semmle-qlci
|
681ff0f39c
|
Merge pull request #977 from asger-semmle/extend-test-version
Approved by xiemaisi
|
2019-02-26 09:55:41 +00:00 |
|
semmle-qlci
|
74a4103857
|
Merge pull request #976 from asger-semmle/closure-import-deep
Approved by esben-semmle
|
2019-02-26 09:34:04 +00:00 |
|
semmle-qlci
|
00d490e84d
|
Merge pull request #945 from asger-semmle/extensible-module-import
Approved by xiemaisi
|
2019-02-26 09:26:28 +00:00 |
|
Max Schaefer
|
c2a5350bf2
|
Merge pull request #982 from asger-semmle/closure-string-lib
JS: model string functions from closure library
|
2019-02-26 08:26:14 +00:00 |
|
Asger F
|
93440014a0
|
JS: only propagate through first argument of truncate()
|
2019-02-25 17:11:55 +00:00 |
|
Asger F
|
fab0afd755
|
JS: model string functions from closure library
|
2019-02-25 16:08:47 +00:00 |
|
semmle-qlci
|
58cc8d0ecc
|
Merge pull request #936 from xiemaisi/js/revive-electron-support
Approved by esben-semmle
|
2019-02-25 15:23:20 +00:00 |
|
Asger F
|
050626aca0
|
JS: remove audit alerts from package.json
|
2019-02-25 15:04:47 +00:00 |
|
Asger F
|
7d14429dce
|
JS: handle deeper access paths in Closure::moduleImport
|
2019-02-25 12:31:18 +00:00 |
|
Asger F
|
2f6496f6bd
|
JS: add test with undeclared nested access
|
2019-02-25 12:27:36 +00:00 |
|
Asger F
|
b31d7d1f5f
|
JS: add test case
|
2019-02-25 11:31:09 +00:00 |
|
semmle-qlci
|
014d4b9ed0
|
Merge pull request #934 from asger-semmle/module-import
Approved by xiemaisi
|
2019-02-25 09:46:52 +00:00 |
|
Max Schaefer
|
e7c95bae49
|
JavaScript: Add flow steps modelling Electron IPC.
|
2019-02-23 21:43:13 +00:00 |
|
Max Schaefer
|
a4e4957f31
|
JavaScript: Model webContents property.
|
2019-02-23 21:43:13 +00:00 |
|
Max Schaefer
|
ff83e600dc
|
JavaScript: Track Electron browser objects inter-procedurally.
|
2019-02-23 21:43:13 +00:00 |
|
Max Schaefer
|
d59c12e6eb
|
JavaScript: Recognise Electron browser objects based on TypeScript types when available.
|
2019-02-23 21:43:13 +00:00 |
|
semmle-qlci
|
26525fc1b5
|
Merge pull request #929 from asger-semmle/typescript-no-expansion
Approved by xiemaisi
|
2019-02-13 18:20:41 +00:00 |
|
semmle-qlci
|
92a6e7e04c
|
Merge pull request #932 from asger-semmle/cookbook-prepare
Approved by xiemaisi
|
2019-02-13 18:20:09 +00:00 |
|
Asger F
|
dfe3f254de
|
JS: generalize to include default imports
|
2019-02-13 18:03:57 +00:00 |
|
Max Schaefer
|
5b2df068d3
|
Merge pull request #921 from asger-semmle/class-node-absval
JS: use type inference to back up function-style classes
|
2019-02-13 10:12:20 +00:00 |
|
Asger F
|
be10f24de7
|
JS: make moduleImport() work for named imports
|
2019-02-12 17:22:06 +00:00 |
|
Anders Schack-Mulligen
|
15a6044445
|
Javascript: Autoformat qlls
|
2019-02-12 14:41:31 +01:00 |
|
Asger F
|
3290c174c3
|
JS: Add DataFlow::Node.getAFunctionValue
|
2019-02-12 13:38:46 +00:00 |
|
Asger F
|
2fd1ee60a2
|
JS: add DataFlow::Node.getIntValue()
|
2019-02-12 13:38:46 +00:00 |
|
Anders Schack-Mulligen
|
1182fca665
|
Javascript: Autoformat qls
|
2019-02-12 14:38:42 +01:00 |
|
semmle-qlci
|
c133362660
|
Merge pull request #910 from xiemaisi/js/regexp-taint
Approved by esben-semmle
|
2019-02-12 13:15:16 +00:00 |
|
Asger F
|
0444fa307d
|
TS: update test expectations
|
2019-02-12 12:33:09 +00:00 |
|
semmle-qlci
|
10b00254ec
|
Merge pull request #915 from asger-semmle/closure-uri-methods
Approved by xiemaisi
|
2019-02-11 10:51:07 +00:00 |
|
Asger F
|
74a9c4b500
|
JS: use type inference to back up function-style classes
|
2019-02-08 16:42:24 +00:00 |
|
Asger F
|
f6e0ccfcf0
|
JS: model URI and XHR methods from closure library
|
2019-02-08 15:18:27 +00:00 |
|
semmle-qlci
|
7e298cfbbe
|
Merge pull request #900 from esben-semmle/js/defuse-default
Approved by xiemaisi
|
2019-02-08 11:28:32 +00:00 |
|
semmle-qlci
|
a48594ad8e
|
Merge pull request #906 from asger-semmle/q-library
Approved by xiemaisi
|
2019-02-08 11:12:50 +00:00 |
|
Asger F
|
bfe88e9784
|
JS: make Closure::moduleImport handle member access.
