github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
12 906 коммитов 1 541 ветка 130 Теги 480 MiB
Граф коммитов

3634 Коммитов

Автор SHA1 Сообщение Дата
Erik Krogh Kristensen 25aea900b6 add more dataflow steps for Arrays 2020-03-31 11:21:25 +02:00
Erik Krogh Kristensen a02213e745 change LoadStoreStep such that it can store in different property 2020-03-31 11:20:57 +02:00
semmle-qlci 0feb7f87e4
Merge pull request #2761 from erik-krogh/UrlSearch 
Approved by asgerf
 2020-03-31 09:46:48 +01:00
semmle-qlci 5c920eb625
Merge pull request #3120 from asger-semmle/js/prefer-typescript-file 
Approved by esbena
 2020-03-31 09:32:14 +01:00
semmle-qlci 73dd4c8686
Merge pull request #3133 from asger-semmle/js/dictionary-taint-step-regression 
Approved by esbena
 2020-03-31 09:28:55 +01:00
Erik Krogh Kristensen 40fd1825e9 autoformat 2020-03-31 09:08:32 +02:00
Erik Krogh Kristensen 7938bc4ed0 improve alert message for js/useless-assignment-to-local 2020-03-30 20:19:50 +02:00
semmle-qlci fce04f0bd0
Merge pull request #3127 from erik-krogh/PromiseTrack 
Approved by asgerf
 2020-03-30 11:56:33 +01:00
Asger Feldthaus a317b87b81 JS: Fix perf issue in DictionaryTaintStep 2020-03-30 11:23:47 +01:00
Erik Krogh Kristensen f55005a0ec more precise warning message for implicit string/number conversions 2020-03-30 11:17:56 +02:00
Robert Brignull 90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Erik Krogh Kristensen 4864e77430 Merge branch 'master' of git.semmle.com:Semmle/ql into UrlSearch 2020-03-27 15:59:29 +01:00
Erik Krogh Kristensen 0ebbd80745 autoformat 2020-03-27 14:54:34 +01:00
semmle-qlci fad902fc9b
Merge pull request #3095 from erik-krogh/MorePerf 
Approved by asgerf
 2020-03-27 12:51:37 +00:00
semmle-qlci 9b3400337b
Merge pull request #3130 from erik-krogh/PreciseSteps 
Approved by asgerf
 2020-03-27 12:18:28 +00:00
semmle-qlci 1975a83cdd
Merge pull request #3116 from max-schaefer/js/postgres-type-tracking 
Approved by asgerf
 2020-03-27 09:23:52 +00:00
Erik Krogh Kristensen 58af63d8cc add test case for XSS on url suffix 2020-03-27 10:02:24 +01:00
Erik Krogh Kristensen d3e1a258fa autoformat 2020-03-27 09:34:56 +01:00
Erik Krogh Kristensen be11418c77 autoformat 2020-03-27 00:18:41 +01:00
Erik Krogh Kristensen 6b507c6933 add urlSuffix support to DomBasedXSS 2020-03-26 15:47:59 +01:00
Erik Krogh Kristensen a850616927 delete Xss.actual 2020-03-26 15:40:37 +01:00
Erik Krogh Kristensen e2d2c2341e autoformat and update expected output 2020-03-26 15:38:00 +01:00
Erik Krogh Kristensen baf50c832c more precise charpreds in taint steps 2020-03-26 15:30:43 +01:00
Asger Feldthaus 816968d102 JS: Rename test files to avoid clash 2020-03-26 11:59:57 +00:00
Erik Krogh Kristensen 1cefa12315 update expected output 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen 8f45c8fe83 use LoadStoreStep for type-tracking promises 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen 1a2983fe39 support small steps for promise tracking 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen 00181e059b add tests for type-tracking promises 2020-03-25 23:54:56 +01:00
Erik Krogh Kristensen 9a78d38df0 add a new LoadStoreStep as a StepSummary for TypeTracking 2020-03-25 23:54:56 +01:00
semmle-qlci e7fd97e72b
Merge pull request #3119 from erik-krogh/SockJS 
Approved by esbena
 2020-03-25 21:36:29 +00:00
Erik Krogh Kristensen 4b0bc6b2b3 autoformat 2020-03-25 19:47:41 +01:00
Asger Feldthaus ad1e0ec50b JS: Inline variable again 2020-03-25 14:01:33 +00:00
Asger Feldthaus 54021a1c30 JS: Update old entry point and add a test 2020-03-25 13:24:18 +00:00
Asger Feldthaus a78f1b864b JS: Fix trailing whitespace 2020-03-25 12:45:48 +00:00
Asger Feldthaus 6c9e35c22e JS: Skip .js files with a same-named .ts file next to it 2020-03-25 12:45:37 +00:00
semmle-qlci cf5b1f0cd5
Merge pull request #3019 from erik-krogh/ArrayStep 
Approved by asgerf
 2020-03-25 12:08:44 +00:00
Erik Krogh Kristensen abcdfe3c53 use LibraryName class for websocket library names 2020-03-25 13:06:21 +01:00
Erik Krogh Kristensen f2b9e2019c remove isRelevant from flowStep 2020-03-25 09:46:07 +01:00
Erik Krogh Kristensen 6f0e507242 outline predicate to fix join-ordering 2020-03-25 09:44:03 +01:00
Erik Krogh Kristensen 3000486b35 add more isRelevant calls 2020-03-25 09:42:24 +01:00
Erik Krogh Kristensen 1d8e103322 autoformat 2020-03-25 00:19:23 +01:00
Max Schaefer efbcec09ef JavaScript: Add type tracking to Postgres model. 2020-03-24 17:30:07 +00:00
Erik Krogh Kristensen 36981f385a Merge branch 'master' of git.semmle.com:Semmle/ql into MorePathSinks 2020-03-24 11:20:33 +01:00
semmle-qlci 4c9a6b73ee
Merge pull request #3107 from erik-krogh/FArgs 
Approved by esbena
 2020-03-24 08:32:56 +00:00
Erik Krogh Kristensen fa710c5864 Merge remote-tracking branch 'upstream/master' into UrlSearch 2020-03-24 00:23:15 +01:00
Erik Krogh Kristensen 5b4f091257 add test for remote flow sources in WebSockets 2020-03-23 23:58:20 +01:00
Erik Krogh Kristensen 6a1491d83d add SockJS to the existing WebSocket model 2020-03-23 23:56:11 +01:00
Erik Krogh Kristensen 9a18dc32c1 autoformat WebSocket tests 2020-03-23 23:49:26 +01:00
Erik Krogh Kristensen 7b7eddff1e remove previous SockJS implementation, and move example to WebSocket test 2020-03-23 23:45:05 +01:00
Asger F a1e032bee6
Merge pull request #3098 from kyprizel/master 
Experimental SockJS support
 2020-03-23 22:39:10 +00:00
kyprizel dec1b8b070
Update javascript/ql/src/experimental/SockJS/SockJS.qll 
Fix comments

Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-23 22:59:48 +03:00
kyprizel b90ff5e84d
Update javascript/ql/src/experimental/SockJS/SockJS.qll 
do not import specific libs

Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-23 22:59:23 +03:00
semmle-qlci e5590091a0
Merge pull request #3109 from max-schaefer/js/performance-fixes 
Approved by asgerf
 2020-03-23 16:08:07 +00:00
Max Schaefer 55e7b22cdf JavaScript: Autoformat. 2020-03-23 14:37:04 +00:00
kyprizel 49e5a22cab
Fixed code style for SockJS 
also fixed appCreation, thanks to Erik Krogh.
