github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
12 906 коммитов 1 532 Ветки 130 Теги 474 MiB
Граф коммитов

3634 Коммитов

Автор SHA1 Сообщение Дата
Asger F 4c9ef8c570 Update javascript/ql/src/semmle/javascript/explore/CallGraph.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-04-21 10:51:41 +01:00
Asger Feldthaus 759e1dfe45 JS: Add helper library for call graph exploration 2020-04-21 10:51:40 +01:00
semmle-qlci 53abf83229
Merge pull request #3304 from asger-semmle/js/typescript-unary-type-expr 
Approved by erik-krogh
 2020-04-21 10:38:59 +01:00
Asger Feldthaus 1703ffe6a1 JS: Cache some SourceNode getter methods differently 2020-04-21 10:33:07 +01:00
Asger Feldthaus 997b44928e JS: Autoformat 2020-04-21 10:14:28 +01:00
semmle-qlci 2ecef33c9d
Merge pull request #3299 from asger-semmle/js/flows-to-redundant-check 
Approved by esbena
 2020-04-21 10:00:34 +01:00
semmle-qlci 80c20cb66e
Merge pull request #3297 from asger-semmle/js/isambient-refactor 
Approved by esbena
 2020-04-21 09:36:14 +01:00
Asger Feldthaus 883846dfb6 JS: Fix extraction of negative number literal types 2020-04-20 16:17:15 +01:00
Asger Feldthaus 4fc79e38ec JS: Also fix typo in test case 2020-04-20 15:24:51 +01:00
Asger Feldthaus d4978905f8 JS: Use SendCallback/ReceiveCallback in getAck 2020-04-20 15:12:04 +01:00
Asger Feldthaus ca60e8264e JS: Autoformat 2020-04-20 14:42:41 +01:00
Erik Krogh Kristensen 9fc29ee0f8 update qhelp 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen 73b0aa4004 add more attributes potentially vulnerable to xss-through-dom 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen 12f4ce8111 merge two cases of jQuery method calls 2020-04-20 13:28:55 +02:00
Erik Krogh Kristensen 8b254f7b49 Merge remote-tracking branch 'upstream/master' into Maps 2020-04-20 13:00:39 +02:00
Asger Feldthaus bccc27f1e7 JS: Rephrase flowsTo to avoid redundant SourceNode::Range check 2020-04-20 10:57:52 +01:00
Erik Krogh Kristensen 2d3e42e6d6
update qhelp for xss-through-dom 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-20 11:50:46 +02:00
Erik Krogh Kristensen c713ba7bfe fix typo 2020-04-20 10:51:42 +02:00
Asger Feldthaus bb9fea5a27 JS: Refactor isAmbient computation 2020-04-19 22:45:19 +01:00
Erik Krogh Kristensen 2632699397 Merge branch 'master' of git.semmle.com:Semmle/ql into Mispelled 2020-04-18 17:58:57 +02:00
Erik Krogh Kristensen 4a93b91d59 make maybePromisified private 2020-04-17 11:47:03 +02:00
Erik Krogh Kristensen 4f32157a78
rename `func` to `callback` 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-17 11:36:48 +02:00
Erik Krogh Kristensen 427c32f211 report a local variable as the misspelling if there any many occourances of the global 2020-04-17 11:25:23 +02:00
Erik Krogh Kristensen 1b80f46f30 add QHelp for js/xss-through-dom query 2020-04-17 10:54:21 +02:00
Erik Krogh Kristensen 14b551f887 Xss through DOM 2020-04-17 10:54:14 +02:00
Erik Krogh Kristensen 55edfed1ee support jQuery().get() returning a DOM node 2020-04-17 10:32:53 +02:00
Erik Krogh Kristensen dd9aec056c handle basic dynamic method dispatch for jQuery methods 2020-04-17 10:32:52 +02:00
Erik Krogh Kristensen eca98b42d2 basic support for util.promisify for NodeJSFileSystemAccess 2020-04-17 09:54:37 +02:00
Erik Krogh Kristensen ea0f6a367d refactor into maybePromisified predicate 2020-04-17 09:50:08 +02:00
Erik Krogh Kristensen 69a16af152 Merge branch 'master' into Maps 2020-04-15 20:41:22 +02:00
Erik Krogh Kristensen fd51142200 change succ in storeStep to be a `SourceNode` 2020-04-15 20:40:58 +02:00
Erik Krogh Kristensen e8dc77d508 add support for util.promisify with child_process calls 2020-04-15 19:16:30 +02:00
semmle-qlci bfd80b42a7
Merge pull request #3260 from asger-semmle/js/location-tweaks 
Approved by erik-krogh
 2020-04-15 10:47:35 +01:00
Asger F 34d40b5035
Merge pull request #3237 from asger-semmle/js/sparse-capture 
JS: Add CapturedVariableNode to avoid N^2 edges
 2020-04-15 10:42:48 +01:00
Asger Feldthaus 679259944f JS: Address review comments 2020-04-15 10:27:32 +01:00
Chris Gavin 4e981d8e70
Merge rc/1.24 into master. 2020-04-14 21:30:29 +01:00
Asger Feldthaus 1107e7c6a6 JS: Rename other uses of getURL 2020-04-14 19:45:09 +01:00
Asger Feldthaus 6668a7a546 JS: Add backwards-compatible predicates to SocketIO 2020-04-14 15:57:19 +01:00
Asger F c178eecd43
Update javascript/ql/src/semmle/javascript/Variables.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-14 14:40:21 +01:00
Felicity Chapman c570ebe5bd Merge branch 'rc/1.24' into update-references 2020-04-14 14:10:26 +01:00
Asger Feldthaus 3515a2b412 JS: Update test output 2020-04-14 10:31:31 +01:00
Asger Feldthaus 88667206fc JS: Remove default hasLocationInfo case 2020-04-14 10:03:10 +01:00
Asger Feldthaus 5da968e34c JS: Specialize ASTNode.getFile 2020-04-14 10:03:10 +01:00
Asger Feldthaus 244a304e1d JS: Implement getFile() directly instead of via locations 2020-04-14 10:03:10 +01:00
