semmle-qlci
54b4e59d12
Merge pull request #1182 from esben-semmle/js/sourcenode-regexp-literals
...
Approved by xiemaisi
2019-04-01 21:58:58 +01:00
Esben Sparre Andreasen
2622fc64db
JS: autoformat
2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
7fec005806
JS: use DataFlow::SourceNode in three locations in Koa
2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
919eed6630
JS: add koa tests
2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
00c8387bb3
JS: model Koa redirects
2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
298dbe13c4
JS: improve Koa model to account for aliases on the context object
2019-04-01 22:49:00 +02:00
Esben Sparre Andreasen
0e01988622
JS: add koa tests
2019-04-01 22:49:00 +02:00
Rebecca Valentine
2b6869fff3
updates expecteds to reflect changes in the test file
2019-04-01 11:21:21 -07:00
Rebecca Valentine
0d0adada42
fixes tests and adds test results to expecteds
2019-04-01 11:13:04 -07:00
Rebecca Valentine
a16b5d36a8
adds tests
2019-04-01 10:40:51 -07:00
semmle-qlci
a4de82de06
Merge pull request #1185 from xiemaisi/js/improve-amd-imports
...
Approved by asger-semmle
2019-04-01 16:30:47 +01:00
semmle-qlci
a7d9a50dcf
Merge pull request #1176 from xiemaisi/js/fix-socket-io-type-tracking
...
Approved by asger-semmle
2019-04-01 13:57:13 +01:00
Esben Sparre Andreasen
364ba1b4ac
JS: use RegExpLiteral as a SourceNode
2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
7923c9d77c
JS: add tests for missing flow of regular expressions
2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
42d3012f81
JS: let RegExpLiteral be a DataFlow::SourceNode
2019-04-01 09:19:25 +02:00
semmle-qlci
ed0ef36427
Merge pull request #1035 from asger-semmle/firebase
...
Approved by xiemaisi
2019-03-29 13:44:02 +00:00
Max Schaefer
f5279b2a1d
JavaScript: Resolve AMD imports based on absolute paths if there is only a single candidate.
2019-03-29 08:30:05 +00:00
Max Schaefer
b29b3dff4d
JavaScript: Use proper camel-case for AMD-related class names.
2019-03-29 08:14:07 +00:00
semmle-qlci
35ea746045
Merge pull request #1172 from asger-semmle/hostname-prefix-sanitizer
...
Approved by xiemaisi
2019-03-28 11:55:10 +00:00
Max Schaefer
c097031c7e
JavaScript: Fix uses of TypeTracker with custom flow steps.
...
These steps need to check that the type hasn't been tracked into a property.
2019-03-28 10:33:04 +00:00
Asger F
99dc2435af
JS: update test
2019-03-27 15:03:04 +00:00
Asger F
42c0efd549
JS: add test
2019-03-27 13:21:45 +00:00
semmle-qlci
86040575b1
Merge pull request #1161 from esben-semmle/js/classify-mode-html
...
Approved by xiemaisi
2019-03-27 12:56:04 +00:00
Asger F
d4c7312d80
JS: more sanitizing prefixes
2019-03-27 11:22:31 +00:00
Asger F
50f2afb622
JS: add test
2019-03-27 11:20:39 +00:00
Esben Sparre Andreasen
3cd93129a6
JS: classify HTML files with > 20 elements on a line as generated
2019-03-26 08:03:56 +01:00
Max Schaefer
084159dcfd
JavaScript: Teach type trackers to track flow through one level of properties.
2019-03-25 20:38:58 +00:00
Max Schaefer
9fbc0eb717
JavaScript: Switch from path summaries to step summaries for type tracking.
...
This is sufficient since we are not doing summarisation.
2019-03-25 20:37:05 +00:00
Max Schaefer
55394df96f
JavaScript: Refactor HTTP libraries to use type tracking instead of tracked nodes.
2019-03-25 16:57:46 +00:00
Max Schaefer
74db8b1979
JavaScript: Use type tracking instead of tracked nodes in Express.
2019-03-25 16:57:46 +00:00
Esben Sparre Andreasen
4ab3407726
JS: add classification test cases
2019-03-25 10:45:44 +01:00
Max Schaefer
8c460ae385
Merge remote-tracking branch 'upstream/master' into rc/1.20-merge-master
...
Conflict in `javascript/extractor/src/com/semmle/js/extractor/Main.java` resolved
in favour of `master`.
2019-03-21 14:46:29 +00:00
Asger F
1a6c95c908
TS: update test expectation
2019-03-21 11:06:04 +00:00
Max Schaefer
4533e1f6fe
JavaScript: Add model of adm-zip library for ZipSlip query.
2019-03-21 08:04:06 +00:00
Asger F
aaa8bfb874
TS: allow namespace imports as types
2019-03-20 10:09:18 +00:00
Max Schaefer
6fbf487524
Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19
2019-03-19 14:09:03 +00:00
Max Schaefer
77c383aee2
JavaScript: Simplify flow-summary queries.
...
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.
I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
2019-03-19 10:58:49 +00:00
Jason Reed
4475dd4b9f
JavaScript: Add test and fix change note.
2019-03-15 14:40:48 -04:00
Jason Reed
6589813ec7
JavaScript: Add tar-stream extraction to ZipSlip query.
2019-03-15 09:31:26 -04:00
Max Schaefer
5441352d41
Merge pull request #1113 from esben-semmle/js/useless-property-assign-setter
...
JS: improve use of attributes from ~Object.defineProperty~
2019-03-15 12:11:50 +00:00
semmle-qlci
cb86687302
Merge pull request #1078 from psygnisfive/UndefinedReturns
...
Approved by xiemaisi
2019-03-15 08:37:12 +00:00
Rebecca Valentine
f3683794d6
stylistic changes per PR change req. in description
...
https://github.com/Semmle/ql/pull/1078#pullrequestreview-214401005
2019-03-14 09:49:02 -07:00
semmle-qlci
d549a0dcb8
Merge pull request #1111 from xiemaisi/js/performance-fiddling
...
Approved by esben-semmle
2019-03-14 14:56:26 +00:00
semmle-qlci
5d9d23ee71
Merge pull request #1110 from xiemaisi/js/yield-in-non-generator
...
Approved by asger-semmle
2019-03-14 11:59:43 +00:00
semmle-qlci
7513bcf7ec
Merge pull request #1095 from xiemaisi/js/base64
...
Approved by esben-semmle
2019-03-14 11:58:50 +00:00
Max Schaefer
993345fb7b
JavaScript: Track Electron browser objects locally only.
2019-03-14 11:53:46 +00:00
Esben Sparre Andreasen
bd7eef08e8
JS: introduce CallToObjectDefineProperty::getAPropertyAttribute
2019-03-14 11:59:27 +01:00
Esben Sparre Andreasen
ff5b85067a
JS: add tests
2019-03-14 11:55:41 +01:00
Max Schaefer
69c63110c1
JavaScript: Teach Function.isGenerator to check for yield.
2019-03-14 10:48:44 +00:00
Max Schaefer
5d35626c58
JavaScript: Rename a test file to avoid case clash.
2019-03-14 08:55:30 +00:00