 2020-03-23 17:16:17 +03:00
Erik Krogh Kristensen 7bc7ffffd6 autoformat 2020-03-23 14:10:07 +01:00
Erik Krogh Kristensen f1e0d37273
Update javascript/ql/test/library-tests/frameworks/Concepts/file-access.js 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-03-23 14:02:22 +01:00
Max Schaefer b13e6141a2 JavaScript: Inline `promiseStep/4`. 2020-03-23 12:01:52 +00:00
Asger F 6c2842bd49
Merge pull request #2919 from asger-semmle/js/property-barriers 
JS: Make sanitizers no longer block taint inside an object
 2020-03-23 11:43:18 +00:00
Erik Krogh Kristensen 2c43d1d731 fix FP in superfluous-trailing-arguments related to Function.arguments 2020-03-23 10:40:35 +01:00
Eldar T. Zaitov ee0b65ad39 Added experimental SockJS support 2020-03-20 21:24:16 +03:00
Erik Krogh Kristensen f88cc2a977 inline promiseStep predicate 2020-03-20 09:07:52 +01:00
Erik Krogh Kristensen 90a324148d add extra sinks to js/tainted-path 2020-03-20 09:07:39 +01:00
semmle-qlci deb20fc37f
Merge pull request #3076 from esbena/js/even-more-mongoose-improvements 
Approved by erik-krogh
 2020-03-19 12:03:53 +00:00
Max Schaefer ee62706ad2 JavaScript: Split up a predicate to avoid bad join order. 2020-03-19 11:47:53 +00:00
Max Schaefer d91e6a4893 JavaScript: Avoid a few bad join orders. 2020-03-19 11:47:53 +00:00
Asger Feldthaus 4f42675b35 JS: Autformat 2020-03-19 09:36:27 +00:00
Asger Feldthaus 3ae33e3c1a JS: Update prototype pollution query 2020-03-18 23:59:25 +00:00
Asger Feldthaus b6ca4fbee3 JS: Add getDefaultSourceLabel() 2020-03-18 23:52:25 +00:00
Asger Feldthaus 7393844699 JS: Update some queries that used data as source 2020-03-18 11:55:13 +00:00
Asger Feldthaus 506ddaf3f4 JS: Add explanation for test failure 2020-03-18 11:55:13 +00:00
Asger Feldthaus 028022158d JS: Add variant of test that passes 2020-03-18 11:55:13 +00:00
Asger Feldthaus a7e337ab28 JS: Add some lines in test case 2020-03-18 11:55:13 +00:00
Asger Feldthaus 3e68072e38 JS: Accept test case change 2020-03-18 11:55:13 +00:00
Asger Feldthaus 18eea96cf8 JS: Autoformat 2020-03-18 11:55:13 +00:00
Asger Feldthaus a9901a44e8 JS: Update TaintBarriers/isBarrier test 2020-03-18 11:55:13 +00:00
Asger Feldthaus 0edb765958 JS: Split test case function in two 2020-03-18 11:55:13 +00:00
Asger Feldthaus 4e75fe3977 JS: Update some qldoc comments 2020-03-18 11:55:13 +00:00
Asger Feldthaus a195429471 JS: Add test with non-guard sanitizer 2020-03-18 11:55:12 +00:00
Asger Feldthaus 83606e7b60 JS: Dont use data label in taint-tracking configs 2020-03-18 11:55:12 +00:00
Asger Feldthaus 8da0584b12 JS: Add test 2020-03-18 11:55:12 +00:00
Esben Sparre Andreasen b1a722fcda JS: typo fix 2020-03-18 10:11:38 +01:00
Esben Sparre Andreasen 12d8177b4b
Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:12:05 +01:00
Esben Sparre Andreasen ce3b196b93
Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:57 +01:00
Esben Sparre Andreasen b9860d3444
Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:49 +01:00
Esben Sparre Andreasen d74c16f86c
Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:36 +01:00
semmle-qlci 8792d0d248
Merge pull request #3070 from erik-krogh/DataPerf 
Approved by asgerf
 2020-03-17 13:47:09 +00:00
semmle-qlci fa08258c14
Merge pull request #3036 from erik-krogh/CustomTrack 
Approved by asgerf
 2020-03-17 13:44:51 +00:00
semmle-qlci ea46873bfe
Merge pull request #3065 from erik-krogh/PathSinks 
Approved by esbena
 2020-03-17 13:00:00 +00:00
Erik Krogh Kristensen 1dfe9e9c2a changes based on review 2020-03-17 11:28:29 +01:00
Erik Krogh Kristensen 9a3176d3cc
Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-03-17 11:26:35 +01:00
Esben Sparre Andreasen 380f66cb19 JS: rename Mongoose::CommonInterfase -> Mongoose::InvokeNode 2020-03-17 11:25:05 +01:00
Erik Krogh Kristensen 095d4d711a change import to an absolute import to fix warning 2020-03-17 11:21:46 +01:00
Erik Krogh Kristensen d7b69fcfea autoformat 2020-03-17 09:52:08 +01:00
Esben Sparre Andreasen 7dc80664e6
Merge pull request #3045 from Semmle/esbena-patch-2 
JS: loosen qldoc for `barrierGuardIsRelevant`
 2020-03-16 22:28:22 +01:00