Asger Feldthaus dc084628cc JS: Avoid the special name getURL 2020-04-14 10:03:09 +01:00
Erik Krogh Kristensen 6827b84bdc change docstring to inline comment, and refer directly to array class 2020-04-14 10:32:16 +02:00
Erik Krogh Kristensen e47575ce5b more precise getChild for matching "../" 2020-04-14 10:24:08 +02:00
Pavel Avgustinov 6737e99d65
Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
Asger Feldthaus c070416fbe JS: Update test output 2020-04-09 12:24:11 +01:00
Asger Feldthaus 25d5cc78cb JS: Use entry location instead of whole container 2020-04-09 09:18:26 +01:00
Asger Feldthaus d9f81b082b JS: Autoformat 2020-04-09 07:45:00 +01:00
Asger Feldthaus 47934310ef JS: Hide captured nodes in path explanations 2020-04-08 19:58:36 +01:00
semmle-qlci 404f7225a1
Merge pull request #3196 from asger-semmle/js/unnecessary-source-node-range 
Approved by esbena
 2020-04-08 18:44:02 +01:00
Asger Feldthaus 5ab595da2e JS: Autoformat 2020-04-08 12:40:00 +01:00
Felicity Chapman dacbc1376c Update some out of date information 2020-04-08 10:36:04 +01:00
Asger Feldthaus 4ca3ac5ee9 JS: Add another warning 2020-04-08 10:30:45 +01:00
Asger F 4acb9da2cf
Update javascript/ql/src/semmle/javascript/frameworks/LazyCache.qll 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-08 10:30:21 +01:00
Asger Feldthaus 171b131eb1 JS: Add test for SourceNode not depending on flowsTo 2020-04-08 10:23:47 +01:00
Asger Feldthaus 1f496d3c6b JS: Add CapturedVariableNode 2020-04-07 19:02:46 +01:00
Henning Makholm d1ff3211ef Add extractor fields to test qlpack.yml files. 2020-04-06 19:21:41 +02:00
Henning Makholm bf579dedd4 Add extractor field in base language QL packs 2020-04-06 18:48:01 +02:00
Asger Feldthaus 7da0345c6a JS: Autoformat 2020-04-06 12:30:04 +01:00
Asger Feldthaus 2c6beadf68 JS: Recognize more forms of scheme checks 2020-04-06 12:30:03 +01:00
Robert 1096e5d947
Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
semmle-qlci a8098a2b2d
Merge pull request #3197 from erik-krogh/NormalPathSanitizer 
Approved by asgerf
 2020-04-03 16:33:18 +01:00
Erik Krogh Kristensen 9c2053168b writing out the truth table for DotDotSlashPrefixRemovingReplace 2020-04-03 15:46:47 +02:00
semmle-qlci 676da02118
Merge pull request #3192 from asger-semmle/js/missing-await-not-delete 
Approved by esbena
 2020-04-03 13:21:48 +01:00
Erik Krogh Kristensen 94751c1b31 dst can be relative for "../" replace call 2020-04-03 11:08:31 +02:00
semmle-qlci dc774e0eac
Merge pull request #3166 from erik-krogh/DeadLocal 
Approved by asgerf
 2020-04-03 09:36:20 +01:00
Erik Krogh Kristensen e46cde17a1 add a "../" removing taint-step for js/path-injection 2020-04-03 09:42:05 +02:00
Asger Feldthaus ffbbdd7779 JS: Autoformat 2020-04-02 23:04:24 +01:00
Asger Feldthaus 93971e9433 JS: Make local flow not depend on SourceNode 2020-04-02 23:03:29 +01:00
Asger Feldthaus 346867f425 JS: Remove Import->SourceNode dependency from AMD 2020-04-02 23:03:29 +01:00
Asger Feldthaus 3804d3fcfd JS: Remove Import->SourceNode dependency from lazy cache 2020-04-02 23:03:20 +01:00
Erik Krogh Kristensen 845020d2ae change getReceiver to getAMethodCall 2020-04-02 20:28:27 +02:00
Erik Krogh Kristensen 2c0bae4937
Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-02 20:28:04 +02:00
Asger Feldthaus 8f930fc3e6 JS: Remove recursive SourceNode from AngularJS 2020-04-02 12:25:33 +01:00
Asger Feldthaus ee106b1103 JS: Remove tautological SourceNode::Range subclasses 2020-04-02 12:21:17 +01:00
Asger Feldthaus 3a9d047cf5 JS: Ignore delete expressions in js/missing-await 2020-04-02 11:35:09 +01:00
Asger Feldthaus ccce0205b4 JS: Add test 2020-04-02 11:34:07 +01:00
Erik Krogh Kristensen 75b183bc33 update expected output 2020-04-01 20:46:49 +02:00
Erik Krogh Kristensen 32b86ab91a autoformat 2020-04-01 20:44:47 +02:00
Erik Krogh Kristensen 957b60f84b split fuzzy read/writes on collections into 2 pseudo-properties 2020-04-01 14:25:41 +02:00
Erik Krogh Kristensen b1bf7f9f3d introduce pseudoProperty helper predicates 2020-04-01 14:08:56 +02:00
Asger Feldthaus 541ff40d24 JS: Bump extractor version string 2020-04-01 12:26:30 +01:00
Asger Feldthaus b5e110e39e JS: Fix value of numeric literals containing underscores 2020-04-01 12:24:42 +01:00
Asger Feldthaus 9888f15a29 JS: Add test showing root cause of problem 2020-04-01 12:21:27 +01:00
Asger Feldthaus 2d864aaf1b JS: Add failing test 2020-04-01 12:21:25 +01:00
Erik Krogh Kristensen 59840149e8 introduce a PseudoProperty type in Collections.qll 2020-04-01 12:16:09 +02:00
Erik Krogh Kristensen b2b009cdd9 qldoc adjustment 2020-04-01 11:34:25 +02:00
Erik Krogh Kristensen 1be326a37b add a CopyStep type-tracking step, for loadStoreSteps that loads and stores the same property 2020-04-01 11:21:05 +02:00
Erik Krogh Kristensen 9fc8ed17cd remove unused import 2020-04-01 11:18:11 +02:00
Erik Krogh Kristensen a188c6f804 qldoc changes and renaming 2020-04-01 11:12:54 +02:00
