 +02:00
Asger F	10c9b747a5	Merge pull request #20586 from asgerf/js/api-graphs-block-this ... JS: Restrict receiver-flow in API graphs	2025-10-08 08:41:56 +02:00
Asger F	587ad5c600	JS: Refine criteria so that explicit this-passing is not affected	2025-10-06 11:43:18 +02:00
Asger F	4d33190241	JS: Restrict this-argument passing in API graphs	2025-10-06 11:42:36 +02:00