Esben Sparre Andreasen b75486bb58 JS: refactor NoSQL::Mongoose. Introduce Mongoose::CommonInterface 2020-03-16 22:12:30 +01:00
Esben Sparre Andreasen 833d1b1ab0 JS: fixup mongoose test 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen 9d9926fdbf JS: model Mongoose Document for additional js/nosql-injection sinks 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen 55ab519fbe JS: add Mongoose Document tests 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen dc27a8f52c JS: model mongoose Model on createConnection.<model/models> 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen 730396df12 JS: add Mongoose createConnection tests 2020-03-16 22:11:22 +01:00
Erik Krogh Kristensen 7145a57db3 refactor StepSummary into an internal .qll 2020-03-16 17:52:04 +01:00
Erik Krogh Kristensen cd6fe8115d
Update javascript/ql/src/semmle/javascript/Promises.qll 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-03-16 16:27:50 +01:00
semmle-qlci eb7d8092a6
Merge pull request #3064 from asger-semmle/js/typescript-semantic-errors 
Approved by erik-krogh
 2020-03-16 11:57:55 +00:00
Erik Krogh Kristensen f2548aa3b1 add more models for file related sinks and sources 2020-03-16 11:07:23 +01:00
Erik Krogh Kristensen 557b642a8e add isRelevant check on flowStep predicate 2020-03-16 11:01:20 +01:00
semmle-qlci 1d4dd2b2f7
Merge pull request #3057 from esbena/js/infer-this-as-exports 
Approved by asgerf
 2020-03-15 12:55:12 +00:00
Asger Feldthaus b2f008ea9e JS: Dont report TypeScript diagnostics by default 2020-03-15 12:06:08 +00:00
semmle-qlci 7e093a8e5c
Merge pull request #3041 from erik-krogh/JQueryAjax 
Approved by esbena
 2020-03-14 22:31:59 +00:00
semmle-qlci ff03478ae8
Merge pull request #3049 from asger-semmle/js/fix-cyclic-join 
Approved by erik-krogh
 2020-03-14 16:19:25 +00:00
Erik Krogh Kristensen 486efbab77 refactor based on review 2020-03-14 14:53:38 +01:00
Erik Krogh Kristensen 4f39c28741 Merge branch 'master' of git.semmle.com:Semmle/ql into CustomTrack 2020-03-14 14:37:52 +01:00
semmle-qlci 20cae302fd
Merge pull request #3054 from erik-krogh/NoDeferred 
Approved by asgerf
 2020-03-14 13:36:16 +00:00
Esben Sparre Andreasen 4d6aa20990
Merge pull request #3004 from esbena/js/additional-mongodb-and-mongoose-injection-sinks 
JS: Mongoose and MongoDB improvements
 2020-03-14 12:31:43 +01:00
Esben Sparre Andreasen 2fac7434df JS: infer `this` to be `module.exports` in node modules 2020-03-13 14:10:35 +01:00
Esben Sparre Andreasen ae8d38236b JS: add some tests for `this` 2020-03-13 14:09:23 +01:00
semmle-qlci 25b9fcfafd
Merge pull request #3058 from asger-semmle/js/may-receive-argument-fix 
Approved by max-schaefer
 2020-03-13 11:49:49 +00:00
Asger Feldthaus 2bdf26a8f1 JS: Remove unneeded forwarding method 2020-03-12 15:48:47 +00:00
Asger Feldthaus 788c0f9037 JS: Refactor metadata class a bit 2020-03-12 15:45:22 +00:00
Erik Krogh Kristensen 799c3eb06c remove model of Deferred 2020-03-12 16:38:20 +01:00
Asger Feldthaus ddab13ab44 JS: Add a comment 2020-03-12 15:29:51 +00:00
Erik Krogh Kristensen 59d2d6d4fd autoformat 2020-03-12 14:48:16 +01:00
Asger Feldthaus 4391b70b5f JS: Fix perf issue in mayReceiveArgument 2020-03-12 13:45:34 +00:00
Erik Krogh Kristensen 172c5ccaca changes based on review 2020-03-12 11:04:33 +01:00
Erik Krogh Kristensen 91bc124f78 autoformat 2020-03-12 10:45:25 +01:00
semmle-qlci 4355f8d2b4
Merge pull request #3023 from erik-krogh/RedundantUpdate 
Approved by esbena
 2020-03-12 09:34:53 +00:00
Pavel Avgustinov ecded4c11c
Merge pull request #3048 from jbj/desemmlify 
Docs: Remove some Semmle references
 2020-03-12 09:27:36 +00:00
Asger Feldthaus 1a1b7d4ee0 JS: Switch to whitelisting allowed properties 2020-03-11 16:09:14 +00:00
Erik Krogh Kristensen d32d14f572 model `responseText` and `responseXml` on jqXHR objects 2020-03-11 17:00:44 +01:00
Erik Krogh Kristensen 26d8e33434 Autoformat 2020-03-11 16:42:48 +01:00
Jonas Jensen 86ad4d0357 Docs: Remove some Semmle references 
The only Semmle references now left in the public Markdown files are in
URLs and in legal text. There are also two Semmle references left in
`docs/language/vale-styles/README.md` because I didn't understand them
well enough to change them.