Erik Krogh Kristensen 49a8a48a72 autoformat 2020-03-31 20:27:05 +02:00
Erik Krogh Kristensen cec2cd3b14 update expected output 2020-03-31 14:05:05 +02:00
Erik Krogh Kristensen 64c813612f autoformat 2020-03-31 13:56:01 +02:00
Erik Krogh Kristensen 8ae55fb1c4 add top level QLDoc to MapAndSet.qll 2020-03-31 13:55:34 +02:00
Erik Krogh Kristensen 45797dc729 autoformat 2020-03-31 13:53:00 +02:00
Erik Krogh Kristensen 3784b180d8 changes based on review 2020-03-31 12:07:55 +02:00
Erik Krogh Kristensen 546431c83d dataflow and typetracking steps for Maps and Sets 2020-03-31 11:21:34 +02:00
Erik Krogh Kristensen 25aea900b6 add more dataflow steps for Arrays 2020-03-31 11:21:25 +02:00
Erik Krogh Kristensen a02213e745 change LoadStoreStep such that it can store in different property 2020-03-31 11:20:57 +02:00
semmle-qlci 0feb7f87e4
Merge pull request #2761 from erik-krogh/UrlSearch 
Approved by asgerf
 2020-03-31 09:46:48 +01:00
semmle-qlci 5c920eb625
Merge pull request #3120 from asger-semmle/js/prefer-typescript-file 
Approved by esbena
 2020-03-31 09:32:14 +01:00
semmle-qlci 73dd4c8686
Merge pull request #3133 from asger-semmle/js/dictionary-taint-step-regression 
Approved by esbena
 2020-03-31 09:28:55 +01:00
Erik Krogh Kristensen 40fd1825e9 autoformat 2020-03-31 09:08:32 +02:00
Erik Krogh Kristensen 7938bc4ed0 improve alert message for js/useless-assignment-to-local 2020-03-30 20:19:50 +02:00
semmle-qlci fce04f0bd0
Merge pull request #3127 from erik-krogh/PromiseTrack 
Approved by asgerf
 2020-03-30 11:56:33 +01:00
Asger Feldthaus a317b87b81 JS: Fix perf issue in DictionaryTaintStep 2020-03-30 11:23:47 +01:00
Erik Krogh Kristensen f55005a0ec more precise warning message for implicit string/number conversions 2020-03-30 11:17:56 +02:00
Robert Brignull 90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Erik Krogh Kristensen 4864e77430 Merge branch 'master' of git.semmle.com:Semmle/ql into UrlSearch 2020-03-27 15:59:29 +01:00
Erik Krogh Kristensen 0ebbd80745 autoformat 2020-03-27 14:54:34 +01:00
semmle-qlci fad902fc9b
Merge pull request #3095 from erik-krogh/MorePerf 
Approved by asgerf
 2020-03-27 12:51:37 +00:00
semmle-qlci 9b3400337b
Merge pull request #3130 from erik-krogh/PreciseSteps 
Approved by asgerf
 2020-03-27 12:18:28 +00:00
semmle-qlci 1975a83cdd
Merge pull request #3116 from max-schaefer/js/postgres-type-tracking 
Approved by asgerf
 2020-03-27 09:23:52 +00:00
Erik Krogh Kristensen 58af63d8cc add test case for XSS on url suffix 2020-03-27 10:02:24 +01:00
Erik Krogh Kristensen d3e1a258fa autoformat 2020-03-27 09:34:56 +01:00
Erik Krogh Kristensen be11418c77 autoformat 2020-03-27 00:18:41 +01:00
Erik Krogh Kristensen 6b507c6933 add urlSuffix support to DomBasedXSS 2020-03-26 15:47:59 +01:00
Erik Krogh Kristensen a850616927 delete Xss.actual 2020-03-26 15:40:37 +01:00
Erik Krogh Kristensen e2d2c2341e autoformat and update expected output 2020-03-26 15:38:00 +01:00
Erik Krogh Kristensen baf50c832c more precise charpreds in taint steps 2020-03-26 15:30:43 +01:00
Asger Feldthaus 816968d102 JS: Rename test files to avoid clash 2020-03-26 11:59:57 +00:00
Erik Krogh Kristensen 1cefa12315 update expected output 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen 8f45c8fe83 use LoadStoreStep for type-tracking promises 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen 1a2983fe39 support small steps for promise tracking 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen 00181e059b add tests for type-tracking promises 2020-03-25 23:54:56 +01:00
Erik Krogh Kristensen 9a78d38df0 add a new LoadStoreStep as a StepSummary for TypeTracking 2020-03-25 23:54:56 +01:00
semmle-qlci e7fd97e72b
Merge pull request #3119 from erik-krogh/SockJS 
Approved by esbena
 2020-03-25 21:36:29 +00:00
Erik Krogh Kristensen 4b0bc6b2b3 autoformat 2020-03-25 19:47:41 +01:00
Asger Feldthaus ad1e0ec50b JS: Inline variable again 2020-03-25 14:01:33 +00:00
Asger Feldthaus 54021a1c30 JS: Update old entry point and add a test 2020-03-25 13:24:18 +00:00
Asger Feldthaus a78f1b864b JS: Fix trailing whitespace 2020-03-25 12:45:48 +00:00
Asger Feldthaus 6c9e35c22e JS: Skip .js files with a same-named .ts file next to it 2020-03-25 12:45:37 +00:00
semmle-qlci cf5b1f0cd5
Merge pull request #3019 from erik-krogh/ArrayStep 
Approved by asgerf
 2020-03-25 12:08:44 +00:00
Erik Krogh Kristensen abcdfe3c53 use LibraryName class for websocket library names 2020-03-25 13:06:21 +01:00
Erik Krogh Kristensen f2b9e2019c remove isRelevant from flowStep 2020-03-25 09:46:07 +01:00
Erik Krogh Kristensen 6f0e507242 outline predicate to fix join-ordering 2020-03-25 09:44:03 +01:00
Erik Krogh Kristensen 3000486b35 add more isRelevant calls 2020-03-25 09:42:24 +01:00
Erik Krogh Kristensen 1d8e103322 autoformat 2020-03-25 00:19:23 +01:00
Max Schaefer efbcec09ef JavaScript: Add type tracking to Postgres model. 2020-03-24 17:30:07 +00:00
