Pavel Avgustinov
16ec9f1aa4
Merge remote-tracking branch 'origin/next' into bump/master-next
2018-11-19 10:37:07 +00:00
Max Schaefer
73ad3f5c8a
JavaScript: Tweak JSLint library to avoid bad join order.
2018-11-19 09:12:02 +00:00
Max Schaefer
1b59a28be0
JavaScript: Downgrade a few "error" rules to "warning".
...
For all of these queries, the results we tend to see in practice are certainly worth investigating, but aren't crashing bugs, so making them warnings seems more appropriate.
2018-11-19 09:09:26 +00:00
semmle-qlci
9e4aeb36a6
Merge pull request #436 from asger-semmle/url-concat
...
Approved by xiemaisi
2018-11-19 08:57:24 +00:00
semmle-qlci
328c86c552
Merge pull request #479 from asger-semmle/typescript-extractor-perf1
...
Approved by xiemaisi
2018-11-19 08:53:41 +00:00
Asger F
84c1ba0b31
TS: fix the fix
2018-11-16 14:39:43 +00:00
Asger F
a35061ee79
TS: dont create JSON nodes in convertJsxSelfClosingElement
2018-11-16 12:58:14 +00:00
Asger F
d839fcdafc
TS: refactor to fix AutoBuildTest
2018-11-16 12:52:26 +00:00
Asger F
c06c9a02f7
JS: fix copy pasta and test output
2018-11-16 10:47:02 +00:00
Asger F
dd5f485fff
JS: use original sanitizer for SSRF query
2018-11-16 10:46:14 +00:00
Asger F
6ec13feab4
JS: recognize sanitizing slashes in URL redirection queries
2018-11-16 10:43:25 +00:00
Asger F
b5d3dd5e22
TS: do more work in parallel
2018-11-16 10:39:27 +00:00
semmle-qlci
0647743333
Merge pull request #467 from xiemaisi/js/amd-imports
...
Approved by asger-semmle
2018-11-16 09:31:50 +00:00
Asger F
737ec70ca2
Merge pull request #460 from xiemaisi/js/in-dist-trap-cache
...
JavaScript: Teach `AutoBuild` to use in-dist externs trap cache.
2018-11-15 13:08:44 +00:00
Asger F
fb1908465c
Merge pull request #469 from xiemaisi/js/bye-bye-rhino
...
JavaScript: Remove dependency on esregex, doctrine and Rhino.
2018-11-15 09:52:58 +00:00
Asger F
df202eff76
Merge pull request #468 from xiemaisi/js/has{Path,Flow}+
...
JavaScript: Rename `hasPathFlow` to `hasFlowPath` for consistency with other languages.
2018-11-14 16:48:47 +00:00
semmle-qlci
4a14bef507
Merge pull request #466 from xiemaisi/js/more-data-flow-predicates
...
Approved by asger-semmle
2018-11-14 16:07:59 +00:00
Max Schaefer
406511fb5f
JavaScript: Update .classpath.
2018-11-14 14:06:33 +00:00
Max Schaefer
585347fb5d
JavaScript: Remove obsolete Rhino interface classes.
2018-11-14 14:06:33 +00:00
Max Schaefer
2cd5702aa6
JavaScript: Remove doctrine.
2018-11-14 14:06:33 +00:00
Max Schaefer
5506cec35e
JavaScript: Remove esregex.
2018-11-14 14:06:33 +00:00
semmle-qlci
025054e44a
Merge pull request #461 from xiemaisi/js/bye-bye-rhino
...
Approved by esben-semmle
2018-11-14 14:00:07 +00:00
semmle-qlci
77213aa0d8
Merge pull request #462 from xiemaisi/js/security-paths
...
Approved by esben-semmle
2018-11-14 13:01:34 +00:00
Aditya Sharad
696178e6cc
Merge pull request #465 from esben-semmle/js/fixup-suite-master
...
JS: rename query file in suite
2018-11-14 12:01:37 +00:00
Max Schaefer
6f6b3b0d5e
JavaScript: Add a convenience method to SourceNode and use it in a few places.