 2020-03-11 15:20:15 +01:00
Erik Krogh Kristensen e88dac3dea remove FP for js/redundant-operation 2020-03-11 14:42:32 +01:00
Asger Feldthaus 6645df93ad JS: Blacklist another cyclic property 2020-03-11 13:09:37 +00:00
semmle-qlci 1d5fba85f9
Merge pull request #3034 from esbena/js/sharpen-useless-regexp-character-escape 
Approved by asgerf
 2020-03-11 12:29:45 +00:00
Erik Krogh Kristensen cb5ef7dbed add basic support for jqXHR with ajax calls 2020-03-11 13:05:41 +01:00
Erik Krogh Kristensen b987f2cf29 autoformat 2020-03-11 10:54:20 +01:00
Erik Krogh Kristensen 7f147221f5 refactor to include promise tracking as a core part of type tracking 2020-03-11 10:44:11 +01:00
Erik Krogh Kristensen fa26ce9f4b update expected output 2020-03-11 09:36:12 +01:00
Esben Sparre Andreasen 4dac835bb0
JS: loosen qldoc for `barrierGuardIsRelevant` 2020-03-11 07:54:38 +01:00
Erik Krogh Kristensen 13e855910e add more ClientRequest models for JQuery 2020-03-10 17:21:22 +01:00
semmle-qlci e3fed39f88
Merge pull request #3000 from asger-semmle/js/late-barrier-guards 
Approved by erik-krogh
 2020-03-10 15:38:35 +00:00
Erik Krogh Kristensen 62ae484545 autoformat and update expected output 2020-03-10 14:01:40 +01:00
semmle-qlci 570f095ae3
Merge pull request #2998 from asger-semmle/js/typescript-memory 
Approved by erik-krogh
 2020-03-10 12:24:52 +00:00
Esben Sparre Andreasen 5c8800a1c7 JS: make autoformatter happy 2020-03-10 13:11:31 +01:00
Erik Krogh Kristensen 066568ea60 add promise tracking to `Files.qll` 2020-03-10 12:36:42 +01:00
Erik Krogh Kristensen a24bc564a4 add extra tests for file-name with promises 2020-03-10 12:35:34 +01:00
Erik Krogh Kristensen 97f2760583 refactor `Files.qll` to use type-tracking (without tracking anything) 2020-03-10 12:34:20 +01:00
Erik Krogh Kristensen 6110f85748 refactor chrome-remote-interface to use type-tracking promise steps 2020-03-10 12:27:21 +01:00
Esben Sparre Andreasen 5b1b945c35 JS: distinguishes escapes in strings and regular expression literals 2020-03-10 12:26:20 +01:00
Erik Krogh Kristensen 3ddfd7ba73 add extra promise test for `chrome-remote-interface` 2020-03-10 12:24:16 +01:00
Erik Krogh Kristensen 69d8cf643d add type tracking predicates for promises 2020-03-10 12:23:23 +01:00
Esben Sparre Andreasen 3bfda6cd38 JS: refactoring: make separate modules for mongoose Model and Query 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen 480be06d86 JS: replace Model class with opaque type tracking predicate 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen dbeb216af0 JS: make use of TypeScript types for mongoose Model and Query 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen 0c46e4d1af JS: fixup typetracking usage: t2 -> t2.continue() 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen aae92ad795 JS: add test for DatabaseAccess 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen 6b9bd8bd97 JS: adjust tests slightly to also support DatabaseAccess testing 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen 7a2faa0b6b JS: add additional mongoose and mongodb js/nosql-injection sinks 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen b6c616efd3 JS: support optional options argument to MongoClient.connect 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen f24f03e1f8 JS: add mongodb .connect tests 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen 21e6e69f22 JS: support mongodb v3 (minimally) 
https://github.com/github/codeql-javascript-team/issues/79
 2020-03-10 09:57:45 +01:00
Erik Krogh Kristensen ad52d6446e add test case for tuple-like use 2020-03-09 19:47:05 +01:00
Erik Krogh Kristensen 981eef2587 expose arrayFunctionTaintStep in TaintTracking.qll 2020-03-09 17:22:29 +01:00
Erik Krogh Kristensen 509941649c remove redundant qldoc, and change parameter names to better reflect behavior 2020-03-09 17:20:12 +01:00
Erik Krogh Kristensen a476fc5c3b revert Array.from change 2020-03-09 17:09:31 +01:00
Erik Krogh Kristensen 68ffd52d4c update expected output 2020-03-09 16:45:10 +01:00
Erik Krogh Kristensen b4b05696e1 two bugfixes 2020-03-09 16:45:03 +01:00
Max Schaefer 3c785ecaa7 JavaScript: Move flow summaries to `experimental`. 
Also update description and change note to call out their experimental character more clearly.