Erik Krogh Kristensen 36981f385a Merge branch 'master' of git.semmle.com:Semmle/ql into MorePathSinks 2020-03-24 11:20:33 +01:00
semmle-qlci 4c9a6b73ee
Merge pull request #3107 from erik-krogh/FArgs 
Approved by esbena
 2020-03-24 08:32:56 +00:00
Erik Krogh Kristensen fa710c5864 Merge remote-tracking branch 'upstream/master' into UrlSearch 2020-03-24 00:23:15 +01:00
Erik Krogh Kristensen 5b4f091257 add test for remote flow sources in WebSockets 2020-03-23 23:58:20 +01:00
Erik Krogh Kristensen 6a1491d83d add SockJS to the existing WebSocket model 2020-03-23 23:56:11 +01:00
Erik Krogh Kristensen 9a18dc32c1 autoformat WebSocket tests 2020-03-23 23:49:26 +01:00
Erik Krogh Kristensen 7b7eddff1e remove previous SockJS implementation, and move example to WebSocket test 2020-03-23 23:45:05 +01:00
Asger F a1e032bee6
Merge pull request #3098 from kyprizel/master 
Experimental SockJS support
 2020-03-23 22:39:10 +00:00
kyprizel dec1b8b070
Update javascript/ql/src/experimental/SockJS/SockJS.qll 
Fix comments

Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-23 22:59:48 +03:00
kyprizel b90ff5e84d
Update javascript/ql/src/experimental/SockJS/SockJS.qll 
do not import specific libs

Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-23 22:59:23 +03:00
semmle-qlci e5590091a0
Merge pull request #3109 from max-schaefer/js/performance-fixes 
Approved by asgerf
 2020-03-23 16:08:07 +00:00
Max Schaefer 55e7b22cdf JavaScript: Autoformat. 2020-03-23 14:37:04 +00:00
kyprizel 49e5a22cab
Fixed code style for SockJS 
also fixed appCreation, thanks to Erik Krogh.
 2020-03-23 17:16:17 +03:00
Erik Krogh Kristensen 7bc7ffffd6 autoformat 2020-03-23 14:10:07 +01:00
Erik Krogh Kristensen f1e0d37273
Update javascript/ql/test/library-tests/frameworks/Concepts/file-access.js 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-03-23 14:02:22 +01:00
Max Schaefer b13e6141a2 JavaScript: Inline `promiseStep/4`. 2020-03-23 12:01:52 +00:00
Asger F 6c2842bd49
Merge pull request #2919 from asger-semmle/js/property-barriers 
JS: Make sanitizers no longer block taint inside an object
 2020-03-23 11:43:18 +00:00
Erik Krogh Kristensen 2c43d1d731 fix FP in superfluous-trailing-arguments related to Function.arguments 2020-03-23 10:40:35 +01:00
Eldar T. Zaitov ee0b65ad39 Added experimental SockJS support 2020-03-20 21:24:16 +03:00
Erik Krogh Kristensen f88cc2a977 inline promiseStep predicate 2020-03-20 09:07:52 +01:00
Erik Krogh Kristensen 90a324148d add extra sinks to js/tainted-path 2020-03-20 09:07:39 +01:00
semmle-qlci deb20fc37f
Merge pull request #3076 from esbena/js/even-more-mongoose-improvements 
Approved by erik-krogh
 2020-03-19 12:03:53 +00:00
Max Schaefer ee62706ad2 JavaScript: Split up a predicate to avoid bad join order. 2020-03-19 11:47:53 +00:00
Max Schaefer d91e6a4893 JavaScript: Avoid a few bad join orders. 2020-03-19 11:47:53 +00:00
Asger Feldthaus 4f42675b35 JS: Autformat 2020-03-19 09:36:27 +00:00
Asger Feldthaus 3ae33e3c1a JS: Update prototype pollution query 2020-03-18 23:59:25 +00:00
Asger Feldthaus b6ca4fbee3 JS: Add getDefaultSourceLabel() 2020-03-18 23:52:25 +00:00
Asger Feldthaus 7393844699 JS: Update some queries that used data as source 2020-03-18 11:55:13 +00:00
Asger Feldthaus 506ddaf3f4 JS: Add explanation for test failure 2020-03-18 11:55:13 +00:00
Asger Feldthaus 028022158d JS: Add variant of test that passes 2020-03-18 11:55:13 +00:00
Asger Feldthaus a7e337ab28 JS: Add some lines in test case 2020-03-18 11:55:13 +00:00
Asger Feldthaus 3e68072e38 JS: Accept test case change 2020-03-18 11:55:13 +00:00
Asger Feldthaus 18eea96cf8 JS: Autoformat 2020-03-18 11:55:13 +00:00
Asger Feldthaus a9901a44e8 JS: Update TaintBarriers/isBarrier test 2020-03-18 11:55:13 +00:00
Asger Feldthaus 0edb765958 JS: Split test case function in two 2020-03-18 11:55:13 +00:00
Asger Feldthaus 4e75fe3977 JS: Update some qldoc comments 2020-03-18 11:55:13 +00:00
Asger Feldthaus a195429471 JS: Add test with non-guard sanitizer 2020-03-18 11:55:12 +00:00
Asger Feldthaus 83606e7b60 JS: Dont use data label in taint-tracking configs 2020-03-18 11:55:12 +00:00
Asger Feldthaus 8da0584b12 JS: Add test 2020-03-18 11:55:12 +00:00
Esben Sparre Andreasen b1a722fcda JS: typo fix 2020-03-18 10:11:38 +01:00
Esben Sparre Andreasen 12d8177b4b
Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:12:05 +01:00
Esben Sparre Andreasen ce3b196b93
Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:57 +01:00
Esben Sparre Andreasen b9860d3444
Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:49 +01:00
Esben Sparre Andreasen d74c16f86c
Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:36 +01:00
semmle-qlci 8792d0d248
Merge pull request #3070 from erik-krogh/DataPerf 
Approved by asgerf
 2020-03-17 13:47:09 +00:00
semmle-qlci fa08258c14
Merge pull request #3036 from erik-krogh/CustomTrack 
Approved by asgerf
 2020-03-17 13:44:51 +00:00
semmle-qlci ea46873bfe
Merge pull request #3065 from erik-krogh/PathSinks 