2018-11-14 11:58:45 +00:00
Esben Sparre Andreasen
7585e61af6
JS: rename query file in suite
2018-11-14 12:55:53 +01:00
Max Schaefer
a441bfb751
JavaScript: Add a convenience method to AMDModuleDefinition.
2018-11-14 11:36:40 +00:00
Max Schaefer
3fcd02ab0e
JavaScript: Rename hasPathFlow to hasFlowPath for consistency with other languages.
2018-11-14 11:23:17 +00:00
Aditya Sharad
f0715b09e1
Merge master into next.
2018-11-14 10:06:27 +00:00
Max Schaefer
d6198fcc2a
JavaScript: Introduce two more short-circuiting conjuncts.
2018-11-14 09:33:09 +00:00
Max Schaefer
9221b62ded
JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates.
2018-11-14 09:32:31 +00:00
Max Schaefer
d57b5d9628
JavaScript: Remove ReflectdXssPath.ql, which is now spurious.
2018-11-14 09:16:40 +00:00
Max Schaefer
52ae757279
JavaScript: Select Nodes (instead of PathNodes) everywhere.
2018-11-14 09:16:40 +00:00
Max Schaefer
e365b722ee
JavaScript: Select source and sink in all path queries.
2018-11-14 09:16:40 +00:00
Max Schaefer
d5af008e31
JavaScript: Adjust ConditionalBypass query.
2018-11-14 09:16:40 +00:00
Max Schaefer
11d6259dbf
JavaScript: Move from Node to PathNode.
2018-11-14 09:16:40 +00:00
Max Schaefer
8d87f556e1
JavaScript: Add import DataFlow::PathGraph.
2018-11-14 09:16:40 +00:00
Max Schaefer
4860364d91
JavaScript: Add explicit nodes query predicate in PathGraph.
...
This is needed to correctly handle the case where `edges` is empty.
2018-11-14 09:16:40 +00:00
Max Schaefer
60a1357092
JavaScript: Make all taint-based security queries have @kind path-problem.
2018-11-14 09:16:40 +00:00
Max Schaefer
65bcf0f526
JavaScript: Refactor security queries for uniformity.
2018-11-14 09:16:40 +00:00
Max Schaefer
9b4ae9e4d3
JavaScript: Refactor HostHeaderPoisoningInEmailGeneration query.
2018-11-14 09:16:40 +00:00
Max Schaefer
c51cd50133
JavaScript: Remove a few unnecessary imports.
2018-11-14 09:16:40 +00:00
semmle-qlci
d83381918d
Merge pull request #458 from xiemaisi/js/more-externs
...
Approved by asger-semmle
2018-11-14 08:31:15 +00:00
Arthur Baars
969c2796a0
Merge pull request #457 from adityasharad/merge/1.18-master-131118
...
Merge rc/1.18 into master.
2018-11-13 22:25:03 +01:00
Max Schaefer
a499009f59
Merge pull request #395 from esben-semmle/js/useless-defensive-code
...
JS: add query: js/useless-defensive-code
2018-11-13 16:55:59 +00:00
Max Schaefer
4fdfbb77cc
Merge pull request #444 from esben-semmle/js/browser-based-client-requests
...
JS: add models of $.ajax, $.getJSON and XMLHttpRequst
2018-11-13 16:53:52 +00:00
Max Schaefer
96989a1fd6
Merge pull request #427 from adityasharad/eclipse/remove-plugin-metadata
...
Eclipse plugins: Remove plugin metadata.
2018-11-13 13:12:49 +00:00
Aditya Sharad
bc06831d01
Merge rc/1.18 into master.
2018-11-13 10:55:08 +00:00
Esben Sparre Andreasen
daed0653cb
JS: support property tracking of custom abstract values
2018-11-13 11:42:09 +01:00
Esben Sparre Andreasen
1d87c580b3
JS: introduce DefinedCustomAbstractValue
2018-11-13 11:40:31 +01:00
