semmle-qlci
7661a98909
Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference
...
Approved by xiemaisi
2018-08-22 08:02:27 +01:00
Esben Sparre Andreasen
6950bfe915
JS: review fixups in documentation and comments
2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
605695e117
JS: review fixups in documentation
2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen
21c895368d
JS: change notes for improved inter-procedural type inference
2018-08-21 22:07:40 +02:00
Esben Sparre Andreasen
eb356d8d0b
Merge branch 'master' into js/format-string-taint-step
2018-08-21 15:47:31 +02:00
semmle-qlci
6969466202
Merge pull request #83 from esben-semmle/js/bitwise-indexof-sanitizer
...
Approved by xiemaisi
2018-08-21 14:17:20 +01:00
Tom Hvitved
bae32659e4
C#: Add change note
2018-08-21 09:11:31 +02:00
Esben Sparre Andreasen
f522376217
JS: mention string formatting taint step in change notes
2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen
be8a32bb18
JS: add sanitizer support for ~whitelist.indexOf(x)
2018-08-20 20:32:57 +02:00
Luke Cartey
0477bd781a
C#: ZipSlip - Add change note.
2018-08-20 16:59:57 +01:00
semmle-qlci
0adeef73ff
Merge pull request #74 from xiemaisi/js/multi-step-export-from
...
Approved by asger-semmle
2018-08-20 12:36:26 +01:00
Max Schaefer
b2e304951e
Merge branch 'master' into ts-typescript2.9
2018-08-20 08:14:58 +01:00
Max Schaefer
a9f1e21363
JavaScript: Fix exported name of default re-exports.
...
A default re-export (not part of the standard yet) looks like this:
```
export f from 'mod';
```
What this means is that the default export of `mod` is re-exported under the name `f`.
Default re-export specifiers (like `f` in this example) are modelled as a kind of default export specifier in our library, but unlike normal default export specifiers they do not export the name `default`.
This was previously not modelled correctly, leading to surprising errors down the line, for example in type inference where we suddenly would no longer be able to resolve an import that otherwise looked resolvable.
2018-08-20 08:02:15 +01:00
semmle-qlci
44e4b25f42
Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client
...
Approved by xiemaisi
2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen
0c4fb15651
JS: add query js/cleartext-logging
2018-08-20 08:34:16 +02:00
Robert Marsh
4698d13a0d
JavaScript: add change note
2018-08-17 10:16:51 -07:00
Asger F
7f77acf5f6
TypeScript: add change note
2018-08-17 14:48:53 +01:00
Max Schaefer
303b0a0027
JavaScript: Demote HeterogenousComparison to warning level.
2018-08-14 15:54:07 +01:00
Max Schaefer
886329689f
JavaScript: Teach globalVarRef about top-level this and the global npm package.
2018-08-14 09:15:15 +01:00
Asger F
587e0f9175
JavaScript: add change note
2018-08-13 13:11:01 +01:00
semmle-qlci
c0fe0a1d24
Merge pull request #46 from asger-semmle/html-sanitizers
...
Approved by xiemaisi
2018-08-13 10:16:15 +01:00
semmle-qlci
3d0748c542
Merge pull request #48 from xiemaisi/js/webview-sinks
...
Approved by asger-semmle
2018-08-13 09:37:33 +01:00
Max Schaefer
14f14c1f6c
JavaScript: Add change note.
2018-08-10 15:59:28 +01:00
semmle-qlci
2478c6e150
Merge pull request #43 from xiemaisi/js/odasa-7275
...
Approved by
2018-08-10 12:52:05 +01:00
Asger F
8074786af4
JavaScript: Add change note HTMLSanitizers
2018-08-10 12:36:55 +01:00
Asger Feldthaus
9a7da817b4
Add change note for Extend.qll
2018-08-10 09:56:35 +01:00
Max Schaefer
e32dc08cd0
Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization
...
JS: change alert location for js/incomplete-object-initialization
2018-08-09 13:58:11 +01:00
Max Schaefer
41da997651
JavaScript: Teach IncompleteSanitization to recognize incomplete URL {en,de}coding.
2018-08-09 12:44:16 +01:00
Max Schaefer
854dc0cbeb
Merge pull request #28 from esben-semmle/js/whitelist-empty-functions
...
JS: permit some calls with spurious arguments to empty functions
2018-08-08 14:03:18 +01:00
Esben Sparre Andreasen
e1947f04df
JS: change alert location for js/incomplete-object-initialization
2018-08-08 10:43:52 +02:00
Esben Sparre Andreasen
4e98ce21b4
JS: permit some calls with spurious arguments to empty functions
2018-08-08 10:13:02 +02:00
semmle-qlci
6fc36f6621
Merge pull request #6 from hvitved/csharp/query/constant-condition
...
Approved by calumgrant
2018-08-08 06:45:07 +01:00
Robert Marsh
bad9c9acb6
C++/Doc: remove change notes from a migrated PR
2018-08-07 10:36:20 -07:00
semmle-qlci
4d97570a1a
Merge pull request #17 from xiemaisi/js/rename-unused-var
...
Approved by esben-semmle
2018-08-07 15:01:37 +01:00
semmle-qlci
6533ddfeaf
Merge pull request #20 from esben-semmle/js/more-auth-calls-and-rate-limiters
...
Approved by xiemaisi
2018-08-07 09:42:07 +01:00
Esben Sparre Andreasen
c06edd3745
Merge pull request #15 from xiemaisi/js/call-graph-data-flow
...
JavaScript: Lift call graph library to data flow graph.
2018-08-07 07:56:08 +02:00
Tom Hvitved
579d64cdd6
C#: Add change note
2018-08-06 13:46:00 -07:00
Dave Bartolomeo
797fc0784b
Merge pull request #13 from rdmarsh2/rdmarsh/cpp/change-notes
...
C++/Doc: add change notes to github.com ql repo
2018-08-06 11:37:22 -07:00
Robert Marsh
f80fbe8ba0
C++/Doc: fix whitespace error in change notes
2018-08-06 10:16:37 -07:00
Esben Sparre Andreasen
fa90c53b43
JS: update change notes for improved js/missing-rate-limiting
2018-08-06 15:15:44 +02:00
Max Schaefer
06f43748b8
JavaScript: Generalize description of js/unused-local-variable.
...
The query also flags unused imports, functions and classes (which, of course, are just unused variables at the end of the day). This is now made more explicit in the description.
2018-08-06 09:34:38 +01:00
Max Schaefer
9ba3d80bad
JavaScript: Lift call graph library to data flow graph.
2018-08-06 08:34:06 +01:00
Max Schaefer
d91218e248
Merge pull request #10 from asger-semmle/json-parsers
...
JavaScript: Add model of JSON parsers
2018-08-06 08:32:26 +01:00
Robert Marsh
fd7168a365
C++/Doc: add change notes to github.com ql repo
2018-08-03 10:24:35 -07:00
Asger F
5e88eeb368
Sort change note list
2018-08-03 15:27:45 +01:00
Asger F
b102692645
Add change note
2018-08-03 15:27:41 +01:00
Tom Hvitved
d05109df76
C#: Update queries in Bad Practices/Implementation Hiding
2018-08-03 14:19:58 +02:00
Pavel Avgustinov
b55526aa58
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