Approved by esbena
 2020-03-17 13:00:00 +00:00
Erik Krogh Kristensen 1dfe9e9c2a changes based on review 2020-03-17 11:28:29 +01:00
Erik Krogh Kristensen 9a3176d3cc
Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-03-17 11:26:35 +01:00
Esben Sparre Andreasen 380f66cb19 JS: rename Mongoose::CommonInterfase -> Mongoose::InvokeNode 2020-03-17 11:25:05 +01:00
Erik Krogh Kristensen 095d4d711a change import to an absolute import to fix warning 2020-03-17 11:21:46 +01:00
Erik Krogh Kristensen d7b69fcfea autoformat 2020-03-17 09:52:08 +01:00
Esben Sparre Andreasen 7dc80664e6
Merge pull request #3045 from Semmle/esbena-patch-2 
JS: loosen qldoc for `barrierGuardIsRelevant`
 2020-03-16 22:28:22 +01:00
Esben Sparre Andreasen b75486bb58 JS: refactor NoSQL::Mongoose. Introduce Mongoose::CommonInterface 2020-03-16 22:12:30 +01:00
Esben Sparre Andreasen 833d1b1ab0 JS: fixup mongoose test 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen 9d9926fdbf JS: model Mongoose Document for additional js/nosql-injection sinks 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen 55ab519fbe JS: add Mongoose Document tests 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen dc27a8f52c JS: model mongoose Model on createConnection.<model/models> 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen 730396df12 JS: add Mongoose createConnection tests 2020-03-16 22:11:22 +01:00
Erik Krogh Kristensen 7145a57db3 refactor StepSummary into an internal .qll 2020-03-16 17:52:04 +01:00
Erik Krogh Kristensen cd6fe8115d
Update javascript/ql/src/semmle/javascript/Promises.qll 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-03-16 16:27:50 +01:00
semmle-qlci eb7d8092a6
Merge pull request #3064 from asger-semmle/js/typescript-semantic-errors 
Approved by erik-krogh
 2020-03-16 11:57:55 +00:00
Erik Krogh Kristensen f2548aa3b1 add more models for file related sinks and sources 2020-03-16 11:07:23 +01:00
Erik Krogh Kristensen 557b642a8e add isRelevant check on flowStep predicate 2020-03-16 11:01:20 +01:00
semmle-qlci 1d4dd2b2f7
Merge pull request #3057 from esbena/js/infer-this-as-exports 
Approved by asgerf
 2020-03-15 12:55:12 +00:00
Asger Feldthaus b2f008ea9e JS: Dont report TypeScript diagnostics by default 2020-03-15 12:06:08 +00:00
semmle-qlci 7e093a8e5c
Merge pull request #3041 from erik-krogh/JQueryAjax 
Approved by esbena
 2020-03-14 22:31:59 +00:00
semmle-qlci ff03478ae8
Merge pull request #3049 from asger-semmle/js/fix-cyclic-join 
Approved by erik-krogh
 2020-03-14 16:19:25 +00:00
Erik Krogh Kristensen 486efbab77 refactor based on review 2020-03-14 14:53:38 +01:00
Erik Krogh Kristensen 4f39c28741 Merge branch 'master' of git.semmle.com:Semmle/ql into CustomTrack 2020-03-14 14:37:52 +01:00
semmle-qlci 20cae302fd
Merge pull request #3054 from erik-krogh/NoDeferred 
Approved by asgerf
 2020-03-14 13:36:16 +00:00
Esben Sparre Andreasen 4d6aa20990
Merge pull request #3004 from esbena/js/additional-mongodb-and-mongoose-injection-sinks 
JS: Mongoose and MongoDB improvements
 2020-03-14 12:31:43 +01:00
Esben Sparre Andreasen 2fac7434df JS: infer `this` to be `module.exports` in node modules 2020-03-13 14:10:35 +01:00
Esben Sparre Andreasen ae8d38236b JS: add some tests for `this` 2020-03-13 14:09:23 +01:00
semmle-qlci 25b9fcfafd
Merge pull request #3058 from asger-semmle/js/may-receive-argument-fix 
Approved by max-schaefer
 2020-03-13 11:49:49 +00:00
Asger Feldthaus 2bdf26a8f1 JS: Remove unneeded forwarding method 2020-03-12 15:48:47 +00:00
Asger Feldthaus 788c0f9037 JS: Refactor metadata class a bit 2020-03-12 15:45:22 +00:00
Erik Krogh Kristensen 799c3eb06c remove model of Deferred 2020-03-12 16:38:20 +01:00
Asger Feldthaus ddab13ab44 JS: Add a comment 2020-03-12 15:29:51 +00:00
Erik Krogh Kristensen 59d2d6d4fd autoformat 2020-03-12 14:48:16 +01:00
Asger Feldthaus 4391b70b5f JS: Fix perf issue in mayReceiveArgument 2020-03-12 13:45:34 +00:00
Erik Krogh Kristensen 172c5ccaca changes based on review 2020-03-12 11:04:33 +01:00
Erik Krogh Kristensen 91bc124f78 autoformat 2020-03-12 10:45:25 +01:00
semmle-qlci 4355f8d2b4
Merge pull request #3023 from erik-krogh/RedundantUpdate 
Approved by esbena
 2020-03-12 09:34:53 +00:00
Pavel Avgustinov ecded4c11c
Merge pull request #3048 from jbj/desemmlify 
Docs: Remove some Semmle references
 2020-03-12 09:27:36 +00:00
Asger Feldthaus 1a1b7d4ee0 JS: Switch to whitelisting allowed properties 2020-03-11 16:09:14 +00:00
Erik Krogh Kristensen d32d14f572 model `responseText` and `responseXml` on jqXHR objects 2020-03-11 17:00:44 +01:00
Erik Krogh Kristensen 26d8e33434 Autoformat 2020-03-11 16:42:48 +01:00
Jonas Jensen 86ad4d0357 Docs: Remove some Semmle references 
The only Semmle references now left in the public Markdown files are in
URLs and in legal text. There are also two Semmle references left in
`docs/language/vale-styles/README.md` because I didn't understand them
well enough to change them.
