Alvaro Muñoz
|
744cea9baa
|
add tests
|
2022-10-13 15:19:29 +02:00 |
|
Alvaro Muñoz
|
468628525e
|
Change to camelcase
|
2022-10-13 12:18:07 +02:00 |
|
Alvaro Muñoz
|
ea8edb8408
|
initial tests
|
2022-10-13 11:32:21 +02:00 |
|
Asger F
|
11ba0f0bbe
|
Merge pull request #10253 from asgerf/js/type-defs-squashed
JS: Add generated typings to SQL models
|
2022-09-23 11:34:01 +02:00 |
|
Asger F
|
d1e19a313b
|
JS: Update test case to clarify choice of sinks
|
2022-09-23 09:18:15 +02:00 |
|
Erik Krogh Kristensen
|
0720fa75df
|
Merge pull request #10286 from erik-krogh/js-followMsg
JS: change alert messages of path queries to use the same template
|
2022-09-20 16:12:45 +02:00 |
|
Asger F
|
47f1d62569
|
JS: Add generated typings to SQL models
|
2022-09-20 11:40:16 +02:00 |
|
erik-krogh
|
afcb767f8d
|
Merge branch 'main' into js-followMsg
|
2022-09-12 13:21:16 +02:00 |
|
erik-krogh
|
26d8553f6e
|
ensure consistent casing of names
|
2022-09-09 10:34:14 +02:00 |
|
Erik Krogh Kristensen
|
9893650f7c
|
Merge pull request #8604 from erik-krogh/httpNode
JS: refactor most library models away from AST nodes
|
2022-09-09 10:04:17 +02:00 |
|
erik-krogh
|
a35fe1ffab
|
Merge branch 'main' into js-followMsg
|
2022-09-08 13:09:15 +02:00 |
|
Erik Krogh Kristensen
|
0c4f08c841
|
refactor the CredentialsExpr to be a dataflow node
|
2022-09-05 16:11:54 +02:00 |
|
Erik Krogh Kristensen
|
aa9261f1b1
|
convert the AngularJS model to use DataFlow nodes
|
2022-09-05 16:11:54 +02:00 |
|
Erik Krogh Kristensen
|
2f429e7d29
|
convert some leftovers to use dataflow nodes
|
2022-09-05 16:11:54 +02:00 |
|
Erik Krogh Kristensen
|
136124fbaa
|
convert the remaining Koa models to DataFlow nodes
|
2022-09-05 16:11:54 +02:00 |
|
Erik Krogh Kristensen
|
fc54ba823b
|
update the existing expression based Express models
|
2022-09-05 16:11:54 +02:00 |
|
Erik Krogh Kristensen
|
8266b083d7
|
update the predicates on Express::RouteHandler to use dataflow nodes
|
2022-09-05 16:11:54 +02:00 |
|
Erik Krogh Kristensen
|
4cfbf15d18
|
deprecate RouteHandlerExpr and make RouteHandlerNode instead
|
2022-09-05 16:11:54 +02:00 |
|
Erik Krogh Kristensen
|
92240384a9
|
update the tests to reflect the extra DataFlow::Nodes
|
2022-09-05 15:47:38 +02:00 |
|
Erik Krogh Kristensen
|
dfb7782be0
|
replace getA?RouteHandlerExpr with getA?RouteHandlerNode
|
2022-09-05 15:46:27 +02:00 |
|
Erik Krogh Kristensen
|
288230d7cf
|
update tests to reflect the extra DataFlow::Nodes from ResponseNode and RequestNode
|
2022-09-05 15:46:27 +02:00 |
|
Erik Krogh Kristensen
|
30d929909c
|
deprecate RequestExpr and ResponseExpr and use ResponseNode and RequestNode instead
|
2022-09-05 15:46:25 +02:00 |
|
Erik Krogh Kristensen
|
9cb7522bc1
|
change RouteSetup to a DataFlow::Node
|
2022-09-05 15:45:31 +02:00 |
|
Erik Krogh Kristensen
|
19e808186d
|
refactor definesExplicitly to use DataFlow::Node
|
2022-09-05 15:44:13 +02:00 |
|
Erik Krogh Kristensen
|
d4ccc75ce1
|
refactor RedirectInvocation to a DataFlow::Node
