6371 Commits

Author	SHA1	Message	Date
Max Schaefer	7c56c9f999	JavaScript: Move suppression of hidden nodes into edges predicate. ... They should really only be hidden for display purposes.	2019-10-29 15:19:26 +00:00
Max Schaefer	3373742077	JavaScript: Turn PathNode::getASuccessorInternal and PathNode::getAHiddenSuccessor into top-level predicates.	2019-10-29 15:19:26 +00:00
Max Schaefer	b6f4785645	JavaScript: Rename MkPathNode to MkMidNode.	2019-10-29 15:19:26 +00:00
Max Schaefer	d71faaa5f9	JavaScript: Introduce PathNode::wraps.	2019-10-29 15:19:26 +00:00
Max Schaefer	98e0932de5	JavaScript: Make Configuration::isLive nullary. ... This makes it more obvious to the evaluator that it is a good predicate to pick as a sentinel, and in practice we mostly just have one configuration in scope anyway.	2019-10-29 15:19:26 +00:00
Max Schaefer	6964945c74	JavaScript: Restrict edges to only contain nodes.	2019-10-29 15:03:52 +00:00
Erik Krogh Kristensen	2d01e7c5ed	simplify the callsArray predicate	2019-10-29 12:13:01 +01:00
Erik Krogh Kristensen	563f32193c	suggestions from @max-schaefer ... Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2019-10-29 12:10:12 +01:00
semmle-qlci	2cddb82f10	Merge pull request #2210 from max-schaefer/js/better-destructuring-type-inference ... Approved by asger-semmle, esbena	2019-10-29 08:08:51 +00:00
Asger F	94dd9a1c04	JS: Block XSS flow through encodeURIComponent	2019-10-28 17:12:40 +00:00
semmle-qlci	33374ee089	Merge pull request #2202 from asger-semmle/express-sendfile ... Approved by esbena	2019-10-28 09:24:34 +00:00
Max Schaefer	b333c6a214	Merge pull request #2106 from asger-semmle/call-graph-3 ... JS: Call graph changes	2019-10-28 09:24:10 +00:00
Erik Krogh Kristensen	b2c31701f3	add documentation to two predicates	2019-10-27 09:12:56 +01:00
Erik Krogh Kristensen	c6f53199d4	ignore when the reciever is the empty array	2019-10-27 00:24:38 +02:00
Erik Krogh Kristensen	841dac1aba	address review feedback	2019-10-25 17:46:55 +02:00
semmle-qlci	d2f3574427	Merge pull request #2165 from erik-krogh/dosHigh ... Approved by asger-semmle	2019-10-25 16:28:07 +01:00
Erik Krogh Kristensen	5b26d03f1c	introduce backtracking, and also marking join/slice calls	2019-10-25 16:50:09 +02:00
Max Schaefer	89f68f47a0	JavaScript: Improve type inference for captured variables.	2019-10-25 14:22:24 +01:00
Max Schaefer	6269dd99ab	JavaScript: Improve type inference for destructuring assignments.	2019-10-25 14:22:24 +01:00
Asger F	7ed31baeea	JS: Rename to upward navigation	2019-10-25 13:07:07 +01:00
Asger F	39e2d1480e	JS: Default to imprecision zero by default	2019-10-25 12:20:16 +01:00
Asger F	ad645d3d50	JS: Restrict sendfile sink	2019-10-25 09:57:10 +01:00
Erik Krogh Kristensen	5489a80372	add query for detecting ignored calls to Array.prototype.concat	2019-10-24 16:17:19 +02:00
Erik Krogh Kristensen	5c07750286	simplify the heuristic for Deferred promises	2019-10-24 15:51:36 +02:00
Erik Krogh Kristensen	834b572f45	add initial support for expressions in TypeScript	2019-10-24 10:17:00 +02:00