 2020-03-11 15:20:15 +01:00
Erik Krogh Kristensen e88dac3dea remove FP for js/redundant-operation 2020-03-11 14:42:32 +01:00
Asger Feldthaus 6645df93ad JS: Blacklist another cyclic property 2020-03-11 13:09:37 +00:00
semmle-qlci 1d5fba85f9
Merge pull request #3034 from esbena/js/sharpen-useless-regexp-character-escape 
Approved by asgerf
 2020-03-11 12:29:45 +00:00
Erik Krogh Kristensen cb5ef7dbed add basic support for jqXHR with ajax calls 2020-03-11 13:05:41 +01:00
Erik Krogh Kristensen b987f2cf29 autoformat 2020-03-11 10:54:20 +01:00
Erik Krogh Kristensen 7f147221f5 refactor to include promise tracking as a core part of type tracking 2020-03-11 10:44:11 +01:00
Erik Krogh Kristensen fa26ce9f4b update expected output 2020-03-11 09:36:12 +01:00
Esben Sparre Andreasen 4dac835bb0
JS: loosen qldoc for `barrierGuardIsRelevant` 2020-03-11 07:54:38 +01:00
Erik Krogh Kristensen 13e855910e add more ClientRequest models for JQuery 2020-03-10 17:21:22 +01:00
semmle-qlci e3fed39f88
Merge pull request #3000 from asger-semmle/js/late-barrier-guards 
Approved by erik-krogh
 2020-03-10 15:38:35 +00:00
Erik Krogh Kristensen 62ae484545 autoformat and update expected output 2020-03-10 14:01:40 +01:00
semmle-qlci 570f095ae3
Merge pull request #2998 from asger-semmle/js/typescript-memory 
Approved by erik-krogh
 2020-03-10 12:24:52 +00:00
Esben Sparre Andreasen 5c8800a1c7 JS: make autoformatter happy 2020-03-10 13:11:31 +01:00
Erik Krogh Kristensen 066568ea60 add promise tracking to `Files.qll` 2020-03-10 12:36:42 +01:00
Erik Krogh Kristensen a24bc564a4 add extra tests for file-name with promises 2020-03-10 12:35:34 +01:00
Erik Krogh Kristensen 97f2760583 refactor `Files.qll` to use type-tracking (without tracking anything) 2020-03-10 12:34:20 +01:00
Erik Krogh Kristensen 6110f85748 refactor chrome-remote-interface to use type-tracking promise steps 2020-03-10 12:27:21 +01:00
Esben Sparre Andreasen 5b1b945c35 JS: distinguishes escapes in strings and regular expression literals 2020-03-10 12:26:20 +01:00
Erik Krogh Kristensen 3ddfd7ba73 add extra promise test for `chrome-remote-interface` 2020-03-10 12:24:16 +01:00
Erik Krogh Kristensen 69d8cf643d add type tracking predicates for promises 2020-03-10 12:23:23 +01:00
Esben Sparre Andreasen 3bfda6cd38 JS: refactoring: make separate modules for mongoose Model and Query 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen 480be06d86 JS: replace Model class with opaque type tracking predicate 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen dbeb216af0 JS: make use of TypeScript types for mongoose Model and Query 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen 0c46e4d1af JS: fixup typetracking usage: t2 -> t2.continue() 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen aae92ad795 JS: add test for DatabaseAccess 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen 6b9bd8bd97 JS: adjust tests slightly to also support DatabaseAccess testing 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen 7a2faa0b6b JS: add additional mongoose and mongodb js/nosql-injection sinks 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen b6c616efd3 JS: support optional options argument to MongoClient.connect 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen f24f03e1f8 JS: add mongodb .connect tests 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen 21e6e69f22 JS: support mongodb v3 (minimally) 
https://github.com/github/codeql-javascript-team/issues/79
 2020-03-10 09:57:45 +01:00
Erik Krogh Kristensen ad52d6446e add test case for tuple-like use 2020-03-09 19:47:05 +01:00
Erik Krogh Kristensen 981eef2587 expose arrayFunctionTaintStep in TaintTracking.qll 2020-03-09 17:22:29 +01:00
Erik Krogh Kristensen 509941649c remove redundant qldoc, and change parameter names to better reflect behavior 2020-03-09 17:20:12 +01:00
Erik Krogh Kristensen a476fc5c3b revert Array.from change 2020-03-09 17:09:31 +01:00
Erik Krogh Kristensen 68ffd52d4c update expected output 2020-03-09 16:45:10 +01:00
Erik Krogh Kristensen b4b05696e1 two bugfixes 2020-03-09 16:45:03 +01:00
Max Schaefer 3c785ecaa7 JavaScript: Move flow summaries to `experimental`. 