 2020-03-09 12:57:20 +00:00
Asger Feldthaus 6c1f98a5ae JS: Update vague variable name 2020-03-09 11:58:38 +00:00
Erik Krogh Kristensen 0f0187d585 move `Array.from` to ArrayCreationNode 2020-03-09 10:26:21 +01:00
Erik Krogh Kristensen dc4e361d75 add data-flow steps for arrays 2020-03-09 09:53:08 +01:00
Erik Krogh Kristensen 8e3cf5c9c8 add test for data-flow on arrays 2020-03-09 09:25:17 +01:00
Erik Krogh Kristensen 14740d4ccc move existing array taint stracking into Arrays.qll 2020-03-09 09:20:45 +01:00
Asger Feldthaus a1d479e975 JS: Declassify sensitive exprs with special characters 2020-03-07 15:15:13 +00:00
Asger Feldthaus 759631ae56 JS: Raise default memory limit to 2.4G 2020-03-07 15:13:53 +00:00
Asger Feldthaus c55dcf88d5 JS: Improve error reporting 2020-03-07 15:13:52 +00:00
Asger Feldthaus 549d4e9b57 JS: Do not restart in the middle of a message 2020-03-07 15:13:52 +00:00
Asger Feldthaus e1657b237b JS: Extract compiler-restarting into a function 2020-03-07 15:13:52 +00:00
Asger Feldthaus 2ef21ea4b8 JS: Only evaluate relevant barrier guards 2020-03-07 15:13:20 +00:00
Asger Feldthaus fd1a14d3bd JS: Add qldoc to a private predicate 2020-03-07 15:13:20 +00:00
Asger Feldthaus eed4204e04 JS: Lift some internal members to private top-level 2020-03-07 15:13:20 +00:00
semmle-qlci 7891f8621e
Merge pull request #2982 from esbena/js/request-model-with-chaining 
Approved by asgerf
 2020-03-06 08:57:42 +00:00
Asger Feldthaus 2c8eae22d1 JS: Autoformat 2020-03-05 16:58:49 +00:00
semmle-qlci 0d76c71ed7
Merge pull request #2981 from asger-semmle/js/lower-syntax-error-severity 
Approved by max-schaefer
 2020-03-05 09:47:56 +00:00
semmle-qlci 98cee5cc1d
Merge pull request #2967 from asger-semmle/js/flow-through-prop 
Approved by esbena
 2020-03-05 09:46:35 +00:00
semmle-qlci 85ee5fc988
Merge pull request #2955 from erik-krogh/BetterHeader 
Approved by asgerf
 2020-03-05 08:24:43 +00:00
semmle-qlci 98034aaa53
Merge pull request #2988 from asger-semmle/js/autoformat-again-again 
Approved by esbena
 2020-03-04 21:20:52 +00:00
semmle-qlci c6e3d8df49
Merge pull request #2969 from esbena/js/process-as-event-emitter 
Approved by erik-krogh
 2020-03-04 20:24:12 +00:00
Asger Feldthaus 53569453ba JS: Autoformat again 2020-03-04 19:28:24 +00:00
semmle-qlci c5d39039bc
Merge pull request #2962 from erik-krogh/YetAnotherSanitizer 
Approved by asgerf
 2020-03-04 15:27:09 +00:00
Asger Feldthaus c2f7cdce25 JS: Change precision to very-high 2020-03-04 15:06:10 +00:00
Esben Sparre Andreasen db335ae89b JS: add default/chaining for `request` 2020-03-04 12:36:49 +01:00
Esben Sparre Andreasen 92b3e8c060 JS: add default/chaining tests for `request` 2020-03-04 12:25:23 +01:00
Asger Feldthaus af0df6c369 JS: Lower severity of js/syntax-error 2020-03-04 11:16:59 +00:00
Esben Sparre Andreasen ae43e90a67 JS: model `process` as an EventEmitter 2020-03-04 09:49:16 +01:00
Esben Sparre Andreasen 4625217a68 Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules 2020-03-03 15:07:51 +01:00
Esben Sparre Andreasen dfa07130b5 JS: add `process` EventEmitter test 2020-03-03 14:26:03 +01:00
Erik Krogh Kristensen f03c67266a add taint step for replace call that only removes dots 2020-03-03 12:58:06 +01:00
Erik Krogh Kristensen 95819c8731 use RegExpTerm to generalize predicate 2020-03-03 12:34:18 +01:00
Asger Feldthaus a2042094cf JS: Restrict reachableFromStoreBase 2020-03-03 11:32:23 +00:00
Asger Feldthaus 98524556c3 JS: Add some tests 2020-03-03 11:32:23 +00:00
Erik Krogh Kristensen 622a2fcfdc use regexp term instead of char class 2020-03-03 12:24:13 +01:00
semmle-qlci 57b3e6addf
Merge pull request #2958 from erik-krogh/InnerPrefix 
Approved by asgerf
 2020-03-03 11:10:44 +00:00
Erik Krogh Kristensen bc13204193 refactor header checks to be based on dominance 2020-03-03 12:04:31 +01:00
semmle-qlci 7f3f629d39
Merge pull request #2913 from asger-semmle/js/prototype-pollution-path 
Approved by erik-krogh
 2020-03-03 10:29:47 +00:00
semmle-qlci b3cbf8baa8
Merge pull request #2960 from erik-krogh/OverloadsWithThis 
Approved by asgerf
 2020-03-03 10:10:00 +00:00
Esben Sparre Andreasen adddebf039 Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules 2020-03-03 10:55:16 +01:00
semmle-qlci e1c5449885
Merge pull request #2867 from erik-krogh/UselessCat 
Approved by esbena
 2020-03-03 09:10:25 +00:00
Erik Krogh Kristensen 9016f43d80 update expected output 2020-03-03 10:04:57 +01:00
Erik Krogh Kristensen 1781179e25 doc fixes 2020-03-03 09:50:02 +01:00
Erik Krogh Kristensen c4ebd66b34 fix capitalization of predicate 2020-03-03 09:29:04 +01:00
Erik Krogh Kristensen d2d5af42bf add IndirectInclusionTest and IndirectEndsWith 2020-03-02 21:42:08 +01:00
Erik Krogh Kristensen 97c16929ca implement getPolarity and forward to inner StartsWith 2020-03-02 21:38:22 +01:00
Erik Krogh Kristensen 53d1cd33f6 support sanitizers that remove all forward slashes 2020-03-02 21:34:40 +01:00