Pavel Avgustinov	325dbfe9c0	Merge pull request #2172 from hmakholm/qlpack.yml ... qlpack files are now YAML rather than JSON	2019-10-22 17:19:52 +01:00
semmle-qlci	cbfa1cd058	Merge pull request #2168 from xiemaisi/js/remove-duplicate-configuration ... Approved by erik-krogh	2019-10-22 17:02:26 +01:00
Henning Makholm	347d97c14c	qlpack.json is now qlpack.yml	2019-10-22 17:36:35 +02:00
Henning Makholm	fd768a1af6	Add some new-style suite definitions	2019-10-22 15:51:00 +02:00
semmle-qlci	cb3a05c6de	Merge pull request #2166 from xiemaisi/js/fix-typo ... Approved by esben-semmle	2019-10-22 12:38:10 +01:00
Max Schaefer	1c23615742	JavaScript: Fix typo in doc comment.	2019-10-22 10:44:25 +01:00
Erik Krogh Kristensen	ad3185c558	simplify lastStatementHasNoEffect and use the control-flow to determine which statement is the last	2019-10-22 10:33:05 +02:00
Erik Krogh Kristensen	db22916850	fix the alwaysHasNoEffect predicate, and rename it to lastStatementHasNoEffect	2019-10-22 09:37:19 +02:00
semmle-qlci	1c79ec550e	Merge pull request #2092 from esben-semmle/js/brittle-system-reflection-command ... Approved by mchammer01, xiemaisi	2019-10-22 08:36:44 +01:00
Erik Krogh Kristensen	1ae8e25603	change precision of js/loop-bound-injection and fix a false positive	2019-10-22 09:21:19 +02:00
semmle-qlci	eb9d90dff6	Merge pull request #2143 from esben-semmle/js/fix-all-sanitisers ... Approved by xiemaisi	2019-10-22 07:16:27 +01:00
semmle-qlci	0dcb189e67	Merge pull request #2162 from xiemaisi/js/remove-deprecated-queries ... Approved by esben-semmle	2019-10-22 07:15:58 +01:00
Esben Sparre Andreasen	5a983cb535	JS: add query js/shell-command-injection-from-environment	2019-10-21 23:31:55 +02:00
Erik Krogh Kristensen	2e0244cda6	address review feedback	2019-10-21 20:32:45 +02:00
Max Schaefer	b9203377c7	JavaScript: Remove a duplicate Configuration class.	2019-10-21 17:32:02 +01:00
Max Schaefer	55fb86d618	JavaScript: Remove deprecated queries. ... These queries have all been deprecated since 1.17 (released in July 2018). I think it's time to say goodbye.	2019-10-21 14:42:02 +01:00
Erik Krogh Kristensen	9eda120de4	implement a new query to detect unreachable overloaded methods in TypeScript	2019-10-21 13:34:42 +02:00
Asger F	0ad9067b7d	JS: pragma[noopt] -> pragma[noinline]	2019-10-21 11:32:22 +01:00
Asger F	96b6c83eba	JS: Tests and fixes for PartialInvokeNode	2019-10-21 11:32:22 +01:00
Asger F	3dcb134e6b	JS: Improve documentation	2019-10-18 17:00:38 +01:00
Esben Sparre Andreasen	80a32aebc1	JS: add SystemCommandExecution::isShellInterpreted	2019-10-17 13:29:24 +02:00
Max Schaefer	a4bffe35fd	JavaScript: Add support for globalThis.	2019-10-17 12:04:01 +01:00
Esben Sparre Andreasen	93b1e59d62	JS: fix spelling: sanitisers -> sanitizers	2019-10-17 09:05:03 +02:00
semmle-qlci	280a62ed30	Merge pull request #2138 from Semmle/xiemaisi-patch-1 ... Approved by erik-krogh	2019-10-16 15:14:29 +01:00
Pavel Avgustinov	7fa6c54731	Merge pull request #2119 from hmakholm/pr/qlpacks ... Add qlpack.json files	2019-10-16 14:27:10 +01:00