Rebecca Valentine
e4c5fd4f61
autoformats
2019-03-27 17:12:10 -07:00
Rebecca Valentine
a049d9a4c6
moves lib to right place
2019-03-27 16:58:33 -07:00
Rebecca Valentine
2d3c522efc
cleans up naming conventions
2019-03-27 16:57:35 -07:00
Rebecca Valentine
336eb9dcf3
adds initial qll
2019-03-27 16:31:49 -07:00
Asger F
99dc2435af
JS: update test
2019-03-27 15:03:04 +00:00
Asger F
0eb9231cb1
JS: Make use of TypeTracker::end()
2019-03-27 13:25:01 +00:00
Asger F
208bcd438b
JS: Make type-tracking predicates private
2019-03-27 13:21:45 +00:00
Asger F
7bfad8c360
JS: trailing whitespace
2019-03-27 13:21:45 +00:00
Asger F
9bbdf84e5d
JS: missing qldoc
2019-03-27 13:21:45 +00:00
Asger F
28a776a82b
JS: dataflow -> data flow
2019-03-27 13:21:45 +00:00
Asger F
c0b58f6b09
JS: Capitalize Firebase in comments
2019-03-27 13:21:45 +00:00
Asger F
99cc09df8c
JS: use TypeBackTracker where appropriate
2019-03-27 13:21:45 +00:00
Asger F
42c0efd549
JS: add test
2019-03-27 13:21:45 +00:00
Asger F
ad592d7cd1
JS: handle .after and .before
2019-03-27 13:21:45 +00:00
Asger F
0401b26b48
JS: handle CloudFunctions
2019-03-27 13:21:45 +00:00
Asger F
49a746b87a
JS: handle Reference.transaction()
2019-03-27 13:21:45 +00:00
Asger F
f554f859aa
JS: handle 'firebase-admin' package
2019-03-27 13:21:45 +00:00
Asger F
e0c06cb518
JS: handle Query methods
2019-03-27 13:21:45 +00:00
Asger F
06b0851072
JS: Add Firebase model
2019-03-27 13:21:45 +00:00
semmle-qlci
86040575b1
Merge pull request #1161 from esben-semmle/js/classify-mode-html
...
Approved by xiemaisi
2019-03-27 12:56:04 +00:00
Asger F
d4c7312d80
JS: more sanitizing prefixes
2019-03-27 11:22:31 +00:00
Asger F
50f2afb622
JS: add test
2019-03-27 11:20:39 +00:00
Max Schaefer
3e16d16525
JavaScript: Make type tracking-related parameter and predicate names more consistent.
2019-03-26 13:00:09 +00:00
Max Schaefer
bf04664bd7
Update javascript/ql/src/semmle/javascript/GeneratedCode.qll
...
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com >
2019-03-26 10:01:24 +01:00
Esben Sparre Andreasen
3cd93129a6
JS: classify HTML files with > 20 elements on a line as generated
2019-03-26 08:03:56 +01:00
Max Schaefer
c50067b597
JavaScript: Refactor type tracking to avoid computing very large relations.
2019-03-25 20:38:58 +00:00
Max Schaefer
084159dcfd
JavaScript: Teach type trackers to track flow through one level of properties.
2019-03-25 20:38:58 +00:00
Max Schaefer
9fbc0eb717
JavaScript: Switch from path summaries to step summaries for type tracking.
...
This is sufficient since we are not doing summarisation.
2019-03-25 20:37:05 +00:00
Max Schaefer
8e926333a9
JavaScript: Simplify a few newtypes and remove unused predicates.
2019-03-25 16:57:46 +00:00
Max Schaefer
55394df96f
JavaScript: Refactor HTTP libraries to use type tracking instead of tracked nodes.
2019-03-25 16:57:46 +00:00
Max Schaefer
74db8b1979
JavaScript: Use type tracking instead of tracked nodes in Express.
2019-03-25 16:57:46 +00:00
Max Schaefer
276f216ef9
JavaScript: Use type tracking to improve modelling of socket.io.
2019-03-25 16:57:46 +00:00
Max Schaefer
4702790696
JavaScript: Refactor AMD/CommonJS path expression analysis to avoid bad magic.
2019-03-25 16:57:46 +00:00
Max Schaefer
0e0fe2545d
JavaScript: Refactor Closure::isTopLevelExpr to avoid unhelpful magic.
2019-03-25 16:57:46 +00:00
Max Schaefer
c17f4d7d41
JavaScript: Cache SourceNode::track and SourceNode::backtrack.
2019-03-25 16:57:46 +00:00
Max Schaefer
2b778afdf5
JavaScript: Cache a bunch of flow steps to avoid recomputation.
2019-03-25 16:57:46 +00:00
Esben Sparre Andreasen
4ab3407726
JS: add classification test cases
2019-03-25 10:45:44 +01:00
Esben Sparre Andreasen
335a969946
JS: fix performance in ObjectDefinePropertyAsPropWrite::getRhs
2019-03-22 12:29:34 +01:00
Max Schaefer
8c460ae385
Merge remote-tracking branch 'upstream/master' into rc/1.20-merge-master
...
Conflict in `javascript/extractor/src/com/semmle/js/extractor/Main.java` resolved
in favour of `master`.
2019-03-21 14:46:29 +00:00
semmle-qlci
313134cb8c
Merge pull request #1148 from xiemaisi/js/adm-zip
...
Approved by esben-semmle
2019-03-21 14:00:30 +00:00
Asger F
1a6c95c908
TS: update test expectation
2019-03-21 11:06:04 +00:00
Max Schaefer
1835028b93
JavaScript: Show character code when reporting unexpected character.
2019-03-21 10:44:49 +00:00
Max Schaefer
4533e1f6fe
JavaScript: Add model of adm-zip library for ZipSlip query.
2019-03-21 08:04:06 +00:00
Asger F
5768d85c7b
TS: fix trap test output
2019-03-20 12:46:52 +00:00
Asger F
8201e7ea27
TS: update trap test output
2019-03-20 10:23:28 +00:00
Asger F
aaa8bfb874
TS: allow namespace imports as types
2019-03-20 10:09:18 +00:00
Max Schaefer
6fbf487524
Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19
2019-03-19 14:09:03 +00:00
Max Schaefer
77c383aee2
JavaScript: Simplify flow-summary queries.
...
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.
I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
2019-03-19 10:58:49 +00:00
Jason Reed
4475dd4b9f
JavaScript: Add test and fix change note.
2019-03-15 14:40:48 -04:00
Jason Reed
aa9ba9557c
JavaScript: Include 'unzipper' library in ZipSlip.
2019-03-15 09:32:39 -04:00
