Erik Krogh Kristensen
|
ee43db1b58
|
slightly expand the $().each model
|
2020-04-23 16:49:47 +02:00 |
|
Erik Krogh Kristensen
|
448ed150df
|
allow the empty string to flow to a JQuery XSS sink
|
2020-04-23 16:45:37 +02:00 |
|
Erik Krogh Kristensen
|
96896fd7f5
|
second round of UnsafeJQueryPlugin reuse
|
2020-04-23 15:12:32 +02:00 |
|
Erik Krogh Kristensen
|
ea569dba78
|
update doc for JQuery plugin predicate
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
|
2020-04-23 15:03:39 +02:00 |
|
Asger Feldthaus
|
cafdcfa4de
|
JS: Preserve reflective calls in getAMethodCall
|
2020-04-23 13:57:14 +01:00 |
|
Erik Krogh Kristensen
|
1954a60b6e
|
reuse existing predicate from UnsafeJqueryPlugin
|
2020-04-23 14:25:34 +02:00 |
|
Erik Krogh Kristensen
|
09b6727e6d
|
refactor $.each model
|
2020-04-23 14:24:56 +02:00 |
|
Erik Krogh Kristensen
|
ce106981b3
|
add tests
|
2020-04-23 14:24:33 +02:00 |
|
Erik Krogh Kristensen
|
e7d8cd8e8c
|
Merge remote-tracking branch 'upstream/master' into MoarJQuery
|
2020-04-23 14:10:53 +02:00 |
|
semmle-qlci
|
36b28386f8
|
Merge pull request #3332 from erik-krogh/JGrowl
Approved by esbena
|
2020-04-23 13:06:00 +01:00 |
|
Erik Krogh Kristensen
|
6897dda614
|
model that this in $().each(callback) is a DOM-node
|
2020-04-23 13:51:17 +02:00 |
|
Erik Krogh Kristensen
|
8de86967aa
|
model that this in a jQuery plugin is a jQuery object
|
2020-04-23 13:48:54 +02:00 |
|
semmle-qlci
|
801ce89c67
|
Merge pull request #3099 from esbena/js/introduce-poi-utility
Approved by erik-krogh
|
2020-04-23 12:14:00 +01:00 |
|
Erik Krogh Kristensen
|
d8c498bd15
|
add NOT OK comment
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
|
2020-04-23 12:17:25 +02:00 |
|
Erik Krogh Kristensen
|
e1423b0fa5
|
add test for jGrowl
|
2020-04-23 11:58:06 +02:00 |
|
Erik Krogh Kristensen
|
90652eeb25
|
add $.jGrowl as an XSS sink
|
2020-04-23 10:44:41 +02:00 |
|
semmle-qlci
|
da3292606c
|
Merge pull request #3191 from erik-krogh/XssDom
Approved by esbena, mchammer01
|
2020-04-23 09:17:07 +01:00 |
|
Esben Sparre Andreasen
|
a66b4b55fe
|
Update javascript/ql/src/experimental/poi/PoI.qll
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-04-23 09:47:21 +02:00 |
|
Esben Sparre Andreasen
|
161c05dced
|
Apply suggestions from code review
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-04-23 08:41:54 +02:00 |
|
Erik Krogh Kristensen
|
6ada588dd1
|
add support for util.inherits
|
2020-04-22 22:55:12 +02:00 |
|
Erik Krogh Kristensen
|
957e4073b0
|
use getABoundCallbackParameter in SocketIO
|
2020-04-22 21:56:34 +02:00 |
|
Erik Krogh Kristensen
|
40822e10b4
|
add SocketIO test case
|
2020-04-22 21:55:20 +02:00 |
|
Felicity Chapman
|
89bf35cd43
|
Merge branch 'rc/1.24' into merge-124-master
Conflicts:
change-notes/1.24/analysis-javascript.md
Resolved in favor of the rc/1.24 branch
|
2020-04-22 19:01:47 +01:00 |
|
Esben Sparre Andreasen
|
a0e6562208
|
JS: address review feedback
|
2020-04-22 14:24:35 +02:00 |
|
Esben Sparre Andreasen
|
2747e2a0c7
|
JS: formatting
|
2020-04-22 14:24:35 +02:00 |
|
Esben Sparre Andreasen
|
2186ca7efc
|
JS: address non-semantic review feedback
|
2020-04-22 14:24:35 +02:00 |
|
Esben Sparre Andreasen
|
27e5fce0ed
|
JS: make the default PoIConfiguration/enabled inclusive
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
3b45bcd285
|
JS: remove the standard PoI configurations
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
dd6378f1d0
|
JS: address PoI review comments
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
b2ca3d2bdc
|
JS: improve PoI::alertQuery docstring
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
a386d2dcee
|
JS: add missing expected output
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
607d46e2f9
|
JS: improve PoI tests
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
c407cc072e
|
JS: autoformat
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
e4ea089a0b
|
JS: add experimental PoI module
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
ec73c97422
|
JS: refactor ClassifyFiles.qll from ClassifyFiles.ql
|
2020-04-22 14:24:34 +02:00 |
|
Erik Krogh Kristensen
|
ac26741816
|
reuse existing SanitizerGuard from UnsafeJQueryPlugin
|
2020-04-22 14:16:15 +02:00 |
|
Erik Krogh Kristensen
|
0a29d132d0
|
reuse existing logic in DomBasedXss
|
2020-04-22 13:50:43 +02:00 |
|
Erik Krogh Kristensen
|
ac44cb425e
|
Merge branch 'master' into js/call-graph-exploration
|
2020-04-22 10:49:26 +02:00 |
|
Erik Krogh Kristensen
|
7bfea946fd
|
update links in xss-through-dom qhelp
|
2020-04-22 10:23:03 +02:00 |
|
Erik Krogh Kristensen
|
8811455d49
|
Merge remote-tracking branch 'upstream/master' into XssDom
|
2020-04-22 10:20:40 +02:00 |
|
Erik Krogh Kristensen
|
76503d3536
|
user controlled -> user-controlled
|
2020-04-22 10:08:01 +02:00 |
|
Erik Krogh Kristensen
|
947e9828da
|
Update javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
|
2020-04-22 10:07:50 +02:00 |
|
semmle-qlci
|
9fae953969
|
Merge pull request #3262 from asger-semmle/js/api-deprecation-and-renaming
Approved by erik-krogh
|
2020-04-21 15:45:13 +01:00 |
|
semmle-qlci
|
2fb711e460
|
Merge pull request #3169 from erik-krogh/Maps
Approved by asgerf, esbena
|
2020-04-21 12:12:06 +01:00 |
|
Erik Krogh Kristensen
|
59b94b3d1b
|
revert back to having 2 separate cases in JQuery::MethodCall
|
2020-04-21 13:08:06 +02:00 |
|
Asger Feldthaus
|
c04ba91a90
|
JS: Autoformat
|
2020-04-21 10:51:42 +01:00 |
|
Asger Feldthaus
|
39920c1b08
|
JS: Add forwarding libraries in old locations
|
2020-04-21 10:51:42 +01:00 |
|
Asger Feldthaus
|
9e4709148b
|
JS: Move Forward/Backward exploration to explore folder
|
2020-04-21 10:51:41 +01:00 |
|
Asger Feldthaus
|
647a3d3a60
|
JS: Add note and debugging and exploration
|
2020-04-21 10:51:41 +01:00 |
|
Asger Feldthaus
|
ffeda7f45a
|
JS: Expand on doc a bit
|
2020-04-21 10:51:41 +01:00 |
|