Commit Graph

41418 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
b2ca3d2bdc JS: improve PoI::alertQuery docstring 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
a386d2dcee JS: add missing expected output 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
607d46e2f9 JS: improve PoI tests 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
c407cc072e JS: autoformat 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
e4ea089a0b JS: add experimental PoI module 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
ec73c97422 JS: refactor ClassifyFiles.qll from ClassifyFiles.ql 2020-04-22 14:24:34 +02:00
Erik Krogh Kristensen
ac26741816 reuse existing SanitizerGuard from UnsafeJQueryPlugin 2020-04-22 14:16:15 +02:00
Dave Bartolomeo
66381e89ef C++: Add comment from PR feedback 2020-04-22 08:11:43 -04:00
Erik Krogh Kristensen
0a29d132d0 reuse existing logic in DomBasedXss 2020-04-22 13:50:43 +02:00
Rasmus Wriedt Larsen
6b84137a92 Python: Model cgi.FieldStorage (parsing of submitted forms) 2020-04-22 11:37:47 +02:00
Rasmus Wriedt Larsen
1ecfa2eb55 Merge pull request #3278 from tausbn/python-fix-warnings
Python: Fix remaining deprecation warnings.
2020-04-22 11:33:16 +02:00
Rasmus Wriedt Larsen
6eb24011eb Python: Add docs to web/stdlib/Request.qll 2020-04-22 11:26:50 +02:00
Erik Krogh Kristensen
ac44cb425e Merge branch 'master' into js/call-graph-exploration 2020-04-22 10:49:26 +02:00
Robert Marsh
9e0d6e8aa0 C++: move taint step cases to TaintTrackingUtil 2020-04-22 01:38:00 -07:00
Taus Brock-Nannestad
2fad5e8e32 Python: Remove deprecated TaintFlow and additionalFlowStepVar. 2020-04-22 10:34:00 +02:00
Erik Krogh Kristensen
a5bbfa30d1 add change note 2020-04-22 10:23:07 +02:00
Erik Krogh Kristensen
7bfea946fd update links in xss-through-dom qhelp 2020-04-22 10:23:03 +02:00
Erik Krogh Kristensen
8811455d49 Merge remote-tracking branch 'upstream/master' into XssDom 2020-04-22 10:20:40 +02:00
Calum Grant
1b88c97688 Merge pull request #3199 from hvitved/csharp/vsvars-unset-platform
C#: Unset `Platform` env variable when invoking `vcvarsall.bat`
2020-04-22 09:18:20 +01:00
Geoffrey White
2e392516c2 Apply suggestions from code review
Co-Authored-By: Dave Bartolomeo <dbartol@github.com>
2020-04-22 09:09:16 +01:00
Erik Krogh Kristensen
76503d3536 user controlled -> user-controlled 2020-04-22 10:08:01 +02:00
Erik Krogh Kristensen
947e9828da Update javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
2020-04-22 10:07:50 +02:00
Rasmus Wriedt Larsen
26ed911bb2 Python: Add modeling of http.server.BaseHTTPRequestHandler 2020-04-22 09:52:10 +02:00
Rasmus Wriedt Larsen
30e2592701 Python: Propagate taint through parse_qs 2020-04-22 08:55:35 +02:00
Robert Marsh
52b1fb703d C++: use models in TaintTrackingUtil 2020-04-21 17:18:14 -07:00
Robert Marsh
11683fa9cb C++: add mapping between models and instructions 2020-04-21 17:10:45 -07:00
Taus
5af351eacd Merge pull request #3275 from RasmusWL/python-fix-points-to-deprecations
Python: Remove deprecated annotation for old PointsTo::points_to
2020-04-21 18:18:07 +02:00
semmle-qlci
9fae953969 Merge pull request #3262 from asger-semmle/js/api-deprecation-and-renaming
Approved by erik-krogh
2020-04-21 15:45:13 +01:00
Dave Bartolomeo
4b44afef90 C++: Accept syntax-zoo test output 2020-04-21 09:42:24 -04:00
Dave Bartolomeo
fee557001e C++: Update SignAnalysis test results 2020-04-21 09:34:44 -04:00
Mathias Vorreiter Pedersen
a49d22e6e4 C++: Fix join ordering 2020-04-21 13:25:06 +02:00
semmle-qlci
2fb711e460 Merge pull request #3169 from erik-krogh/Maps
Approved by asgerf, esbena
2020-04-21 12:12:06 +01:00
Erik Krogh Kristensen
59b94b3d1b revert back to having 2 separate cases in JQuery::MethodCall 2020-04-21 13:08:06 +02:00
Asger Feldthaus
18188b659c JS: Add 1.25 change note 2020-04-21 10:53:37 +01:00
Asger Feldthaus
c04ba91a90 JS: Autoformat 2020-04-21 10:51:42 +01:00
Asger Feldthaus
39920c1b08 JS: Add forwarding libraries in old locations 2020-04-21 10:51:42 +01:00
Asger Feldthaus
9e4709148b JS: Move Forward/Backward exploration to explore folder 2020-04-21 10:51:41 +01:00
Asger Feldthaus
647a3d3a60 JS: Add note and debugging and exploration 2020-04-21 10:51:41 +01:00
Asger Feldthaus
ffeda7f45a JS: Expand on doc a bit 2020-04-21 10:51:41 +01:00
Asger Feldthaus
066549f682 JS: Fix typo in qldoc 2020-04-21 10:51:41 +01:00
Asger F
291ebccfef Update javascript/ql/src/semmle/javascript/explore/CallGraph.qll
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-04-21 10:51:41 +01:00
Asger F
4c9ef8c570 Update javascript/ql/src/semmle/javascript/explore/CallGraph.qll
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-04-21 10:51:41 +01:00
Asger Feldthaus
759e1dfe45 JS: Add helper library for call graph exploration 2020-04-21 10:51:40 +01:00
Rasmus Wriedt Larsen
32a97266cf Python: Fix deprecation warnings in test output 2020-04-21 11:39:44 +02:00
semmle-qlci
53abf83229 Merge pull request #3304 from asger-semmle/js/typescript-unary-type-expr
Approved by erik-krogh
2020-04-21 10:38:59 +01:00
Asger Feldthaus
1703ffe6a1 JS: Cache some SourceNode getter methods differently 2020-04-21 10:33:07 +01:00
Asger Feldthaus
997b44928e JS: Autoformat 2020-04-21 10:14:28 +01:00
semmle-qlci
2ecef33c9d Merge pull request #3299 from asger-semmle/js/flows-to-redundant-check
Approved by esbena
2020-04-21 10:00:34 +01:00
semmle-qlci
80c20cb66e Merge pull request #3297 from asger-semmle/js/isambient-refactor
Approved by esbena
2020-04-21 09:36:14 +01:00
semmle-qlci
d75d520f35 Merge pull request #3232 from RasmusWL/python-more-deprecated-annotations
Approved by BekaValentine
2020-04-21 09:30:27 +01:00