Erik Krogh Kristensen
|
9351cd44e4
|
Merge remote-tracking branch 'githubsemmle/master' into HEAD
|
2019-11-27 13:45:59 +01:00 |
|
semmle-qlci
|
a2827e9503
|
Merge pull request #2362 from erik-krogh/promiseAll
Approved by max-schaefer
|
2019-11-27 12:35:04 +00:00 |
|
semmle-qlci
|
4916bed9cd
|
Merge pull request #2433 from asger-semmle/import-js-file
Approved by max-schaefer
|
2019-11-27 10:55:59 +00:00 |
|
semmle-qlci
|
9ca4f6aecb
|
Merge pull request #2392 from asger-semmle/window-name-flow
Approved by max-schaefer
|
2019-11-27 10:55:26 +00:00 |
|
semmle-qlci
|
793988afe4
|
Merge pull request #2344 from asger-semmle/element-pattern-prop-read
Approved by max-schaefer
|
2019-11-27 10:54:46 +00:00 |
|
Erik Krogh Kristensen
|
967ecbad24
|
Merge remote-tracking branch 'upstream/master' into promiseAll
|
2019-11-27 11:28:37 +01:00 |
|
Erik Krogh Kristensen
|
e27a69960d
|
update description
|
2019-11-27 11:17:19 +01:00 |
|
Asger F
|
605c8834c6
|
JS: Avoid redundant window.name sources
|
2019-11-27 06:15:12 +00:00 |
|
Erik Krogh Kristensen
|
b5a57986c6
|
small changes based on review feedback
|
2019-11-26 15:57:31 +01:00 |
|
Erik Krogh Kristensen
|
b6106f9638
|
keep the ResolvedPromiseDefinition class as a subclass of PromiseCreationCall
|
2019-11-26 11:16:59 +01:00 |
|
Erik Krogh Kristensen
|
f284b3a2bb
|
Merge remote-tracking branch 'upstream/master' into exceptionXss
|
2019-11-26 10:54:04 +01:00 |
|
Erik Krogh Kristensen
|
7ee12a3420
|
change doc based on review feedback
|
2019-11-26 10:48:24 +01:00 |
|
semmle-qlci
|
fb44aa18bd
|
Merge pull request #2428 from erik-krogh/useOfReturnlessFunctionSuperCalls
Approved by max-schaefer
|
2019-11-26 09:14:08 +00:00 |
|
Asger F
|
e5ba80b18c
|
JS: Add test
|
2019-11-25 15:05:33 +00:00 |
|
Asger F
|
82b35a116c
|
JS: Handle .js import of .ts file
|
2019-11-25 14:58:12 +00:00 |
|
Erik Krogh Kristensen
|
9bd6363521
|
Merge remote-tracking branch 'upstream/master' into promiseAll
|
2019-11-25 14:34:58 +01:00 |
|
Erik Krogh Kristensen
|
4efc71b7a2
|
remove FP in use-of-returnless-function FP related to calls to super()
|
2019-11-25 11:48:16 +01:00 |
|
Erik Krogh Kristensen
|
7d825af9a3
|
Added an XSS sink for Handlebars.SafeString
|
2019-11-22 15:56:21 +01:00 |
|
semmle-qlci
|
5c3c8eb35d
|
Merge pull request #2406 from erik-krogh/returnlessFp
Approved by asgerf
|
2019-11-22 13:06:03 +00:00 |
|
Erik Krogh Kristensen
|
f40d79271d
|
cleanup module imports and update expected outputs
|
2019-11-22 13:55:47 +01:00 |
|
Erik Krogh Kristensen
|
85b22536d0
|
adjust formatting
|
2019-11-22 13:36:16 +01:00 |
|
Esben Sparre Andreasen
|
5d34806e50
|
Merge pull request #2379 from asger-semmle/typescript-fixes
TS: A bunch of TypeScript fixes
|
2019-11-22 13:31:30 +01:00 |
|
Max Schaefer
|
83f5b614e9
|
JavaScript: Switch detection of callback-based string replacement to data flow.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
1951461f55
|
JavaScript: Simplify DoubleEscaping.
Undo previous work on generalising the concept of a replacement, which did not work out.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
ff002a7af4
|
JavaScript: Whitelist more harmless incomplete escapes.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
659cc812fe
|
JavaScript: Rephrase two predicates to help the optimiser.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
db3eaa23ef
|
JavaScript: Introduce modelling of String.prototype.replace and use it in two queries.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
f43e843b20
|
JavaScript: Introduce class RegExpLiteralNode.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
12ea81af9c
|
JavaScript: Move getAMatchedConstant(RegExpTerm) into the library.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
a5a5debdc7
|
JavaScript: Move getStringValue(RegExpLiteral) into the library.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
0edb70f373
|
JavaScript: Deal with escape-unescape-escape (and similar) chains.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
cb54618a5d
|
JavaScript: Deal with (un-)escaping on captured variables.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
61aa075e8d
|
JavaScript: Fix regexes for escaping schemes.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
4f899a9b0d
|
JavaScript: Recognize string escaping using .replace with a callback.
|
2019-11-22 09:24:34 +00:00 |
|
Max Schaefer
|
5dcf55e113
|
JavaScript: Refactor DoubleEscaping.ql.
|
2019-11-22 09:24:34 +00:00 |
|
semmle-qlci
|
62859d140d
|
Merge pull request #2394 from esbena/js/support-getDerivedFromError
Approved by max-schaefer
|
2019-11-22 07:45:45 +00:00 |
|
semmle-qlci
|
2c623372b6
|
Merge pull request #2405 from esbena/js/another-bind-model
Approved by asgerf
|
2019-11-22 07:35:58 +00:00 |
|
Erik Krogh Kristensen
|
94e9c0203d
|
add test for exceptional taint-flow
|
2019-11-21 17:16:13 +01:00 |
|
semmle-qlci
|
8cca9b05ea
|
Merge pull request #2393 from max-schaefer/js/improve-incomplete-sanitization-docs
Approved by mchammer01
|
2019-11-21 16:04:19 +00:00 |
|
Asger F
|
ec8ced7963
|
TS: Fix a typos and leftover todo
|
2019-11-21 15:39:37 +00:00 |
|
Asger F
|
01ab8f07eb
|
TS: Fix a crash when allowJs: true was set
|
2019-11-21 15:39:37 +00:00 |
|
Asger F
|
2c916cb4f3
|
TS: Update stats
|
2019-11-21 15:39:37 +00:00 |
|
Asger F
|
dd50d29827
|
TS: Fix crash in case of missing type roots
|
2019-11-21 15:39:37 +00:00 |
|
Asger F
|
4a885cbf92
|
TS: Expose optional parameters at syntax level
|
2019-11-21 15:39:37 +00:00 |
|
Asger F
|
b6b8213e13
|
TS: Handle rest parameters in call signatures
|
2019-11-21 15:39:37 +00:00 |
|
Asger F
|
f2c3d734ea
|
TS: Update some more tests
|
2019-11-21 15:39:37 +00:00 |
|
Asger F
|
0c41d6910f
|
TS: Pass tsconfig options correctly
|
2019-11-21 15:39:37 +00:00 |
|
Asger F
|
8205a59688
|
TS: Unfold aliases in Type.unfold()
|
2019-11-21 15:39:37 +00:00 |
|
Asger F
|
e25ee182a0
|
TS: Extract type alias relation
|
2019-11-21 15:39:37 +00:00 |
|
Asger F
|
f11dc11ade
|
TS: Fix type of RHS of TypeAliasDeclaration
|
2019-11-21 15:39:37 +00:00 |
|