Esben Sparre Andreasen
|
8a2c81b41c
|
JS: address review comments about duplicated logic
|
2020-02-04 10:49:23 +01:00 |
|
Max Schaefer
|
43e4ed1e18
|
JavaScript: Teach resolveMainModule to try adding extensions.
|
2020-02-04 09:39:04 +00:00 |
|
Max Schaefer
|
e21c24c60e
|
JavaScript: Add failing test case.
|
2020-02-04 09:39:04 +00:00 |
|
Esben Sparre Andreasen
|
e1180495f5
|
JS: optimize a prefix-check
|
2020-02-04 09:48:56 +01:00 |
|
semmle-qlci
|
bd51ef35b7
|
Merge pull request #2731 from erik-krogh/CVE527
Approved by esbena
|
2020-02-04 08:38:26 +00:00 |
|
Esben Sparre Andreasen
|
bbd60f52ba
|
JS: add additional flow steps to js/path-injection
|
2020-02-03 16:36:25 +01:00 |
|
Erik Krogh Kristensen
|
e3189aaa47
|
raise syntax error on declaration of private method, and add syntax tests for private fields
|
2020-02-03 16:00:25 +01:00 |
|
semmle-qlci
|
3a7845e7fc
|
Merge pull request #2653 from erik-krogh/exceptionFPs
Approved by esbena
|
2020-02-03 14:15:24 +00:00 |
|
Erik Krogh Kristensen
|
183dd68d6a
|
add qldoc to isPrivateField
|
2020-02-03 14:23:27 +01:00 |
|
Asger Feldthaus
|
3c1cbcefa5
|
TS: Pass virtual source root explicitly to Node.js process
|
2020-02-03 10:36:36 +00:00 |
|
Asger Feldthaus
|
513854a608
|
TS: Add upgrade script
|
2020-02-03 09:32:56 +00:00 |
|
Asger Feldthaus
|
9abf5f06e6
|
TS: Resolve imports using TypeScript symbols
|
2020-02-03 09:32:56 +00:00 |
|
Asger Feldthaus
|
abb95135c1
|
JS: Add UnresolvableImport metric
|
2020-02-03 09:32:56 +00:00 |
|
Erik Krogh Kristensen
|
5ff958a9cf
|
fix compilation of PrototypePollutionUtility after refactor
|
2020-02-03 09:39:41 +01:00 |
|
Esben Sparre Andreasen
|
7f25c1bf47
|
JS: address doc-review comments
|
2020-01-31 19:33:04 +01:00 |
|
Esben Sparre Andreasen
|
c70997febf
|
JS: address review comments for js/unsafe-jquery-plugin
|
2020-01-31 19:33:04 +01:00 |
|
Esben Sparre Andreasen
|
eaff78b37e
|
JS: change severity to warning
|
2020-01-31 19:33:04 +01:00 |
|
Esben Sparre Andreasen
|
1de1c15919
|
JS: minor fixups
|
2020-01-31 19:33:04 +01:00 |
|
Esben Sparre Andreasen
|
2ad9b843ae
|
JS: fix FP for js/unsafe-jquery-plugin
|
2020-01-31 19:33:04 +01:00 |
|
Esben Sparre Andreasen
|
cfd567f01d
|
JS: fix FP for js/unsafe-jquery-plugin
|
2020-01-31 19:33:04 +01:00 |
|
Esben Sparre Andreasen
|
9e247921fc
|
JS: add FP tests for js/unsafe-jquery-plugin
|
2020-01-31 19:33:04 +01:00 |
|
Esben Sparre Andreasen
|
fef918ac13
|
JS: add query "Unsafe jQuery plugin"
|
2020-01-31 19:33:04 +01:00 |
|
semmle-qlci
|
d995d5a4a0
|
Merge pull request #2716 from esbena/js/additional-koa-requests
Approved by erik-krogh
|
2020-01-31 18:30:42 +00:00 |
|
Erik Krogh Kristensen
|
84be6e1286
|
update docString on getAnAliasedSourceNode
|
2020-01-31 15:38:19 +01:00 |
|
Erik Krogh Kristensen
|
32bcb18cdf
|
add pragma[inline] to getAnAliasedSourceNode
|
2020-01-31 15:35:38 +01:00 |
|
Erik Krogh Kristensen
|
72114a48f5
|
rename getASourceAccess to getAnAliasedSourceNode
|
2020-01-31 15:34:58 +01:00 |
