Behrang Fouladi
|
302e271a79
|
Update EnablingNodeIntegration.expected
Change EOL to unix format
|
2018-09-07 09:52:52 -07:00 |
|
Behrang Fouladi Azarnaminy
|
bd92cd14c5
|
Changing EOL in all files to unix format
|
2018-09-07 09:47:15 -07:00 |
|
Behrang Fouladi Azarnaminy
|
ebbd3b3111
|
Adding html encoding to EnablingNodeIntegration.qhelp
|
2018-09-07 08:47:35 -07:00 |
|
Esben Sparre Andreasen
|
3d3b7b0254
|
JS: fix typo in test case
|
2018-09-06 22:54:07 +02:00 |
|
Behrang Fouladi Azarnaminy
|
9179701248
|
JavaScript: Add query for Node.js integration in Electron framework
|
2018-09-06 11:38:08 -07:00 |
|
semmle-qlci
|
62e9946fe2
|
Merge pull request #150 from asger-semmle/ts-asi-bug
Approved by xiemaisi
|
2018-09-05 21:22:29 +01:00 |
|
Jonas Jensen
|
d5e0357201
|
Revert "Revert "Version: Bump to 1.19.0 dev.""
This reverts commit ab2bec743a.
|
2018-09-05 21:07:19 +02:00 |
|
Aditya Sharad
|
f27945216f
|
Merge rc/1.18 into master.
|
2018-09-05 15:32:30 +01:00 |
|
semmle-qlci
|
5fcd663e9f
|
Merge pull request #158 from esben-semmle/js/sharpen-regexp-injection
Approved by xiemaisi
|
2018-09-05 12:45:59 +01:00 |
|
Esben Sparre Andreasen
|
f63a3b3f39
|
JS: add missing abstract modifier
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
6e1846b1ca
|
JS: address doc review comments
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
89887e7dc8
|
JS: address review comments
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
2306afdebf
|
JS: use extensible architecture for Electron- and NodeClientRequest
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
2dd8e95a51
|
JS: remove unused getOptions method
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
d578c7422d
|
JS: docstring cleanup
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
0da14fccbd
|
JS: renaming UrlRequests.qll -> ClientRequests.qll
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
6d78350fee
|
JS: s/URLRequest/ClientRequest, merge with NodeJSLib::ClientRequest
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
b9d825b379
|
JS: better matching of String.prototype.search in js/regex-injection
|
2018-09-05 08:35:00 +02:00 |
|
Aditya Sharad
|
ab2bec743a
|
Revert "Version: Bump to 1.19.0 dev."
The version bump should now go into the `next` branch rather than `master`.
This reverts commit 2363f49e3a.
|
2018-09-04 16:01:09 +01:00 |
|
Asger F
|
7bd53e72dc
|
TypeScript: fix alerts in ambient code
|
2018-09-04 13:55:48 +01:00 |
|
Asger F
|
003b600e24
|
TypeScript: disable queries that rely on token information
|
2018-09-04 13:18:37 +01:00 |
|
Esben Sparre Andreasen
|
cb2a6ede59
|
JS: support http.request URL requests
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
0a89f1a420
|
JS: eliminate DefaultUrlRequest: extract the got library
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
de6b83548a
|
JS: refactor DefaultUrlRequest: extract the got library
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
1abdf2ffd5
|
JS: refactor DefaultUrlRequest: extract the http library
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
5f26c23582
|
JS: refactor DefaultUrlRequest: extract the fetch API
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
b3b997ca91
|
JS: refactor DefaultUrlRequest: extract the axios library
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
d7a81ef8ef
|
JS: refactor DefaultUrlRequest: extract the request library
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
80b81b07c5
|
JS: refactor DefaultUrlRequest: extract names
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
f5a6af54e6
|
JS: add security query: js/request-forgery
|
2018-09-04 09:25:42 +02:00 |
|
Esben Sparre Andreasen
|
2104cf55e3
|
JS: add models of URL requests
|
2018-09-04 09:25:42 +02:00 |
|
Aditya Sharad
|
2363f49e3a
|
Version: Bump to 1.19.0 dev.
This keeps the QL for Eclipse language plugins in sync with internal `master`.
|
2018-09-03 16:41:28 +01:00 |
|
semmle-qlci
|
4dec7c5036
|
Merge pull request #127 from xiemaisi/js/incomplete-sanitisation-doc-improvement
Approved by esben-semmle
|
2018-09-03 16:25:44 +01:00 |
|
Max Schaefer
|
759d98661c
|
Merge pull request #117 from esben-semmle/js/push-sort-taint-steps
JS: support `push` and `sort` taint steps for arrays
|
2018-09-03 09:20:35 +01:00 |
|
Max Schaefer
|
58e384558c
|
JavaScript: Improve query name and help for js/incomplete-sanitization.
The query applies more generally to all kinds of string escaping and encoding, not just sanitization.
|
2018-09-03 08:20:01 +01:00 |
|
Max Schaefer
|
20bff709b1
|
Merge pull request #136 from esben-semmle/js/composed-function-taint
JS: model composed functions (RC)
|
2018-09-03 08:18:20 +01:00 |
|
Max Schaefer
|
7e3adec789
|
Merge pull request #135 from esben-semmle/js/pick-get-taint-steps
JS: model property projection calls (RC)
|
2018-09-03 08:17:42 +01:00 |
|
Max Schaefer
|
69ca103e06
|
Merge pull request #115 from esben-semmle/js/composed-function-taint
JS: model composed functions
|
2018-08-31 08:14:18 +01:00 |
|
Max Schaefer
|
7e18426fde
|
Merge pull request #113 from esben-semmle/js/pick-get-taint-steps
JS: model property projection calls
|
2018-08-31 08:13:40 +01:00 |
|
Esben Sparre Andreasen
|
90b3902244
|
JS: add a taint step for property projection
|
2018-08-30 09:39:02 +02:00 |
|
Esben Sparre Andreasen
|
df97132519
|
JS: add model for property projection
|
2018-08-30 09:39:02 +02:00 |
|
Esben Sparre Andreasen
|
86ab9adb06
|
JS: support push and sort taint steps for arrays
|
2018-08-30 09:14:06 +02:00 |
|
Esben Sparre Andreasen
|
dc72788746
|
JS: add a model of some function composition libraries
|
2018-08-30 08:17:01 +02:00 |
|
semmle-qlci
|
d22a65a66b
|
Merge pull request #108 from esben-semmle/js/classify-generated-data-files
Approved by xiemaisi
|
2018-08-29 14:15:55 +01:00 |
|
Esben Sparre Andreasen
|
02d56306c9
|
JS: classify generated data files
|
2018-08-27 15:06:00 +02:00 |
|
Dave Bartolomeo
|
d920fc7d94
|
Force LF line endings for .ql, .qll, and .qlref files
|
2018-08-24 11:58:58 -07:00 |
|
semmle-qlci
|
55ceb9be8b
|
Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers
Approved by xiemaisi
|
2018-08-24 08:37:41 +01:00 |
|
Esben Sparre Andreasen
|
a1d79ef906
|
JS: make the new .*indexOfSanitizer-classes private
|
2018-08-23 15:59:27 +02:00 |
|
Esben Sparre Andreasen
|
2b41f62eb0
|
JS: introduce RelationalComparison.isInclucive
|
2018-08-23 14:51:39 +02:00 |
|
Max Schaefer
|
2187b0c245
|
Merge pull request #89 from esben-semmle/js/sharpen-type-confusion
JS: remove emptiness checks from the type confusion `x.length` sinks
|
2018-08-23 08:04:09 +01:00 |
|