|
2019-02-08 10:51:07 +00:00 |
|
Max Schaefer
|
b314c546e1
|
JavaScript: Track taint through RegExp.prototype.replace.
|
2019-02-08 09:57:07 +00:00 |
|
Asger F
|
c2321045f2
|
TS: fix import of q.d.ts in test case
|
2019-02-07 12:37:54 +00:00 |
|
Asger F
|
e4b230ba60
|
Revert "Merge pull request #897 from Semmle/revert-817-closure-modules"
This reverts commit 95185345fd, reversing
changes made to b8be66ec48.
|
2019-02-07 11:58:38 +00:00 |
|
Esben Sparre Andreasen
|
5ad83360be
|
JS: move default parameter values to the DefUse graph
|
2019-02-07 11:41:36 +01:00 |
|
Esben Sparre Andreasen
|
f956e570cb
|
JS: support default destructuring values in the dataflow graph
|
2019-02-07 11:41:36 +01:00 |
|
Esben Sparre Andreasen
|
687b7f0a7f
|
JS: exclude direct flow from the RHS in a destructuring assignment
|
2019-02-07 11:41:36 +01:00 |
|
Esben Sparre Andreasen
|
f333419bb4
|
JS: add defuse+dataflow tests for destructuring and default values
|
2019-02-07 11:24:46 +01:00 |
|
Max Schaefer
|
812cba0fe3
|
Merge pull request #828 from esben-semmle/js/vue-support-1
JS: basic Vue support
|
2019-02-07 08:00:17 +00:00 |
|
Asger F
|
e46e2b2515
|
Revert "JS: Add support for Closure modules"
|
2019-02-06 17:30:45 +00:00 |
|
semmle-qlci
|
b8be66ec48
|
Merge pull request #887 from asger-semmle/jsdoc-accessors
Approved by xiemaisi
|
2019-02-06 16:30:48 +00:00 |
|
semmle-qlci
|
b13c11017c
|
Merge pull request #885 from asger-semmle/async-waterfall
Approved by xiemaisi
|
2019-02-06 16:30:17 +00:00 |
|
Esben Sparre Andreasen
|
235625d03a
|
Merge branch 'master' into js/vue-support-1
|
2019-02-06 16:57:16 +01:00 |
|
Asger F
|
abb7e63697
|
JS: update GlobalVariableRef.expected
|
2019-02-06 09:16:30 +00:00 |
|
Esben Sparre Andreasen
|
5e2b1c026a
|
JS: introduce HTML::ScriptElement::getScript()
|
2019-02-06 09:38:00 +01:00 |
|
Esben Sparre Andreasen
|
ea175b2a9f
|
JS: introduce Vue XSS sinks
|
2019-02-06 09:38:00 +01:00 |
|
Esben Sparre Andreasen
|
ddf9ca2505
|
JS: introduce base Vue model
|
2019-02-06 09:37:23 +01:00 |
|
Asger F
|
8924aa3ee0
|
JS: add test case
|
2019-02-05 16:51:21 +00:00 |
|