Erik Krogh Kristensen 68fb8c52e9 check the type of the this-type, instead of the AST-node 2020-03-02 16:35:16 +01:00
Erik Krogh Kristensen e0fcc4af6a handle this parameters when finding unreachable overloads 2020-03-02 16:26:00 +01:00
Erik Krogh Kristensen 019266e537 change name of Useless cat 2020-03-02 13:06:08 +01:00
Erik Krogh Kristensen 26fd17bf39 recognize utility functions implementing a StartsWith check 2020-03-02 13:00:58 +01:00
Erik Krogh Kristensen 391b6a833c add link to The Useless Use of Cat Award 2020-03-02 12:28:51 +01:00
Asger Feldthaus e405a9769c JS: Really autoformat everything 2020-03-02 10:48:33 +00:00
Erik Krogh Kristensen c14a485ca7 recognize more HttpResponseSink by restricting the `hasNonHtmlHeader` check 2020-03-02 10:10:34 +01:00
Erik Krogh Kristensen 71ff32e930 recognize another prefix check for js/path-injection 2020-02-28 14:55:41 +01:00
Esben Sparre Andreasen a589061bee JS: add type-tracking to the fs-module and model the `original-fs` 2020-02-28 12:54:59 +01:00
Esben Sparre Andreasen 5a3a1c480d JS: add tests for the fs-module and friends 2020-02-28 12:21:10 +01:00
Erik Krogh Kristensen 5e0ae7b4d0 add end </p> tag 2020-02-28 10:23:03 +01:00
Erik Krogh Kristensen ce9cd53bf1 Merge remote-tracking branch 'upstream/master' into UselessCat 2020-02-28 09:56:23 +01:00
Erik Krogh Kristensen d8a96dd771 change name to suggestion from previous code review 2020-02-28 09:55:15 +01:00
Erik Krogh Kristensen 922779e049 remove double a/an and adjust line lenghts 2020-02-28 09:48:07 +01:00
Erik Krogh Kristensen 17f1974e05
Apply suggestions from code review 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-02-28 09:43:32 +01:00
semmle-qlci ec90627a64
Merge pull request #2909 from yo-h/experimental 
Approved by aschackmull, jbj, max-schaefer, tausbn
 2020-02-28 03:15:58 +00:00
Asger Feldthaus 52ebe49a0b JS: Flag deep assignments in prototype pollution query 2020-02-27 12:17:55 +00:00
Erik Krogh Kristensen a872d7c5c5 add comment about negative optionsArg 2020-02-27 12:42:22 +01:00
Erik Krogh Kristensen bb911bbbf1
Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-27 12:38:06 +01:00
Asger Feldthaus fefcf1a7a6 JS: Autoformat everything 2020-02-27 09:41:01 +00:00
Erik Krogh Kristensen 9c06c48dc7
Merge pull request #2884 from esbena/js/practically-exploitable-redos 
JS: add query js/exploitable-polynomial-redos
 2020-02-27 10:19:17 +01:00
Esben Sparre Andreasen 1b73cee692 JS: add js/exploitable-polynomial-redos 2020-02-27 08:42:43 +01:00
Erik Krogh Kristensen dc6bfad023 Merge remote-tracking branch 'upstream/master' into CVE481 2020-02-25 16:25:03 +01:00
semmle-qlci 03b882381a
Merge pull request #2723 from esbena/js/support-path-is-inside 
Approved by asgerf
 2020-02-25 11:21:24 +00:00
Erik Krogh Kristensen c83c27cbc4 add extra sanity-check that the output looks good 2020-02-25 11:11:58 +01:00
Erik Krogh Kristensen 8d26f32199 arg -> param 2020-02-25 10:53:07 +01:00
Erik Krogh Kristensen 87d283aa6c add tests for third party command execution libraries (and two small fixes) 2020-02-25 10:50:59 +01:00
Erik Krogh Kristensen d540caecdd
Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-25 10:04:51 +01:00
Asger F 160fc48803
Merge pull request #2896 from asger-semmle/typescript-3.8 
TS: Support Typescript 3.8
 2020-02-25 08:19:01 +00:00
Esben Sparre Andreasen 5baba62154 JS: model `path-is-inside`+`is-path-inside` for `js/path-injection` 2020-02-24 23:10:15 +01:00
Esben Sparre Andreasen 86b836cd29 JS: add tests for js/path-injection 2020-02-24 23:03:42 +01:00
semmle-qlci aadb148c1c
Merge pull request #2855 from asger-semmle/js/returned-partial-call 
Approved by esbena
 2020-02-24 21:37:41 +00:00
yo-h 43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00
Erik Krogh Kristensen afd6ea2628 small correction in doc + autoformat 2020-02-24 17:54:29 +01:00
Erik Krogh Kristensen b20e8520f6 add default message if not pretty printed call can be created 2020-02-24 14:52:08 +01:00
semmle-qlci 317356e591
Merge pull request #2898 from asger-semmle/js/prototype-pollution-isobject-sanitizers 
Approved by erik-krogh
 2020-02-24 13:35:32 +00:00
Erik Krogh Kristensen a779ae58a8 add qhelp 2020-02-24 14:03:41 +01:00
Erik Krogh Kristensen fb94af9764 remove the last dependency on PrettyPrinting 2020-02-24 13:18:15 +01:00
Erik Krogh Kristensen 051de247b0 change regexpMatch to regexpFind 2020-02-24 13:11:30 +01:00
Erik Krogh Kristensen a768e937f0 complete qldoc 2020-02-24 13:08:50 +01:00
Erik Krogh Kristensen 473787a426 refactor the getOptionsArg predicate into the SystemCommandExecution class 2020-02-24 12:59:20 +01:00
Asger Feldthaus 01309d7c2e TS: Add test for named re-export and exportsAs 2020-02-24 11:40:28 +00:00
Asger Feldthaus 78954489fb TS: Fix expected output 2020-02-24 11:40:28 +00:00
Asger Feldthaus 4e1bd9056c TS: Fix javadoc 2020-02-24 11:40:28 +00:00
