5316 Commits

Author	SHA1	Message	Date
Alessio Della Libera	616113aeff	Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-08-27 00:47:29 +02:00
ubuntu	94bd9c6d3e	Rename LdapjsDN to LdapjsDNArgument and add it as Sink	2020-08-27 00:43:38 +02:00
ubuntu	7d36b3b4d2	Correct typo	2020-08-27 00:26:54 +02:00
ubuntu	2305a642eb	Correct typo	2020-08-27 00:24:50 +02:00
Alessio Della Libera	23287aacee	Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-08-27 00:17:55 +02:00
Alessio Della Libera	f12ac8ca60	Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-08-27 00:17:33 +02:00
ubuntu	cd1d50b637	Update expected output	2020-08-26 23:50:15 +02:00
Alessio Della Libera	dcf51c75e9	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.ql ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-26 23:33:52 +02:00
Esben Sparre Andreasen	d27442e846	Apply suggestions from code review ... Co-authored-by: Felicity Chapman <felicitymay@github.com>	2020-08-26 20:18:54 +02:00
Esben Sparre Andreasen	89305865d0	JS: make sanitization a "common" technique rather than "important"	2020-08-26 15:41:54 +02:00
Erik Krogh Kristensen	61427393be	add qldoc to Generators.qll file	2020-08-26 09:11:39 +02:00
Alessio Della Libera	57f3c73d3d	Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-08-26 02:08:31 +02:00
Alessio Della Libera	6979c394fe	Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-08-26 02:08:18 +02:00
Alessio Della Libera	355c7bc3b5	Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-08-26 02:08:08 +02:00
Alessio Della Libera	e027c8cc13	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-26 01:48:05 +02:00
Alessio Della Libera	a1f64e26cf	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-26 01:47:52 +02:00
Alessio Della Libera	3bd7615a75	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-26 01:47:37 +02:00
Alessio Della Libera	57cf447188	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-26 01:46:59 +02:00
Erik Krogh Kristensen	e6bfffaed3	update basic-block on ExceptionalFunctionReturnNode and FunctionReturnNode	2020-08-25 20:09:41 +02:00
Erik Krogh Kristensen	840f30f7bc	add basic-block test to dataflow tests	2020-08-25 20:09:36 +02:00
Erik Krogh Kristensen	90422fe705	add support for delegating yield	2020-08-25 20:05:53 +02:00
Erik Krogh Kristensen	6a07e1e82b	add more passing tests	2020-08-25 20:04:35 +02:00
Erik Krogh Kristensen	afaaea8922	support basic generators	2020-08-25 20:04:30 +02:00
Erik Krogh Kristensen	592ed8a3a1	remove ordinary return flow from generator functions	2020-08-25 14:02:57 +02:00
CodeQL CI	722b1a24f6	Merge pull request #4087 from erik-krogh/thisJsx ... Approved by asgerf	2020-08-25 10:20:32 +01:00
CodeQL CI	844abc51e8	Merge pull request #4108 from erik-krogh/packType ... Approved by asgerf	2020-08-25 10:17:28 +01:00
ubuntu	22f5ae4ad4	Format code	2020-08-24 18:53:37 +02:00
CodeQL CI	e2c6a01c00	Merge pull request #4097 from erik-krogh/createRequire ... Approved by esbena	2020-08-24 15:57:10 +01:00
Erik Krogh Kristensen	309346841a	Merge branch 'main' into packType	2020-08-24 12:44:24 +02:00
Erik Krogh Kristensen	eb84f97e7f	Merge branch 'main' into ts4	2020-08-24 12:20:48 +02:00
ubuntu	3e97ec85b2	Add CodeQL to detect LDAP Injection in JS	2020-08-23 15:24:29 +02:00
Erik Krogh Kristensen	db57f3661e	Merge branch 'main' into ts4	2020-08-21 15:08:30 +02:00
Erik Krogh Kristensen	65a1769d43	Merge branch 'main' into asyncCalls	2020-08-21 14:58:27 +02:00
Erik Krogh Kristensen	bbbb0a2c5e	specialize module.createRequire support to ES2015 modules	2020-08-21 14:14:05 +02:00
CodeQL CI	29183fa0a1	Merge pull request #4067 from erik-krogh/noBin ... Approved by esbena	2020-08-20 23:07:02 +01:00
Erik Krogh Kristensen	68f7942820	Merge branch 'main' into noBin	2020-08-20 15:58:15 +02:00
Erik Krogh Kristensen	fa8edeed6a	change StoredXss example to use TypeTracking	2020-08-20 15:05:38 +02:00
Erik Krogh Kristensen	906705f84c	add SourceNode example to the TrackedNode deprecation description	2020-08-20 15:01:40 +02:00
Erik Krogh Kristensen	372e1a3d84	support the "type" field on package.json files while extracting	2020-08-20 14:26:15 +02:00
Erik Krogh Kristensen	fe41521e0c	add tutorial for how to get around TrackedNodes deprecation	2020-08-20 12:46:17 +02:00
Erik Krogh Kristensen	8f68f512df	deprecate TrackedNodes.qll	2020-08-20 11:26:22 +02:00
Erik Krogh Kristensen	3d5c1560e4	basic support for .cjs files	2020-08-19 10:53:57 +02:00
Erik Krogh Kristensen	103f739d16	add test for types of modules	2020-08-19 10:52:38 +02:00
Erik Krogh Kristensen	1e65ed2228	support module.createRequire	2020-08-18 14:43:03 +02:00
Erik Krogh Kristensen	d1b3963e2d	correctly treat ES2015 modules as being in strict-mode in the extractor	2020-08-18 10:13:20 +02:00
Erik Krogh Kristensen	eb5dfe8438	autoformat	2020-08-17 22:46:20 +02:00
Erik Krogh Kristensen	73d1fac88e	support named tuples where not all tuple elements are named	2020-08-17 16:20:26 +02:00
Erik Krogh Kristensen	83ed41b247	move indices comment into plain comment	2020-08-17 15:43:52 +02:00
Erik Krogh Kristensen	c28889225a	skip binary files when extracting JavaScript	2020-08-17 15:21:15 +02:00
CodeQL CI	c917cd02bd	Merge pull request #4054 from erik-krogh/urlIncludes ... Approved by esbena	2020-08-17 13:54:25 +01:00