Max Schaefer
|
374fd597d7
|
JavaScript: Reinstate override.
(cherry picked from commit df5a8651c3)
|
2018-10-19 08:30:03 +01:00 |
|
Max Schaefer
|
b0425a298c
|
JavaScript: Eliminate slow antijoin predicate.
(cherry picked from commit 0cfd04dfa2)
|
2018-10-19 08:30:03 +01:00 |
|
Max Schaefer
|
5167d43fbc
|
JavaScript: Refactor AnalyzedPropertyWrite::writes to enable correct modelling of variable exports.
(cherry picked from commit 080f974663)
|
2018-10-19 08:30:03 +01:00 |
|
Max Schaefer
|
898ba94837
|
JavaScript: Address review comments.
(cherry picked from commit 6835815673)
|
2018-10-19 08:30:03 +01:00 |
|
Max Schaefer
|
2b7d69aaf4
|
JavaScript: Add support for Google Cloud Spanner.
(cherry picked from commit cd284b2f97)
|
2018-10-19 08:30:03 +01:00 |
|
Tom Hvitved
|
b282444740
|
Revert "JavaScript: Patch CFG to improve support for non-top level import declarations."
This reverts commit f05e777e64.
|
2018-10-19 08:30:03 +01:00 |
|
Max Schaefer
|
e683b51611
|
JavaScript: Generalise code that assumes imports only appear at the toplevel.
(cherry picked from commit db32dc2bdf)
|
2018-10-19 08:30:03 +01:00 |
|
Max Schaefer
|
de108a843d
|
JavaScript: Patch CFG to improve support for non-top level import declarations.
|
2018-10-19 08:30:03 +01:00 |
|
Max Schaefer
|
d57e93d5c6
|
JavaScript: Fix typo in query help.
(cherry picked from commit 1ab943c16b)
|
2018-10-17 11:38:29 +01:00 |
|
Aditya Sharad
|
1c71a856e1
|
Version: Bump to 1.18.1 dev.
|
2018-09-28 16:39:44 +01:00 |
|
Aditya Sharad
|
f5bd737ada
|
Version: Fix C# and JavaScript Eclipse plugins for 1.18.
|
2018-09-28 14:10:06 +01:00 |
|
Aditya Sharad
|
51697f077c
|
Version: Bump to 1.18.0 release.
|
2018-09-26 18:18:20 +01:00 |
|
semmle-qlci
|
b17aeb689c
|
Merge pull request #118 from esben-semmle/js/request-forgery
Approved by asger-semmle
|
2018-09-11 16:28:59 +01:00 |
|
Asger F
|
3d444f3dc6
|
JavaScript: fix CFG for EnhancedForStmt
|
2018-09-11 12:15:01 +01:00 |
|
Esben Sparre Andreasen
|
aaf1ac770d
|
JS: reduce declared precision of js/request-forgery
|
2018-09-09 21:30:43 +02:00 |
|
semmle-qlci
|
62e9946fe2
|
Merge pull request #150 from asger-semmle/ts-asi-bug
Approved by xiemaisi
|
2018-09-05 21:22:29 +01:00 |
|
Esben Sparre Andreasen
|
f63a3b3f39
|
JS: add missing abstract modifier
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
6e1846b1ca
|
JS: address doc review comments
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
89887e7dc8
|
JS: address review comments
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
2306afdebf
|
JS: use extensible architecture for Electron- and NodeClientRequest
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
2dd8e95a51
|
JS: remove unused getOptions method
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
d578c7422d
|
JS: docstring cleanup
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
0da14fccbd
|
JS: renaming UrlRequests.qll -> ClientRequests.qll
|
2018-09-05 09:20:45 +02:00 |
|
Esben Sparre Andreasen
|
6d78350fee
|
JS: s/URLRequest/ClientRequest, merge with NodeJSLib::ClientRequest
|
2018-09-05 09:20:45 +02:00 |
|
Asger F
|
7bd53e72dc
|
TypeScript: fix alerts in ambient code
|
2018-09-04 13:55:48 +01:00 |
|
Asger F
|
003b600e24
|
TypeScript: disable queries that rely on token information
