semmle-qlci
|
66a6fe7317
|
Merge pull request #3853 from max-schaefer/js/canonical-names
Approved by asgerf
|
2020-07-01 16:08:59 +01:00 |
|
Max Schaefer
|
a6d8073987
|
JavaScript: Make getADefinition and getAnAccess available on all CanonicalNames.
|
2020-07-01 14:42:03 +01:00 |
|
Esben Sparre Andreasen
|
3ca6031ae5
|
JS: rename predicate
|
2020-07-01 15:27:28 +02:00 |
|
Esben Sparre Andreasen
|
75451e349a
|
JS: teach the dataflow library identity functions Object.freeze/seal
|
2020-07-01 15:27:28 +02:00 |
|
Esben Sparre Andreasen
|
33c52761d4
|
JS: more dataflow and global access path testing
|
2020-07-01 15:26:25 +02:00 |
|
Erik Krogh Kristensen
|
3157cd724d
|
add noSQL tests for type-tracking req.query
|
2020-07-01 11:45:09 +02:00 |
|
Erik Krogh Kristensen
|
bace2994c3
|
add test for type-tracking req.params
|
2020-07-01 11:38:54 +02:00 |
|
Erik Krogh Kristensen
|
8227010463
|
also use new type-tracking in isUserControlledObject
|
2020-07-01 11:32:51 +02:00 |
|
Erik Krogh Kristensen
|
ed48efe5b4
|
recognize access to a query object through function calls
|
2020-06-30 15:52:08 +02:00 |
|
semmle-qlci
|
224289c55f
|
Merge pull request #3845 from max-schaefer/js/walk-sync
Approved by asgerf
|
2020-06-30 14:45:41 +01:00 |
|
semmle-qlci
|
42bca1a3fa
|
Merge pull request #3824 from asger-semmle/js/static-regexp-capture-group-step
Approved by erik-krogh, esbena
|
2020-06-30 13:20:14 +01:00 |
|
semmle-qlci
|
c850938af0
|
Merge pull request #3833 from asger-semmle/js/vue-class-component
Approved by erik-krogh
|
2020-06-30 13:16:42 +01:00 |
|
semmle-qlci
|
15a0297ca2
|
Merge pull request #3834 from asger-semmle/js/vue-classification
Approved by erik-krogh
|
2020-06-30 13:14:25 +01:00 |
|
Max Schaefer
|
62d56a3d7c
|
JavaScript: Fix module name for walk-sync package.
|
2020-06-30 11:57:16 +01:00 |
|
Esben Sparre Andreasen
|
80981ec8f5
|
Update UnsafeHtmlExpansion-transformed.html
|
2020-06-30 12:01:02 +02:00 |
|
Esben Sparre Andreasen
|
c7f67fafd9
|
JS: support additional promisification of the fs-module members
|
2020-06-30 09:10:30 +02:00 |
|
Asger Feldthaus
|
182e4ce727
|
JS: Autoformat
|
2020-06-29 19:10:28 +01:00 |
|
Asger Feldthaus
|
cb12d894a6
|
JS: Add test
|
2020-06-29 15:54:06 +01:00 |
|
Asger Feldthaus
|
326c7af4eb
|
JS: Fix incorrect classification of Vue files
|
2020-06-29 15:49:07 +01:00 |
|
semmle-qlci
|
da8725aa5c
|
Merge pull request #3823 from dellalibera/js/fancy-log
Approved by erik-krogh
|
2020-06-29 14:46:51 +01:00 |
|
semmle-qlci
|
b3e68ef81c
|
Merge pull request #3806 from erik-krogh/moreDownloads
Approved by asgerf
|
2020-06-29 13:53:10 +01:00 |
|
Asger Feldthaus
|
b05942b599
|
JS: Add HTML file example
|
2020-06-29 13:45:01 +01:00 |
|
Asger Feldthaus
|
3938856e61
|
JS: Make this work in qltest
|
2020-06-29 13:42:55 +01:00 |
|
Asger Feldthaus
|
e46a9dac65
|
JS: Count lines of code correctly
|