Also update description and change note to call out their experimental character more clearly.
 2020-03-09 12:57:20 +00:00
Asger Feldthaus 6c1f98a5ae JS: Update vague variable name 2020-03-09 11:58:38 +00:00
Erik Krogh Kristensen 0f0187d585 move `Array.from` to ArrayCreationNode 2020-03-09 10:26:21 +01:00
Erik Krogh Kristensen dc4e361d75 add data-flow steps for arrays 2020-03-09 09:53:08 +01:00
Erik Krogh Kristensen 8e3cf5c9c8 add test for data-flow on arrays 2020-03-09 09:25:17 +01:00
Erik Krogh Kristensen 14740d4ccc move existing array taint stracking into Arrays.qll 2020-03-09 09:20:45 +01:00
Asger Feldthaus a1d479e975 JS: Declassify sensitive exprs with special characters 2020-03-07 15:15:13 +00:00
Asger Feldthaus 759631ae56 JS: Raise default memory limit to 2.4G 2020-03-07 15:13:53 +00:00
Asger Feldthaus c55dcf88d5 JS: Improve error reporting 2020-03-07 15:13:52 +00:00
Asger Feldthaus 549d4e9b57 JS: Do not restart in the middle of a message 2020-03-07 15:13:52 +00:00
Asger Feldthaus e1657b237b JS: Extract compiler-restarting into a function 2020-03-07 15:13:52 +00:00
Asger Feldthaus 2ef21ea4b8 JS: Only evaluate relevant barrier guards 2020-03-07 15:13:20 +00:00
Asger Feldthaus fd1a14d3bd JS: Add qldoc to a private predicate 2020-03-07 15:13:20 +00:00
Asger Feldthaus eed4204e04 JS: Lift some internal members to private top-level 2020-03-07 15:13:20 +00:00
semmle-qlci 7891f8621e
Merge pull request #2982 from esbena/js/request-model-with-chaining 
Approved by asgerf
 2020-03-06 08:57:42 +00:00
Asger Feldthaus 2c8eae22d1 JS: Autoformat 2020-03-05 16:58:49 +00:00
semmle-qlci 0d76c71ed7
Merge pull request #2981 from asger-semmle/js/lower-syntax-error-severity 
Approved by max-schaefer
 2020-03-05 09:47:56 +00:00
semmle-qlci 98cee5cc1d
Merge pull request #2967 from asger-semmle/js/flow-through-prop 
Approved by esbena
 2020-03-05 09:46:35 +00:00
semmle-qlci 85ee5fc988
Merge pull request #2955 from erik-krogh/BetterHeader 
Approved by asgerf
 2020-03-05 08:24:43 +00:00
semmle-qlci 98034aaa53
Merge pull request #2988 from asger-semmle/js/autoformat-again-again 
Approved by esbena
 2020-03-04 21:20:52 +00:00
semmle-qlci c6e3d8df49
Merge pull request #2969 from esbena/js/process-as-event-emitter 
Approved by erik-krogh
 2020-03-04 20:24:12 +00:00
Asger Feldthaus 53569453ba JS: Autoformat again 2020-03-04 19:28:24 +00:00
semmle-qlci c5d39039bc
Merge pull request #2962 from erik-krogh/YetAnotherSanitizer 
Approved by asgerf
 2020-03-04 15:27:09 +00:00
Asger Feldthaus c2f7cdce25 JS: Change precision to very-high 2020-03-04 15:06:10 +00:00
Esben Sparre Andreasen db335ae89b JS: add default/chaining for `request` 2020-03-04 12:36:49 +01:00
Esben Sparre Andreasen 92b3e8c060 JS: add default/chaining tests for `request` 2020-03-04 12:25:23 +01:00
Asger Feldthaus af0df6c369 JS: Lower severity of js/syntax-error 2020-03-04 11:16:59 +00:00
Esben Sparre Andreasen ae43e90a67 JS: model `process` as an EventEmitter 2020-03-04 09:49:16 +01:00
Esben Sparre Andreasen 4625217a68 Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules 2020-03-03 15:07:51 +01:00
Esben Sparre Andreasen dfa07130b5 JS: add `process` EventEmitter test 2020-03-03 14:26:03 +01:00
Erik Krogh Kristensen f03c67266a add taint step for replace call that only removes dots 2020-03-03 12:58:06 +01:00
Erik Krogh Kristensen 95819c8731 use RegExpTerm to generalize predicate 2020-03-03 12:34:18 +01:00
Asger Feldthaus a2042094cf JS: Restrict reachableFromStoreBase 2020-03-03 11:32:23 +00:00
Asger Feldthaus 98524556c3 JS: Add some tests 2020-03-03 11:32:23 +00:00
Erik Krogh Kristensen 622a2fcfdc use regexp term instead of char class 2020-03-03 12:24:13 +01:00
semmle-qlci 57b3e6addf
Merge pull request #2958 from erik-krogh/InnerPrefix 
Approved by asgerf
 2020-03-03 11:10:44 +00:00
Erik Krogh Kristensen bc13204193 refactor header checks to be based on dominance 2020-03-03 12:04:31 +01:00
semmle-qlci 7f3f629d39
Merge pull request #2913 from asger-semmle/js/prototype-pollution-path 
Approved by erik-krogh
 2020-03-03 10:29:47 +00:00
semmle-qlci b3cbf8baa8
Merge pull request #2960 from erik-krogh/OverloadsWithThis 
Approved by asgerf
 2020-03-03 10:10:00 +00:00
Esben Sparre Andreasen adddebf039 Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules 2020-03-03 10:55:16 +01:00
semmle-qlci e1c5449885
Merge pull request #2867 from erik-krogh/UselessCat 
Approved by esbena
 2020-03-03 09:10:25 +00:00
Erik Krogh Kristensen 9016f43d80 update expected output 2020-03-03 10:04:57 +01:00
Erik Krogh Kristensen 1781179e25 doc fixes 2020-03-03 09:50:02 +01:00
