1095 Commits

Author	SHA1	Message	Date
Asger F	f85e30aa6c	Merge pull request #571 from xiemaisi/js/numeric-constant-interpreted-as-code ... JavaScript: Add new query `HardcodedDataInterpretedAsCode`.	2018-11-29 17:07:48 +00:00
Max Schaefer	8637eaf100	JavaScript: Address review comments.	2018-11-29 10:48:44 +00:00
Max Schaefer	5f16406ad7	JavaScript: Add new query HardcodedDataInterpretedAsCode.	2018-11-29 09:52:31 +00:00
Max Schaefer	f1c538a97b	JavaScript: Restrict RemotePropertyInjection query to avoid double-reporting. ... This query now only flags user-controlled property and header writes, method calls are handled by the new unsafe/unvalidated method call queries.	2018-11-28 08:16:31 +00:00
Max Schaefer	2889e07eb8	JavaScript: Add new query UnvalidatedDynamicMethodCall.	2018-11-28 08:16:31 +00:00
Max Schaefer	8e54c7ab6c	Merge pull request #503 from asger-semmle/unsafe-global-object-access ... JS: add method name injection query	2018-11-26 15:56:20 +00:00
Aditya Sharad	c20b688a3f	Merge master into next.	2018-11-23 16:36:31 +00:00
Esben Sparre Andreasen	b780f82869	JS: sharpen js/clear-text-logging (ODASA-7485)	2018-11-22 13:38:43 +01:00
Asger F	61ef6552c3	JS: handle both data() and taint() source labels	2018-11-22 09:59:31 +00:00
Asger F	4ae2493798	JS: rename query to Unsafe Dynamic Method Access	2018-11-21 12:34:18 +00:00
Asger F	7d80847832	JS: add qhelp example to test suite	2018-11-20 18:44:18 +00:00
Asger F	49cd2876c9	JS: use StringConcatenation library in ConcatSanitizer	2018-11-20 18:12:07 +00:00
Asger F	8aff66616b	JS: suppress similar alerts from RemotePropertyInjection	2018-11-20 15:57:18 +00:00
Asger F	2239f863f7	JS: add query MethodNameInjection	2018-11-20 15:57:18 +00:00
Asger F	bc3b983768	JS: move CodeInjection tests into subfolder	2018-11-20 14:24:37 +00:00
Pavel Avgustinov	16ec9f1aa4	Merge remote-tracking branch 'origin/next' into bump/master-next	2018-11-19 10:37:07 +00:00
Asger F	6ec13feab4	JS: recognize sanitizing slashes in URL redirection queries	2018-11-16 10:43:25 +00:00
Aditya Sharad	f0715b09e1	Merge master into next.	2018-11-14 10:06:27 +00:00
Max Schaefer	9221b62ded	JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates.	2018-11-14 09:32:31 +00:00
Max Schaefer	d57b5d9628	JavaScript: Remove ReflectdXssPath.ql, which is now spurious.	2018-11-14 09:16:40 +00:00
semmle-qlci	86e31a584e	Merge pull request #447 from esben-semmle/js/indirect-sanitization ... Approved by asger-semmle	2018-11-13 09:14:28 +00:00
Jonas Jensen	1500237009	Merge remote-tracking branch 'upstream/master' into mergeback-20181112	2018-11-12 13:24:27 +01:00
Esben Sparre Andreasen	ffc3d6ba49	JS: simplify test (move alerts four lines up)	2018-11-12 10:21:41 +01:00
Aditya Sharad	761e5efd60	Merge master into next. ... JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum. C++ conflicts fixed by accepting Qltest output.	2018-11-09 18:49:35 +00:00
Max Schaefer	bdfe938d02	JavaScript: Improve StackTraceExposure query. ... It now also flags exposure of the entire exception object (not just the `stack` property).	2018-11-09 09:42:09 +00:00
Asger F	e0d5557ef4	JS: add email HTML body as XSS sink	2018-11-07 11:31:40 +00:00
Aditya Sharad	553c2f5d34	Merge master into next. ... As of 2846d80f1c.	2018-11-06 11:52:51 +00:00
Max Schaefer	c75d785684	JavaScript: Fix modelling of _.partial. ... Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array; cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial.	2018-10-31 06:31:59 -04:00
Aditya Sharad	56ee5ff99a	Merge master into next. ... `master` up to and including cfe0b8803a.	2018-10-25 15:32:47 +01:00
Max Schaefer	7702b58794	Merge pull request #305 from asger-semmle/json-taint-kind ... JS: Add flow label for tainted objects and sharpen NosqlInjection	2018-10-22 11:58:50 +01:00
Tom Hvitved	58a0815033	Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-17	2018-10-17 13:24:37 +02:00
semmle-qlci	1da873e819	Merge pull request #315 from esben-semmle/js/conditional-bypass-early-return ... Approved by xiemaisi	2018-10-17 08:25:55 +01:00
Esben Sparre Andreasen	ffbbb807f4	JS: avoid flagging early returns in js/user-controlled-bypass	2018-10-16 08:39:59 +02:00
semmle-qlci	16b29b2d08	Merge pull request #299 from asger-semmle/nosql-sinks ... Approved by xiemaisi	2018-10-12 07:12:05 +01:00
Tom Hvitved	b29b314f4e	Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11	2018-10-11 14:36:44 +02:00
Asger F	9b10254cd4	JS: support label-specific sanitizer guards	2018-10-10 18:27:14 +01:00
Asger F	5e720486d5	JS: recognize req.query.x as deep object taint	2018-10-10 17:15:56 +01:00
Asger F	d72d7345b8	JS: make NosqlInjection use object taint	2018-10-10 17:05:59 +01:00
Esben Sparre Andreasen	6687dfd558	JS: improve model of express' req.sendFile	2018-10-10 15:46:43 +02:00
Esben Sparre Andreasen	358b6c3413	JS: change "remote request" to "network request"	2018-10-10 15:34:39 +02:00
Esben Sparre Andreasen	3b2440e850	JS: remove useless externs definitions for tests	2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen	b00aa36cdc	JS: polish HttpToFileAccess.ql	2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen	d261915598	JS: polish FileAccessToHttp.ql	2018-10-10 12:12:54 +02:00
Asger F	74f115fa40	JS: add test case	2018-10-10 10:46:40 +01:00
Asger F	030bae9454	JS: Canonicalize ThisNode	2018-10-09 08:53:41 +01:00
Tom Hvitved	ccebd5eb11	Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08	2018-10-08 16:23:29 +02:00
Asger F	d2af4ab94a	Merge pull request #227 from xiemaisi/js/taint-kinds ... JavaScript: Add support for state-based taint tracking.	2018-10-08 15:09:12 +01:00
Tom Hvitved	49644bfb47	Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08	2018-10-08 11:48:56 +02:00
Max Schaefer	017ae4990d	JavaScript: Use custom flow labels in ClientSideUrlRedirect.	2018-10-03 15:49:02 +01:00
Denis Levin	e147e690ee	Merge branch 'master' into denisl/js/HttpToFileAccessTest	2018-10-02 15:13:35 -07:00