Asger Feldthaus 18974bad1c TS: Add upgrade script and stats 2020-02-24 11:40:27 +00:00
Asger Feldthaus 47673c6e21 TS: Disable export analysis for type-only exports 2020-02-24 11:40:27 +00:00
Asger Feldthaus 16c909b433 TS: Add test case for import type * as ns 2020-02-24 11:40:27 +00:00
Asger Feldthaus 260b243c28 TS: Add test case to DeclBeforeUse 2020-02-24 11:40:27 +00:00
Asger Feldthaus 8d58aad0f2 TS: Support type-only import/export 2020-02-24 11:40:27 +00:00
Asger Feldthaus 0351f0b775 TS: Add test and documentation for private fields 2020-02-24 11:40:27 +00:00
Asger Feldthaus 8531c113a1 TS: Fix imports 2020-02-24 11:40:27 +00:00
Asger Feldthaus 9b52acc62a TS: Handle export * as ns 2020-02-24 11:40:27 +00:00
Asger Feldthaus 7f939fe1e4 TS: Update to TypeScript 3.8.2 2020-02-24 11:40:27 +00:00
semmle-qlci 94aa77748d
Merge pull request #2810 from erik-krogh/CVE74 
Approved by asgerf
 2020-02-24 11:32:42 +00:00
Asger Feldthaus f923b24bc5 JS: Fix test 2020-02-24 11:19:23 +00:00
Erik Krogh Kristensen 75c1852ee4
doc changes from review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-24 11:58:59 +01:00
Erik Krogh Kristensen 44db0f4e5d better printing of the options arg 2020-02-21 15:39:49 +01:00
Asger Feldthaus d1df251b92 JS: Proto pollution: Add is-plain-object sanitizer 2020-02-21 14:38:33 +00:00
Erik Krogh Kristensen 90e5671d98 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE481 2020-02-21 15:25:07 +01:00
Asger Feldthaus a673539c98 JS: Update expected output 2020-02-21 13:51:23 +00:00
Asger Feldthaus b780bc4d59 JS: Also track into callbacks 2020-02-21 13:51:22 +00:00
Asger Feldthaus e8e649102f JS: Also propagate out of returns 2020-02-21 13:51:22 +00:00
Asger Feldthaus 8c36b999cc JS: Track flow into calls to bound functions 2020-02-21 13:51:20 +00:00
semmle-qlci ee5cf95f5b
Merge pull request #2892 from asger-semmle/js/field-methods 
Approved by esbena
 2020-02-21 13:49:42 +00:00
semmle-qlci e163d8d8c8
Merge pull request #2796 from asger-semmle/js/partial-invoke-receiver 
Approved by esbena
 2020-02-21 13:48:43 +00:00
Erik Krogh Kristensen 75410e5760 big refactor of UselessUseOfCal 2020-02-21 14:26:42 +01:00
semmle-qlci 382e4bc06a
Merge pull request #2895 from max-schaefer/js/improve-param-qldoc 
Approved by asgerf
 2020-02-21 12:01:02 +00:00
Max Schaefer 75495d7aad
Update javascript/ql/src/semmle/javascript/Variables.qll 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-02-21 10:06:32 +00:00
Erik Krogh Kristensen 6ea14532ab small changes based on review 2020-02-21 10:27:57 +01:00
Max Schaefer fc4afe6eb2 JavaScript: Improve qldoc for `Parameter` to clarify that it also contains catch-clause parameters. 2020-02-21 09:14:00 +00:00
semmle-qlci 2df3fe8f36
Merge pull request #2883 from asger-semmle/typescript-3.7.5 
Approved by erik-krogh
 2020-02-20 15:59:36 +00:00
Erik Krogh Kristensen 924272a7a5 insert placeholder qhelp 2020-02-20 14:35:26 +01:00
Erik Krogh Kristensen b2ccec28e0 require the file to be non-empty 2020-02-20 14:34:50 +01:00
Erik Krogh Kristensen b1cbfce50b use SystemCommandExecution and a few small fixes 2020-02-20 14:17:37 +01:00
Erik Krogh Kristensen 03e295ef11 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74 2020-02-20 12:19:32 +01:00
semmle-qlci f6af5da7f7
Merge pull request #2778 from erik-krogh/FalsySanitizer 
Approved by asgerf
 2020-02-20 11:17:03 +00:00
Erik Krogh Kristensen 63036aa444 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74 2020-02-20 12:09:06 +01:00
semmle-qlci 8b277f7226
Merge pull request #2868 from asger-semmle/js/missing-await-void 
Approved by max-schaefer
 2020-02-20 10:56:47 +00:00
Asger Feldthaus 6448acfa88 TS: Depend on TypeScript 3.7.5 2020-02-20 10:53:17 +00:00
Erik Krogh Kristensen 12c0291dde require that an options object has a known set of properties 2020-02-20 11:35:11 +01:00
Erik Krogh Kristensen b5ef45e6c2 add isSync predicate to SystemCommandExecution 2020-02-20 11:30:23 +01:00
Erik Krogh Kristensen a193cb110e support arrow functions in the callbacks 2020-02-20 11:13:39 +01:00
Erik Krogh Kristensen 558beb7255 simplify the output file argument 2020-02-20 10:57:33 +01:00
semmle-qlci 091c6c063c
Merge pull request #2856 from esbena/js/fix-RegExp-getPredecessor-getSuccessor 
Approved by max-schaefer
 2020-02-20 09:50:52 +00:00
Erik Krogh Kristensen a5fdcb67f9 restricts alerts to the first line 2020-02-20 10:43:41 +01:00
Erik Krogh Kristensen d4e73df92f remove dead predicate 2020-02-20 10:39:16 +01:00
Erik Krogh Kristensen 56f3e431f9 update expected output 2020-02-20 10:28:53 +01:00
Erik Krogh Kristensen 80962803b0 update doc for VarAccessBarrier, and make the class private 2020-02-20 10:09:32 +01:00
Erik Krogh Kristensen 2d437efdfd
corrections on qldoc 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-02-20 09:54:11 +01:00
Asger Feldthaus 479770dc07 JS: Recognize class members in more cases 2020-02-19 17:04:41 +00:00
