Erik Krogh Kristensen
6a6a63e1aa
Merge pull request #9354 from erik-krogh/jsStages
...
JS: collapse a few small stages
2022-05-30 20:31:54 +02:00
Asger F
c188aa87c7
Merge branch 'main' into js/madman-prep
2022-05-30 15:03:14 +02:00
Rasmus Wriedt Larsen
7a6646dcaf
Merge pull request #8883 from erik-krogh/pyMaD
...
Python: add MaD implementation
2022-05-30 13:31:07 +02:00
Asger F
5f42866de3
Merge pull request #9318 from asgerf/js/type-confusion-parmaeter-tampering-barrier
...
JS: Fix FP in js/type-confusion-through-parameter-tampering
2022-05-30 12:52:37 +02:00
Erik Krogh Kristensen
b700972e6f
fix bad join in XmlParers::getAResult
2022-05-30 12:37:51 +02:00
Max Schaefer
820dfac48c
Manually write out a transitive closure.
2022-05-30 12:37:50 +02:00
Max Schaefer
ea70aaff57
Improve detection of UMD modules.
...
We previously required the `define` to appear directly as an expression statement, but there are common patterns where this is not the case.
2022-05-30 12:37:50 +02:00
Max Schaefer
47e425a184
Improve inVoidContext to take conditional expressions into account.
2022-05-30 12:37:50 +02:00
Erik Krogh Kristensen
adb40f9360
Merge pull request #9289 from erik-krogh/es2022
...
JS: Support the remaining of the finished ES2022 proposals
2022-05-30 12:27:19 +02:00
Erik Krogh Kristensen
ab28b0a690
Merge pull request #9348 from erik-krogh/polyRegSyntax
...
JS: use syntactically correct JS in poly-redos example
2022-05-30 12:26:04 +02:00
Erik Krogh Kristensen
c7a8008897
Merge pull request #9235 from kaeluka/extractor-update-typescript-4_7
...
JS: Update the extractor to use TypeScript 4.7
2022-05-30 12:02:06 +02:00
Erik Krogh Kristensen
63e637503d
rewrite js/sensitive-get-query to use routing trees
2022-05-30 11:55:09 +02:00
Asger F
cc42f2f824
Merge pull request #8606 from asgerf/js/api-graph-api
...
JS/Python/Ruby: Document how API graphs should be interpreted
2022-05-30 10:49:14 +02:00
Erik Krogh Kristensen
62fd3fd90f
add test that we detect the used type variable in an infer type
2022-05-27 14:15:27 +00:00
Asger F
7e76e9a23b
Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier
2022-05-27 15:55:42 +02:00
Asger F
468a4df215
Update javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll
...
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com >
2022-05-27 15:55:25 +02:00
Erik Krogh Kristensen
8c12a7289f
collapse a few small stages
2022-05-27 13:19:06 +02:00
Tom Bolton
5830db786e
Merge pull request #9285 from github/codeql-ci/js-atm-new-release
...
JS: Bump version numbers of ML-powered packs after 0.3.0 release
2022-05-27 11:39:45 +01:00
Erik Krogh Kristensen
fef87db739
use syntactically correct JS in poly-redos example
2022-05-27 10:08:30 +02:00
Erik Krogh Kristensen
d199173923
add a getAPrimaryQlClass predicate to ExpressionWithTypeArguments
2022-05-25 16:10:13 +00:00
Erik Krogh Kristensen
361b2aa6bb
Merge pull request #9325 from erik-krogh/CWE-940
...
JS: add CWE-940 to js/missing-origin-check
2022-05-25 16:41:40 +02:00
Asger F
5964be4463
Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier
2022-05-25 15:53:24 +02:00
Asger F
893f4ab8fb
Merge pull request #9288 from asgerf/js/resource-exhaustion-no-buffer.from
...
JS: Remove Buffer.from sink from js/resource-exhaustion
2022-05-25 15:51:54 +02:00
Erik Krogh Kristensen
ed907f6f63
add CWE-940 to js/missing-origin-check
2022-05-25 14:15:48 +02:00
Erik Krogh Kristensen
efa895e912
update expected output
2022-05-25 10:33:39 +00:00
Erik Krogh Kristensen
f38d1f9a4e
merge main into ts47
2022-05-25 10:13:25 +00:00
Erik Krogh Kristensen
009ba4c280
update query id to the updated id
2022-05-25 10:55:33 +02:00
Asger F
877a9d8bcc
JS: Fix FP in js/type-confusion-through-parameter-tampering
2022-05-25 09:53:46 +02:00
github-actions[bot]
1f1b364feb
Release preparation for version 2.9.3
2022-05-25 07:46:48 +00:00
tombolton
91fa17a05e
simplify imports in counting queries
2022-05-24 15:02:26 +01:00
tombolton
7e32614c25
refactor counting code into a library
2022-05-24 15:02:26 +01:00
tombolton
33964383d7
add individual per-security-query counting queries
2022-05-24 15:02:26 +01:00
Asger F
ced1d21405
JS: Add getters for DeclarationSpace members
2022-05-24 14:30:36 +02:00
Asger Feldthaus
a5f2c949d3
JS: Add UnionOrIntersectionTypeExpr
2022-05-24 14:30:36 +02:00
Asger F
d7e3e9e5db
JS: Fix extraction of identifiers in EXPORT_BASE context
...
This is needed to ensure that the base of the RHS of an ImportEqualsDeclaration is bound to a namespace. That is, B below should be bound to a namespace:
import A = B.C.D;
2022-05-24 14:30:36 +02:00
Asger F
665fa2af59
JS: Add test for export base scope
2022-05-24 14:30:36 +02:00
Asger F
c8bb0e2117
JS: Treat d.ts as a single extension in Folder.getJavaScriptFile
2022-05-24 14:30:36 +02:00
Asger F
987a830029
JS: Add test for import of d.ts file
2022-05-24 14:30:36 +02:00
Asger F
a955bd3695
JS: Change note
2022-05-24 14:18:06 +02:00
Asger F
7d4a191a32
JS: Simplify
2022-05-24 14:18:06 +02:00
Asger F
db4b6d620a
JS: Remove Buffer.from as sink for js/resource-exhaustion
2022-05-24 14:18:05 +02:00
Erik Krogh Kristensen
82c6c22d50
make a model for hasOwnProperty calls and similar
2022-05-24 14:13:53 +02:00
Erik Krogh Kristensen
2a97dd9f6f
add support for Object.hasOwn(obj, key)
2022-05-24 13:59:25 +02:00
Erik Krogh Kristensen
1717d17fb3
add flow step for Array.prototype.at
2022-05-24 12:41:27 +02:00
github-actions[bot]
1fa2fd73f2
JS: Bump patch version of ML-powered library and query packs post-release
2022-05-24 10:40:45 +00:00
Erik Krogh Kristensen
fc25d14af7
add change note
2022-05-24 12:37:28 +02:00
github-actions[bot]
53a25c8c42
JS: Bump minor version of ML-powered library and query packs
2022-05-24 10:34:26 +00:00
github-actions[bot]
1287925676
JS: Bump patch version of ML-powered model pack post-release
2022-05-24 10:34:26 +00:00
github-actions[bot]
171fe98084
JS: Bump ML model pack dependency of ML-powered model building and query packs
2022-05-24 10:34:26 +00:00
github-actions[bot]
e519304268
JS: Bump minor version of ML-powered model pack
2022-05-24 10:33:45 +00:00
