18 Commits

Author	SHA1	Message	Date
Asger F	b9bd0520e2	JS: Port RemotePropertyInjection	2023-10-13 13:15:05 +02:00
erik-krogh	368f84785b	fix some more style-guide violations in the alert-messages	2022-10-07 11:22:22 +02:00
erik-krogh	6ec03d4738	apply suggestions from doc review	2022-09-12 13:16:39 +02:00
erik-krogh	aa56ca37ae	make the alert messages of taint-tracking queries more consistent	2022-09-05 14:04:52 +02:00
Asger Feldthaus	f6da030572	JS: Migrate to *Query.qll convention	2021-08-12 09:30:18 +02:00
Calum Grant	771e686946	Update security-severity scores	2021-06-15 13:25:17 +01:00
Calum Grant	a594afb828	Add security-severity metadata	2021-06-10 20:11:08 +01:00
Max Schaefer	31bb39a810	JavaScript: Autoformat all QL files.	2019-01-07 10:15:45 +00:00
Max Schaefer	f1c538a97b	JavaScript: Restrict RemotePropertyInjection query to avoid double-reporting. ... This query now only flags user-controlled property and header writes, method calls are handled by the new unsafe/unvalidated method call queries.	2018-11-28 08:16:31 +00:00
Max Schaefer	3fcd02ab0e	JavaScript: Rename hasPathFlow to hasFlowPath for consistency with other languages.	2018-11-14 11:23:17 +00:00
Max Schaefer	52ae757279	JavaScript: Select Nodes (instead of PathNodes) everywhere.	2018-11-14 09:16:40 +00:00
Max Schaefer	e365b722ee	JavaScript: Select source and sink in all path queries.	2018-11-14 09:16:40 +00:00
Max Schaefer	11d6259dbf	JavaScript: Move from Node to PathNode.	2018-11-14 09:16:40 +00:00
Max Schaefer	8d87f556e1	JavaScript: Add import DataFlow::PathGraph.	2018-11-14 09:16:40 +00:00
Max Schaefer	60a1357092	JavaScript: Make all taint-based security queries have @kind path-problem.	2018-11-14 09:16:40 +00:00
Max Schaefer	65bcf0f526	JavaScript: Refactor security queries for uniformity.	2018-11-14 09:16:40 +00:00
Esben Sparre Andreasen	81aeda69e1	JS: lower @precision of js/remote-property-injection	2018-09-14 07:37:47 +02:00
Pavel Avgustinov	b55526aa58	QL code and tests for C#/C++/JavaScript.	2018-08-02 17:53:23 +01:00