Erik Krogh Kristensen c4ebd66b34 fix capitalization of predicate 2020-03-03 09:29:04 +01:00
Erik Krogh Kristensen d2d5af42bf add IndirectInclusionTest and IndirectEndsWith 2020-03-02 21:42:08 +01:00
Erik Krogh Kristensen 97c16929ca implement getPolarity and forward to inner StartsWith 2020-03-02 21:38:22 +01:00
Erik Krogh Kristensen 53d1cd33f6 support sanitizers that remove all forward slashes 2020-03-02 21:34:40 +01:00
Erik Krogh Kristensen 68fb8c52e9 check the type of the this-type, instead of the AST-node 2020-03-02 16:35:16 +01:00
Erik Krogh Kristensen e0fcc4af6a handle this parameters when finding unreachable overloads 2020-03-02 16:26:00 +01:00
Erik Krogh Kristensen 019266e537 change name of Useless cat 2020-03-02 13:06:08 +01:00
Erik Krogh Kristensen 26fd17bf39 recognize utility functions implementing a StartsWith check 2020-03-02 13:00:58 +01:00
Erik Krogh Kristensen 391b6a833c add link to The Useless Use of Cat Award 2020-03-02 12:28:51 +01:00
Asger Feldthaus e405a9769c JS: Really autoformat everything 2020-03-02 10:48:33 +00:00
Erik Krogh Kristensen c14a485ca7 recognize more HttpResponseSink by restricting the `hasNonHtmlHeader` check 2020-03-02 10:10:34 +01:00
Erik Krogh Kristensen 71ff32e930 recognize another prefix check for js/path-injection 2020-02-28 14:55:41 +01:00
Esben Sparre Andreasen a589061bee JS: add type-tracking to the fs-module and model the `original-fs` 2020-02-28 12:54:59 +01:00
Esben Sparre Andreasen 5a3a1c480d JS: add tests for the fs-module and friends 2020-02-28 12:21:10 +01:00
Erik Krogh Kristensen 5e0ae7b4d0 add end </p> tag 2020-02-28 10:23:03 +01:00
Erik Krogh Kristensen ce9cd53bf1 Merge remote-tracking branch 'upstream/master' into UselessCat 2020-02-28 09:56:23 +01:00
Erik Krogh Kristensen d8a96dd771 change name to suggestion from previous code review 2020-02-28 09:55:15 +01:00
Erik Krogh Kristensen 922779e049 remove double a/an and adjust line lenghts 2020-02-28 09:48:07 +01:00
Erik Krogh Kristensen 17f1974e05
Apply suggestions from code review 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-02-28 09:43:32 +01:00
semmle-qlci ec90627a64
Merge pull request #2909 from yo-h/experimental 
Approved by aschackmull, jbj, max-schaefer, tausbn
 2020-02-28 03:15:58 +00:00
Asger Feldthaus 52ebe49a0b JS: Flag deep assignments in prototype pollution query 2020-02-27 12:17:55 +00:00
Erik Krogh Kristensen a872d7c5c5 add comment about negative optionsArg 2020-02-27 12:42:22 +01:00
Erik Krogh Kristensen bb911bbbf1
Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-27 12:38:06 +01:00
Asger Feldthaus fefcf1a7a6 JS: Autoformat everything 2020-02-27 09:41:01 +00:00
Erik Krogh Kristensen 9c06c48dc7
Merge pull request #2884 from esbena/js/practically-exploitable-redos 
JS: add query js/exploitable-polynomial-redos
 2020-02-27 10:19:17 +01:00
Esben Sparre Andreasen 1b73cee692 JS: add js/exploitable-polynomial-redos 2020-02-27 08:42:43 +01:00
Erik Krogh Kristensen dc6bfad023 Merge remote-tracking branch 'upstream/master' into CVE481 2020-02-25 16:25:03 +01:00
semmle-qlci 03b882381a
Merge pull request #2723 from esbena/js/support-path-is-inside 
Approved by asgerf
 2020-02-25 11:21:24 +00:00
Erik Krogh Kristensen c83c27cbc4 add extra sanity-check that the output looks good 2020-02-25 11:11:58 +01:00
Erik Krogh Kristensen 8d26f32199 arg -> param 2020-02-25 10:53:07 +01:00
Erik Krogh Kristensen 87d283aa6c add tests for third party command execution libraries (and two small fixes) 2020-02-25 10:50:59 +01:00
Erik Krogh Kristensen d540caecdd
Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-25 10:04:51 +01:00
Asger F 160fc48803
Merge pull request #2896 from asger-semmle/typescript-3.8 
TS: Support Typescript 3.8
 2020-02-25 08:19:01 +00:00
Esben Sparre Andreasen 5baba62154 JS: model `path-is-inside`+`is-path-inside` for `js/path-injection` 2020-02-24 23:10:15 +01:00
Esben Sparre Andreasen 86b836cd29 JS: add tests for js/path-injection 2020-02-24 23:03:42 +01:00
semmle-qlci aadb148c1c
Merge pull request #2855 from asger-semmle/js/returned-partial-call 
Approved by esbena
 2020-02-24 21:37:41 +00:00
yo-h 43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00
Erik Krogh Kristensen afd6ea2628 small correction in doc + autoformat 2020-02-24 17:54:29 +01:00
Erik Krogh Kristensen b20e8520f6 add default message if not pretty printed call can be created 2020-02-24 14:52:08 +01:00
semmle-qlci 317356e591
Merge pull request #2898 from asger-semmle/js/prototype-pollution-isobject-sanitizers 
Approved by erik-krogh
 2020-02-24 13:35:32 +00:00