1713 Commits

Author	SHA1	Message	Date
semmle-qlci	7df397f8ab	Merge pull request #486 from xiemaisi/js/lower-severities ... Approved by asger-semmle	2018-11-20 06:39:23 +00:00
Max Schaefer	6021d2499d	JavaScript: Remove accidentally committed .actual file.	2018-11-19 12:24:19 +00:00
Pavel Avgustinov	16ec9f1aa4	Merge remote-tracking branch 'origin/next' into bump/master-next	2018-11-19 10:37:07 +00:00
Max Schaefer	73ad3f5c8a	JavaScript: Tweak JSLint library to avoid bad join order.	2018-11-19 09:12:02 +00:00
Max Schaefer	1b59a28be0	JavaScript: Downgrade a few "error" rules to "warning". ... For all of these queries, the results we tend to see in practice are certainly worth investigating, but aren't crashing bugs, so making them warnings seems more appropriate.	2018-11-19 09:09:26 +00:00
Asger F	c06c9a02f7	JS: fix copy pasta and test output	2018-11-16 10:47:02 +00:00
Asger F	dd5f485fff	JS: use original sanitizer for SSRF query	2018-11-16 10:46:14 +00:00
Asger F	6ec13feab4	JS: recognize sanitizing slashes in URL redirection queries	2018-11-16 10:43:25 +00:00
semmle-qlci	0647743333	Merge pull request #467 from xiemaisi/js/amd-imports ... Approved by asger-semmle	2018-11-16 09:31:50 +00:00
Asger F	df202eff76	Merge pull request #468 from xiemaisi/js/has{Path,Flow}+ ... JavaScript: Rename `hasPathFlow` to `hasFlowPath` for consistency with other languages.	2018-11-14 16:48:47 +00:00
semmle-qlci	4a14bef507	Merge pull request #466 from xiemaisi/js/more-data-flow-predicates ... Approved by asger-semmle	2018-11-14 16:07:59 +00:00
Max Schaefer	6f6b3b0d5e	JavaScript: Add a convenience method to SourceNode and use it in a few places.	2018-11-14 11:58:45 +00:00
Max Schaefer	a441bfb751	JavaScript: Add a convenience method to AMDModuleDefinition.	2018-11-14 11:36:40 +00:00
Max Schaefer	3fcd02ab0e	JavaScript: Rename hasPathFlow to hasFlowPath for consistency with other languages.	2018-11-14 11:23:17 +00:00
Aditya Sharad	f0715b09e1	Merge master into next.	2018-11-14 10:06:27 +00:00
Max Schaefer	d6198fcc2a	JavaScript: Introduce two more short-circuiting conjuncts.	2018-11-14 09:33:09 +00:00
Max Schaefer	52ae757279	JavaScript: Select Nodes (instead of PathNodes) everywhere.	2018-11-14 09:16:40 +00:00
Max Schaefer	e365b722ee	JavaScript: Select source and sink in all path queries.	2018-11-14 09:16:40 +00:00
Max Schaefer	d5af008e31	JavaScript: Adjust ConditionalBypass query.	2018-11-14 09:16:40 +00:00
Max Schaefer	11d6259dbf	JavaScript: Move from Node to PathNode.	2018-11-14 09:16:40 +00:00
Max Schaefer	8d87f556e1	JavaScript: Add import DataFlow::PathGraph.	2018-11-14 09:16:40 +00:00
Max Schaefer	4860364d91	JavaScript: Add explicit nodes query predicate in PathGraph. ... This is needed to correctly handle the case where `edges` is empty.	2018-11-14 09:16:40 +00:00
Max Schaefer	60a1357092	JavaScript: Make all taint-based security queries have @kind path-problem.	2018-11-14 09:16:40 +00:00
Max Schaefer	65bcf0f526	JavaScript: Refactor security queries for uniformity.	2018-11-14 09:16:40 +00:00
Max Schaefer	9b4ae9e4d3	JavaScript: Refactor HostHeaderPoisoningInEmailGeneration query.	2018-11-14 09:16:40 +00:00
Max Schaefer	c51cd50133	JavaScript: Remove a few unnecessary imports.	2018-11-14 09:16:40 +00:00
Arthur Baars	969c2796a0	Merge pull request #457 from adityasharad/merge/1.18-master-131118 ... Merge rc/1.18 into master.	2018-11-13 22:25:03 +01:00
Max Schaefer	a499009f59	Merge pull request #395 from esben-semmle/js/useless-defensive-code ... JS: add query: js/useless-defensive-code	2018-11-13 16:55:59 +00:00
Max Schaefer	4fdfbb77cc	Merge pull request #444 from esben-semmle/js/browser-based-client-requests ... JS: add models of $.ajax, $.getJSON and XMLHttpRequst	2018-11-13 16:53:52 +00:00
Max Schaefer	96989a1fd6	Merge pull request #427 from adityasharad/eclipse/remove-plugin-metadata ... Eclipse plugins: Remove plugin metadata.	2018-11-13 13:12:49 +00:00
Aditya Sharad	bc06831d01	Merge rc/1.18 into master.	2018-11-13 10:55:08 +00:00
Esben Sparre Andreasen	daed0653cb	JS: support property tracking of custom abstract values	2018-11-13 11:42:09 +01:00
Esben Sparre Andreasen	1d87c580b3	JS: introduce DefinedCustomAbstractValue	2018-11-13 11:40:31 +01:00
semmle-qlci	86e31a584e	Merge pull request #447 from esben-semmle/js/indirect-sanitization ... Approved by asger-semmle	2018-11-13 09:14:28 +00:00
Esben Sparre Andreasen	5666deac14	JS: rename js/useless-defensive-code to js/unneeded-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	1db2e6ca55	JS: add source code examples to docstrings	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	3aae1d17db	JS: avoid two uses of getChildExpr(0)	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	15123da0b7	JS: minor fixup: only traverse LogNotExprs	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8ea9fd4cca	JS: address review comments	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	7d4cf49545	JS: fixup double reporting of alerts	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	f440c9221a	JS: replace some Expr.stripParens with Expr.getUnderlyingValue	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	358e6188d9	JS: downgrade other alerts to js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	e29c57a58e	JS: add whitelist to js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	b073fcfca2	JS: add query: js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	7b215ecb2b	JS: recognize defensive programming patterns using typeof	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	c403416fef	JS: recognize defensive expressions that prevents exceptions	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	6e77489a3b	JS: add utilities for expression guards to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a2ecf40878	JS: recognize defensive expressions for null/undefined	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	2b6ef24bc2	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8086e88587	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00