2020-06-29 09:59:17 +01:00 |
|
Asger Feldthaus
|
1e5f846168
|
JS: Use StringReplaceCall
|
2020-06-29 09:31:56 +01:00 |
|
Erik Krogh Kristensen
|
27b2c02693
|
remove todo comment
Co-authored-by: Asger F <asgerf@github.com>
|
2020-06-29 09:58:59 +02:00 |
|
Asger Feldthaus
|
da3d1a3b5f
|
JS: Recognize 'lang' attribute of script tags
|
2020-06-29 08:15:52 +01:00 |
|
Asger F
|
bdb7e3def3
|
Apply suggestions from code review
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-06-29 07:55:15 +01:00 |
|
Asger Feldthaus
|
03c91a66c5
|
JS: Update expected output
|
2020-06-29 07:52:25 +01:00 |
|
Alessio Della Libera
|
ce32d646dc
|
Update javascript/ql/src/semmle/javascript/frameworks/Logging.qll
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
|
2020-06-28 21:58:45 +02:00 |
|
Asger Feldthaus
|
9ca25d5bef
|
JS: Support .hash extraction via a few more methods
|
2020-06-28 01:38:59 +01:00 |
|
Asger Feldthaus
|
19db418395
|
JS: Add missing store step in Xss query
|
2020-06-28 01:26:11 +01:00 |
|
Asger Feldthaus
|
3e616e998e
|
JS: Add test
|
2020-06-27 21:31:40 +01:00 |
|
Asger Feldthaus
|
84d21074e5
|
JS: Support Vue class components
|
2020-06-27 21:24:46 +01:00 |
|
Asger Feldthaus
|
ac5b9cd168
|
JS: Autoformat
|
2020-06-26 23:15:04 +01:00 |
|
ubuntu
|
9135bbd5c8
|
JS: model fancy-log (and recognize the 'dir' log level)
|
2020-06-26 21:33:52 +02:00 |
|
Asger Feldthaus
|
6707e3424d
|
JS: Prevent bad join ordering
|
2020-06-26 20:21:56 +01:00 |
|
Asger Feldthaus
|
06dd3ab2ca
|
JS: Propagate into RegExp.$x
|
2020-06-26 18:58:43 +01:00 |
|
Asger Feldthaus
|
17af8f7650
|
JS: Add test for taint propagating into RegExp.$1
|
2020-06-26 18:58:43 +01:00 |
|
semmle-qlci
|
3aefb7fad9
|
Merge pull request #3613 from erik-krogh/Reassigned
Approved by asgerf
|
2020-06-26 17:05:45 +01:00 |
|
semmle-qlci
|
b015c735d0
|
Merge pull request #3809 from max-schaefer/util-deprecate
Approved by asgerf
|
2020-06-26 14:20:14 +01:00 |
|
Erik Krogh Kristensen
|
0b050204ad
|
add missing dot in qldoc
|
2020-06-26 15:07:12 +02:00 |
|
Erik Krogh Kristensen
|
e4fe236d37
|
autoformat
|
2020-06-26 13:59:06 +02:00 |
|
Max Schaefer
|
640c194c92
|
JavaScript: Model util.deprecate as a pre call-graph step.
|
2020-06-26 11:47:19 +01:00 |
|
Max Schaefer
|
712a216461
|
Add self-verifying type-tracking tests.
|
2020-06-26 11:47:19 +01:00 |
|
semmle-qlci
|
f81fc77e9e
|
Merge pull request #3782 from erik-krogh/promiseSteps
Approved by asgerf
|
2020-06-26 10:11:10 +01:00 |
|
semmle-qlci
|
92cc59b47b
|
Merge pull request #3800 from esbena/js/npmlog
Approved by erik-krogh
|
2020-06-26 07:54:08 +01:00 |
|
Erik Krogh Kristensen
|
7cb6516bc4
|
make internal predicates within DominatingPaths smaller.
|
2020-06-25 23:00:52 +02:00 |
|
Erik Krogh Kristensen
|
1ec2c549d2
|
autoformat
|
2020-06-25 23:00:52 +02:00 |
|
Erik Krogh Kristensen
|
8b3ca73c1c
|
autoformat
|
2020-06-25 23:00:52 +02:00 |
|