5030 Commits

Author	SHA1	Message	Date
Max Schaefer	886329689f	JavaScript: Teach globalVarRef about top-level this and the global npm package.	2018-08-14 09:15:15 +01:00
Max Schaefer	9de527fbe2	Merge pull request #49 from asger-semmle/array-map-taint ... JavaScript: add taint steps through Array 'join' and 'map' methods	2018-08-14 08:07:54 +01:00
Max Schaefer	e67f36732a	JavaScript: Update expected test output due to changes in Node.js detector.	2018-08-13 14:08:14 +01:00
Asger F	d9ba5a1cab	JavaScript: add test cases for new array steps	2018-08-13 12:27:12 +01:00
semmle-qlci	c0fe0a1d24	Merge pull request #46 from asger-semmle/html-sanitizers ... Approved by xiemaisi	2018-08-13 10:16:15 +01:00
semmle-qlci	3d0748c542	Merge pull request #48 from xiemaisi/js/webview-sinks ... Approved by asger-semmle	2018-08-13 09:37:33 +01:00
Max Schaefer	199990feea	JavaScript: Add WebView-related taint sinks for CodeInjection, DomBasedXss and ServerSideUrlRedirect.	2018-08-10 15:59:27 +01:00
Max Schaefer	3ce82aff02	JavaScript: Add basic modelling of React Native WebViews.	2018-08-10 15:59:27 +01:00
semmle-qlci	2478c6e150	Merge pull request #43 from xiemaisi/js/odasa-7275 ... Approved by	2018-08-10 12:52:05 +01:00
Asger Feldthaus	2b5684d1b9	JavaScript: Add library for HTML sanitizers	2018-08-10 12:27:39 +01:00
Asger F	b00938e9b3	Make NodeJSLib use moduleMember for ES6-compatibility	2018-08-09 15:10:21 +01:00
Max Schaefer	e32dc08cd0	Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization ... JS: change alert location for js/incomplete-object-initialization	2018-08-09 13:58:11 +01:00
Max Schaefer	41da997651	JavaScript: Teach IncompleteSanitization to recognize incomplete URL {en,de}coding.	2018-08-09 12:44:16 +01:00
Max Schaefer	badb167962	Merge pull request #35 from esben-semmle/js/classify-application-insight ... JS: classify the ApplicationInsights library instance	2018-08-09 08:12:12 +01:00
Max Schaefer	0de9eed71c	Merge pull request #32 from asger-semmle/export-import-flow ... TypeScript: bugfixes for import-assign statement	2018-08-08 16:35:43 +01:00
Esben Sparre Andreasen	2589cf70c9	JS: classify the ApplicationInsights library instance	2018-08-08 15:39:22 +02:00
Max Schaefer	355302eac4	Merge pull request #29 from esben-semmle/js/fixup-angularjs-filter-argument-index ... JS: fix an off-by-one error in the AngularJS expression AST	2018-08-08 14:03:55 +01:00
Max Schaefer	854dc0cbeb	Merge pull request #28 from esben-semmle/js/whitelist-empty-functions ... JS: permit some calls with spurious arguments to empty functions	2018-08-08 14:03:18 +01:00
Asger F	94bac1253d	TypeScript: bugfixes for import-assign statement	2018-08-08 12:02:28 +01:00
Esben Sparre Andreasen	8ee943f264	JS: restrict alert location to a single line	2018-08-08 10:50:42 +02:00
Esben Sparre Andreasen	e1947f04df	JS: change alert location for js/incomplete-object-initialization	2018-08-08 10:43:52 +02:00
Esben Sparre Andreasen	4e98ce21b4	JS: permit some calls with spurious arguments to empty functions	2018-08-08 10:13:02 +02:00
Max Schaefer	1a5585c83c	Merge pull request #21 from esben-semmle/js/urilibraries-members ... JS: refactor UriLibraries.qll models to use `DataFlow::moduleMember`	2018-08-08 09:08:04 +01:00
Esben Sparre Andreasen	343b922c29	JS: fix an off-by-one error in the AngularJS expression AST	2018-08-08 09:58:57 +02:00
Esben Sparre Andreasen	3b00b9b8da	JS: refactor UriLibraries.qll models to use DataFlow::moduleMember	2018-08-07 12:58:09 +02:00
semmle-qlci	6533ddfeaf	Merge pull request #20 from esben-semmle/js/more-auth-calls-and-rate-limiters ... Approved by xiemaisi	2018-08-07 09:42:07 +01:00
Esben Sparre Andreasen	b6951d8249	JS: add tests for improved js/missing-rate-limiting	2018-08-06 15:15:44 +02:00
Max Schaefer	9ba3d80bad	JavaScript: Lift call graph library to data flow graph.	2018-08-06 08:34:06 +01:00
Asger F	156b94e436	JavaScript: Add model of JSON parsers	2018-08-03 15:27:35 +01:00
Pavel Avgustinov	b55526aa58	QL code and tests for C#/C++/JavaScript.	2018-08-02 17:53:23 +01:00