|
2018-09-04 13:18:37 +01:00 |
|
Esben Sparre Andreasen
|
cb2a6ede59
|
JS: support http.request URL requests
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
0a89f1a420
|
JS: eliminate DefaultUrlRequest: extract the got library
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
de6b83548a
|
JS: refactor DefaultUrlRequest: extract the got library
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
1abdf2ffd5
|
JS: refactor DefaultUrlRequest: extract the http library
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
5f26c23582
|
JS: refactor DefaultUrlRequest: extract the fetch API
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
b3b997ca91
|
JS: refactor DefaultUrlRequest: extract the axios library
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
d7a81ef8ef
|
JS: refactor DefaultUrlRequest: extract the request library
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
80b81b07c5
|
JS: refactor DefaultUrlRequest: extract names
|
2018-09-04 09:26:45 +02:00 |
|
Esben Sparre Andreasen
|
f5a6af54e6
|
JS: add security query: js/request-forgery
|
2018-09-04 09:25:42 +02:00 |
|
Esben Sparre Andreasen
|
2104cf55e3
|
JS: add models of URL requests
|
2018-09-04 09:25:42 +02:00 |
|
semmle-qlci
|
4dec7c5036
|
Merge pull request #127 from xiemaisi/js/incomplete-sanitisation-doc-improvement
Approved by esben-semmle
|
2018-09-03 16:25:44 +01:00 |
|
Max Schaefer
|
759d98661c
|
Merge pull request #117 from esben-semmle/js/push-sort-taint-steps
JS: support `push` and `sort` taint steps for arrays
|
2018-09-03 09:20:35 +01:00 |
|
Max Schaefer
|
58e384558c
|
JavaScript: Improve query name and help for js/incomplete-sanitization.
The query applies more generally to all kinds of string escaping and encoding, not just sanitization.
|
2018-09-03 08:20:01 +01:00 |
|
Max Schaefer
|
20bff709b1
|
Merge pull request #136 from esben-semmle/js/composed-function-taint
JS: model composed functions (RC)
|
2018-09-03 08:18:20 +01:00 |
|
Max Schaefer
|
7e3adec789
|
Merge pull request #135 from esben-semmle/js/pick-get-taint-steps
JS: model property projection calls (RC)
|
2018-09-03 08:17:42 +01:00 |
|
Esben Sparre Andreasen
|
90b3902244
|
JS: add a taint step for property projection
|
2018-08-30 09:39:02 +02:00 |
|
Esben Sparre Andreasen
|
df97132519
|
JS: add model for property projection
|
2018-08-30 09:39:02 +02:00 |
|
Esben Sparre Andreasen
|
86ab9adb06
|
JS: support push and sort taint steps for arrays
|
2018-08-30 09:14:06 +02:00 |
|
Esben Sparre Andreasen
|
dc72788746
|
JS: add a model of some function composition libraries
|
2018-08-30 08:17:01 +02:00 |
|
semmle-qlci
|
d22a65a66b
|
Merge pull request #108 from esben-semmle/js/classify-generated-data-files
Approved by xiemaisi
|
2018-08-29 14:15:55 +01:00 |
|
Esben Sparre Andreasen
|
02d56306c9
|
JS: classify generated data files
|
2018-08-27 15:06:00 +02:00 |
|
semmle-qlci
|
55ceb9be8b
|
Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers
Approved by xiemaisi
|
2018-08-24 08:37:41 +01:00 |
|
Esben Sparre Andreasen
|
a1d79ef906
|
JS: make the new .*indexOfSanitizer-classes private
|
2018-08-23 15:59:27 +02:00 |
|
Esben Sparre Andreasen
|
2b41f62eb0
|
JS: introduce RelationalComparison.isInclucive
|
2018-08-23 14:51:39 +02:00 |
|