|
2022-09-05 15:44:13 +02:00 |
|
erik-krogh
|
aa56ca37ae
|
make the alert messages of taint-tracking queries more consistent
|
2022-09-05 14:04:52 +02:00 |
|
Asger F
|
55fdf84d15
|
Ruby+JS: change LabelEntryPoint.toString()
fixup Ruby entry point tests
|
2022-09-03 13:24:45 +02:00 |
|
Asger F
|
0d88d20b56
|
JS: Actually update test output this time
|
2022-08-30 16:44:01 +02:00 |
|
Asger F
|
51d6f752ab
|
JS: Add partially failing test
|
2022-08-30 14:08:31 +02:00 |
|
Asger F
|
ef627b4872
|
Add support for TypeVar[x] and typeVariable rows
|
2022-08-30 14:07:35 +02:00 |
|
Asger F
|
623531a719
|
Merge pull request #10206 from asgerf/js/js-mad-changes
JS: Some JS-specific MaD changes
|
2022-08-30 14:03:14 +02:00 |
|
Asger F
|
f589520917
|
JS: Add tests
|
2022-08-30 13:38:08 +02:00 |
|
erik-krogh
|
52b9ff81c5
|
Merge branch 'main' into dynCall
|
2022-08-29 15:30:01 +02:00 |
|
erik-krogh
|
cc7a9ef97a
|
rename more acronyms
|
2022-08-25 20:52:27 +02:00 |
|
Erik Krogh Kristensen
|
7b1ef7473e
|
change ArrayCreationStep to a PreCallGraphStep and unrestrict the storeStep
|
2022-08-22 08:15:54 +02:00 |
|
Tom Hvitved
|
663096fe3a
|
Remove redundant overrides
|
2022-08-19 13:57:41 +02:00 |
|
erik-krogh
|
4cbfbfe170
|
add call-edge for dynamic dispatch to unknown property from an object literal
|
2022-08-11 12:29:50 +02:00 |
|
Asger F
|
631527fe49
|
JS: Rename Node.{getASource -> asSource, getASink -> asSink}
|
2022-05-24 11:57:30 +02:00 |
|
Asger Feldthaus
|
9fad4b883b
|
JS: Autoformat
|
2022-05-24 11:57:30 +02:00 |
|
Asger Feldthaus
|
19a5db9f89
|
JS: Rename getARhs -> getASink
|
2022-05-24 11:57:30 +02:00 |
|
Asger Feldthaus
|
4c6192670e
|
JS: Rename getAnImmediateUse -> getASource
|
2022-05-24 11:57:30 +02:00 |
|
Erik Krogh Kristensen
|
b74d1fdb1a
|
Merge pull request #8783 from erik-krogh/jsAbstractBi
JS: don't initialize sanitizer-guards in the standard library
|
2022-04-29 11:12:16 +02:00 |
|
Erik Krogh Kristensen
|
8fcbaea273
|
Merge branch 'main' into labelNaming
|
2022-04-22 13:19:44 +02:00 |
|
Erik Krogh Kristensen
|
173e1d0262
|
move the DomBasedXss sources/sinks into the Customizations file
|
2022-04-20 18:10:53 +02:00 |
|
Asger Feldthaus
|
75a84378ac
|
JS: Do not generate def-nodes for decorated parameters
|
2022-03-29 16:13:45 +02:00 |
|
Asger Feldthaus
|
ca145f21b0
|
JS: Add test showing why parameter-sinks wont actually work well in JS
|
2022-03-29 16:06:53 +02:00 |
|
Asger Feldthaus
|
3bcfca421f
|
JS: Add test case for decorated parameter sinks
|
2022-03-29 15:55:43 +02:00 |
|
Erik Krogh Kristensen
|
ae3b32409a
|
update expected output of tests that relied on API::Node::toString()
|
2022-03-29 10:59:08 +02:00 |
|
Asger Feldthaus
|
cf596a1856
|
JS: Add decorator edges in API graphs and corresponding MaD tokens
|
2022-03-28 15:34:40 +02:00 |
|
Asger F
|
e5f2b830f3
|
Merge pull request #8577 from asgerf/fix-mad-warning
JS/Ruby: Fix regexp in MaD checking
|
2022-03-28 15:29:16 +02:00 |
|