1713 Commits

Author	SHA1	Message	Date
Asger F	d83f152f39	JS: Address review comments	2019-08-07 10:53:17 +01:00
Asger F	5e87d5c751	JS: Update syntactic heuristics	2019-08-07 10:53:17 +01:00
Asger F	f173e3024a	JS: Add getConstantStringParts() and HTML concat node	2019-08-07 10:53:17 +01:00
Asger F	f101944c92	JS: Expand on the StringOps::Concatenation API	2019-08-07 10:53:17 +01:00
Asger F	687534e647	JS: Address review comments	2019-08-07 10:47:08 +01:00
Asger F	41bdd8a7cc	JS: Fix qldoc indentation	2019-08-07 10:38:22 +01:00
semmle-qlci	d0a761477b	Merge pull request #1704 from xiemaisi/js/fix-export-default-examples ... Approved by asger-semmle	2019-08-07 09:34:36 +01:00
Asger F	075e47dce2	JS: Add header/headers response type	2019-08-06 15:42:22 +01:00
Asger F	ea4bfda2d1	JS: Add predicate that disappeared during conflict resolution	2019-08-06 15:33:33 +01:00
Asger F	4fb3fd992d	JS: Address comments	2019-08-06 15:28:53 +01:00
Asger F	55ab7e6abf	JS: Add qldoc	2019-08-06 15:28:53 +01:00
Asger F	64f1260220	JS: Rename getResponseFormat => getResponseType	2019-08-06 15:28:53 +01:00
Asger F	ea507db638	JS: Fix a qldoc comment	2019-08-06 15:28:52 +01:00
Asger F	a697a1b700	JS: Fix indentation of qldoc comment	2019-08-06 15:28:52 +01:00
Asger F	d3e796decc	JS: Add caution to XMLHttpRequest class	2019-08-06 15:28:52 +01:00
Asger F	02fba482fa	JS: Bugfixes	2019-08-06 15:28:52 +01:00
Asger F	0950b4d0f7	JS: Move ClientRequest classes into a module and publish them	2019-08-06 15:28:49 +01:00
Asger F	55ad3bb65f	JS: add ClientRequest.getAResponseDataNode()	2019-08-06 15:28:13 +01:00
semmle-qlci	327d5acdcf	Merge pull request #1686 from asger-semmle/lvalue-node ... Approved by xiemaisi	2019-08-06 14:43:46 +01:00
Max Schaefer	82e15ada5f	JavaScript: Fix export default examples. ... Only hoistable (function) declarations and class declarations can be default-exported (https://www.ecma-international.org/ecma-262/10.0/index.html#sec-exports).	2019-08-06 14:40:53 +01:00
semmle-qlci	77eac2c980	Merge pull request #1687 from esben-semmle/js/hide-conflicting-html-attribute ... Approved by xiemaisi	2019-08-06 11:38:33 +01:00
semmle-qlci	5de6da4ee4	Merge pull request #1697 from esben-semmle/js/fix-missing-this-in-method ... Approved by xiemaisi	2019-08-06 11:38:11 +01:00
Max Schaefer	5026a55c25	JavaScript: Fix a Cartesian product.	2019-08-05 15:42:20 +01:00
Max Schaefer	d230921b89	JavaScript: Remove two unused fields.	2019-08-05 15:41:55 +01:00
Esben Sparre Andreasen	bc2785d143	JS: add missing binding for this in BuiltinServiceCall	2019-08-05 14:10:21 +02:00
Esben Sparre Andreasen	bc296e74a1	JS: generalize internal AngularJS::BuiltinServiceCall to handle calls	2019-08-05 13:59:48 +02:00
Esben Sparre Andreasen	a652f754ee	JS: rename internal AngularJS::ServiceMethodCall	2019-08-05 13:56:49 +02:00
semmle-qlci	f60af2cfba	Merge pull request #1683 from asger-semmle/type-tracking-non-exp ... Approved by xiemaisi	2019-08-05 11:06:53 +01:00
semmle-qlci	77ae2bc8b7	Merge pull request #1684 from asger-semmle/protopollution-qhelp ... Approved by xiemaisi	2019-08-05 11:06:34 +01:00
Asger F	8bec2fe7bf	JS: Address comments	2019-08-05 10:44:39 +01:00
Esben Sparre Andreasen	c4eb258f5b	JS: lower precision of js/conflicting-html-attribute	2019-08-05 09:22:10 +02:00
Asger F	5397da7579	JS: Handle implicit return in getImmediatePredecessor	2019-08-02 20:35:22 +01:00
Asger F	8e1893d0ed	JS: Update range analysis to use getImmediatePredecessor	2019-08-02 20:35:22 +01:00
Asger F	9e949d0f44	JS: Add taint step through destructuring for-of loop	2019-08-02 20:35:21 +01:00
Asger F	de3c8bf711	JS: Introduce DataFlow::lvalueNode	2019-08-02 20:35:21 +01:00
semmle-qlci	d4e39a250d	Merge pull request #1667 from xiemaisi/js/more-ranges ... Approved by esben-semmle	2019-08-02 16:46:30 +01:00
Asger F	fcc51a8407	JS: Fix lodash version in proto pollution qhelp	2019-08-02 16:42:36 +01:00
Asger F	eb543c1ceb	JS: Remove experimental warning from type tracking	2019-08-02 16:30:44 +01:00
semmle-qlci	34cdf7c96b	Merge pull request #1677 from xiemaisi/js/flow-summary-fixes ... Approved by esben-semmle	2019-08-02 14:02:47 +01:00
semmle-qlci	635a8edacc	Merge pull request #1676 from xiemaisi/js/more-tests-classification ... Approved by esben-semmle	2019-08-02 14:02:24 +01:00
Max Schaefer	e06ed503ec	JavaScript: Make flow summaries work for non-taint configurations. ... With flow labels it often makes more sense to use a `DataFlow::Configuration` rather than a `TaintTracking::Configuration`, so flow summaries should support both.	2019-08-02 11:45:41 +01:00
Max Schaefer	97c0c97b28	JavaScript: Classify __mocks__ and __tests_ as tests. ... These are conventions used by jest: https://jestjs.io/docs/en/manual-mocks#mocking-user-modules.	2019-08-02 11:15:02 +01:00
semmle-qlci	07b97dcc07	Merge pull request #1672 from asger-semmle/flowlabel-issers ... Approved by xiemaisi	2019-08-02 10:05:41 +01:00
semmle-qlci	bb4f00d770	Merge pull request #1015 from esben-semmle/js/cli-cli ... Approved by xiemaisi	2019-08-02 09:57:19 +01:00
Asger F	e09c22e67d	JS: Add FlowLabel.isData() and .isTaint()	2019-08-01 15:22:51 +01:00
Esben Sparre Andreasen	90862fea99	JS: whitelist trivial throwers in js/superfluous-trailing-arguments	2019-08-01 11:49:43 +02:00
semmle-qlci	691df0508e	Merge pull request #1652 from xiemaisi/js/deprecate-isBarrier/2 ... Approved by asger-semmle	2019-08-01 09:47:04 +01:00
Max Schaefer	4141a98616	JavaScript: Replace Custom* with *::Range. ... The old names are kept as deprecated aliases.	2019-08-01 09:45:44 +01:00
semmle-qlci	0e64c84f7e	Merge pull request #1656 from asger-semmle/rephrase-useless-def ... Approved by xiemaisi	2019-07-31 09:55:38 +01:00
Esben Sparre Andreasen	bf4a324a86	JS: add query js/indirect-command-line-injection	2019-07-31 09:24:25 +02:00