|
Erik Krogh Kristensen
|
e6d46b9279
|
add test for new prefix check on TaintedPath
|
2020-01-31 12:35:03 +01:00 |
|
Erik Krogh Kristensen
|
b6611b1fb3
|
add "slice" as a recognized prefix method in ClientSideUrlRedirectCustomizations.qll
|
2020-01-31 12:24:12 +01:00 |
|
Erik Krogh Kristensen
|
279c584bb8
|
fix FP in js/path-injection by recognizing more prefix checks
|
2020-01-31 11:03:11 +01:00 |
|
semmle-qlci
|
f8d0b4e602
|
Merge pull request #2618 from erik-krogh/ExceptionalPromise
Approved by asgerf
|
2020-01-31 07:59:09 +00:00 |
|
Esben Sparre Andreasen
|
5f1317fa2d
|
JS: model path.parse and its ponyfill package: "path-parse"
|
2020-01-30 21:26:18 +01:00 |
|
Esben Sparre Andreasen
|
5b5f52979d
|
JS: add uniform support for path, path.posix and path.win32
|
2020-01-30 21:26:18 +01:00 |
|
Erik Krogh Kristensen
|
8fc273b9ec
|
update expected output
|
2020-01-30 15:19:27 +01:00 |
|
semmle-qlci
|
3158b8401a
|
Merge pull request #2705 from erik-krogh/CVE75
Approved by asgerf
|
2020-01-30 13:07:05 +00:00 |
|
semmle-qlci
|
120b50f497
|
Merge pull request #2708 from asger-semmle/js/react-flow-through-imports
Approved by esbena
|
2020-01-30 13:05:07 +00:00 |
|
Erik Krogh Kristensen
|
162c19c348
|
changes based on review
|
2020-01-30 14:04:04 +01:00 |
|
Asger F
|
b88cc50cdb
|
Apply suggestions from code review
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
|
2020-01-30 12:42:58 +00:00 |
|
Asger Feldthaus
|
1bf8165098
|
TS: Other review comments
|
2020-01-30 12:41:02 +00:00 |
|
Asger Feldthaus
|
92dbfb2858
|
JS: Handle LGTM_WORKSPACE and fix emptiness check
|
2020-01-30 12:31:25 +00:00 |
|
Asger Feldthaus
|
141d4bfb70
|
TS: Handle multiple slashes in scope name
|
2020-01-30 12:28:16 +00:00 |
|
Erik Krogh Kristensen
|
7637ebcc03
|
Merge remote-tracking branch 'upstream/master' into exceptionFPs
|
2020-01-30 10:56:41 +01:00 |
|
Esben Sparre Andreasen
|
31743c42e5
|
Update javascript/ql/src/semmle/javascript/frameworks/Koa.qll
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-01-29 20:28:29 +01:00 |
|
Esben Sparre Andreasen
|
a6d3afd817
|
JS: support additional Koa request sources
|
2020-01-29 14:49:01 +01:00 |
|
Esben Sparre Andreasen
|
d4d910b681
|
JS: add koa test
|
2020-01-29 14:41:23 +01:00 |
|
Anders Schack-Mulligen
|
743b612d0d
|
Javascript/Python: Sync XML.qll
|
2020-01-29 13:31:25 +01:00 |
|
Erik Krogh Kristensen
|
b8834ffcad
|
add support for private fields in classes
|
2020-01-29 13:10:45 +01:00 |
|
semmle-qlci
|
fb90c2ba52
|
Merge pull request #2681 from asger-semmle/csrf-only-session-cookie-access
Approved by erik-krogh, max-schaefer
|
2020-01-29 10:46:48 +00:00 |
|
Erik Krogh Kristensen
|
aea365c424
|
adjust API naming
|
2020-01-28 15:09:31 +01:00 |
|
Erik Krogh Kristensen
|
cb16116b4d
|
adjust type-tracking on custom EventEmitters
|
2020-01-28 14:00:26 +01:00 |
|
Asger F
|
701d9989be
|
Apply suggestions from code review
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-01-28 12:46:51 +00:00 |
|