Erik Krogh Kristensen bdab9ee12b change useless cat query to only flag instances that can be re-written to 2020-02-19 16:59:28 +01:00
Asger Feldthaus 77105f6572 JS: Do not flag void operands MissingAwait 2020-02-19 09:30:03 +00:00
Erik Krogh Kristensen 344060e139 accept IO redirections as OK 2020-02-19 10:12:24 +01:00
Max Schaefer 4346691cdc JavaScript: Distinguish `{lo}` and `{lo,}` in the regular expression parser. 2020-02-19 08:26:14 +00:00
Erik Krogh Kristensen 73a7d406a5 add query for useless use of cat 2020-02-18 19:18:45 +01:00
Erik Krogh Kristensen e359e1a373 use a barrier directly instead of a barrier guard 2020-02-18 10:57:28 +01:00
Esben Sparre Andreasen abe7aeef7c
Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
Esben Sparre Andreasen e8938fb466 JS: introduce RegExpSequence::nextElement and previousElement 2020-02-17 23:20:25 +01:00
Erik Krogh Kristensen 56e5bd50f6 update expected output 2020-02-17 14:55:08 +01:00
Erik Krogh Kristensen 2885d48ad0 changes based on review 2020-02-17 14:44:10 +01:00
Asger Feldthaus 9249b92d85 JS: Fix typo in comment 2020-02-17 12:48:13 +00:00
Esben Sparre Andreasen 8a9587fc91 JS: fix RegExp::getSuccessor/getPredecessor for sequence end/starts 2020-02-17 13:40:53 +01:00
Erik Krogh Kristensen d1a58f1d17 Merge remote-tracking branch 'upstream/master' into CVE74 2020-02-17 13:18:52 +01:00
Erik Krogh Kristensen b07f3d36d8 qldoc on splitPath 2020-02-17 13:17:12 +01:00
Erik Krogh Kristensen 5375604109 calling `pop` or `shift` on a SplitPath returns a PosixPath 2020-02-17 13:15:46 +01:00
Esben Sparre Andreasen c5ee436b16 JS: add RegExp::getSuccessor/getPredecessor tests 2020-02-17 13:06:55 +01:00
Erik Krogh Kristensen 3855268201 use RegExpCreationNode 2020-02-17 13:02:47 +01:00
Erik Krogh Kristensen 46cbeb0bc6 add more steps to the SplitPath label 2020-02-17 12:58:27 +01:00
semmle-qlci 23ed2bcc64
Merge pull request #2782 from asger-semmle/js/export-as-ns 
Approved by erik-krogh, max-schaefer
 2020-02-17 11:22:58 +00:00
Erik Krogh Kristensen a6d644bac0 add support for path.normalize(path.realtive(...)) 2020-02-14 13:10:35 +01:00
Erik Krogh Kristensen 94814fa721 fix typos in the test 2020-02-14 13:03:35 +01:00
Erik Krogh Kristensen d765a33b8d add support for "../" prefixes in sanitizer 2020-02-14 12:36:54 +01:00
Erik Krogh Kristensen 9d61004128 remove redundant constructor on sink 2020-02-14 12:31:12 +01:00
Max Schaefer f181111886 JavaScript: Add model of `http2` compatibility API. 
Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.
 2020-02-14 11:14:31 +00:00
Erik Krogh Kristensen 3a146514ce add sanitizer for relative ".." in js/path-injection 2020-02-14 10:51:48 +01:00
semmle-qlci da566a4484
Merge pull request #2828 from erik-krogh/CVE24 
Approved by esbena
 2020-02-14 09:12:48 +00:00
semmle-qlci 769dce511b
Merge pull request #2788 from erik-krogh/CVE42-sink 
Approved by esbena
 2020-02-14 08:00:00 +00:00
Erik Krogh Kristensen 897bb4d801 add test for chrome-remote-interface 2020-02-13 15:12:45 +01:00
Erik Krogh Kristensen 1ab5ca4e64
typo in docstring 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-13 14:15:28 +01:00
Erik Krogh Kristensen d6afd438ba add model for chrome-remote-interface as a ClientRequest 2020-02-13 10:58:07 +01:00
Erik Krogh Kristensen 35d8151374 add a few arrary methods to TaintedPath.qll 2020-02-11 12:23:51 +01:00
Erik Krogh Kristensen 8e316d2f05 add unary type-tracking predicates 2020-02-10 12:51:09 +01:00
Erik Krogh Kristensen 0f511c92b4 Merge remote-tracking branch 'upstream/master' into FalsySanitizer 2020-02-10 09:54:58 +01:00
semmle-qlci 37360e7d93
Merge pull request #2794 from esbena/js/move-EnumeratedPropName 
Approved by asgerf
 2020-02-07 21:31:37 +00:00
semmle-qlci 76ba48c6fb
Merge pull request #2790 from esbena/js/model-send 
Approved by asgerf
 2020-02-07 21:30:54 +00:00
Asger Feldthaus e4844bfad2 JS: Fix deprecated API usage 2020-02-07 17:17:48 +00:00
Asger Feldthaus ad10414604 JS: Update expected output of existing test 2020-02-07 16:57:57 +00:00
Erik Krogh Kristensen 06e13cb3a1 Merge branch 'master' of git.semmle.com:Semmle/ql into FalsySanitizer 2020-02-07 16:13:02 +01:00
Erik Krogh Kristensen c6668da02e expand how indirectCommandArguments are found 2020-02-07 15:00:05 +01:00
Asger Feldthaus 254af4f3a8 JS: Rewrite LodashUnderscore::AnalyzedThisInBoundCallback 2020-02-07 13:58:07 +00:00
Erik Krogh Kristensen dd9e3d2fec expose TaintTracking::arrayFunctionTaintStep and add a step for "concat" 2020-02-07 14:57:32 +01:00
Asger Feldthaus fea5a4331d JS: Rewrite React::AnalyzedThisInBoundCallback 2020-02-07 13:55:42 +00:00
Asger Feldthaus 3b28bdbeed JS: Rewrite AnalyzedThisInArrayIterationFunction 2020-02-07 13:55:36 +00:00
Asger Feldthaus f942e69482 JS: Improve flow through partial invokes 2020-02-07 13:54:14 +00:00
Esben Sparre Andreasen dcdaa96570 JS: remove unused imports 2020-02-07 14:10:50 +01:00
Esben Sparre Andreasen cb30329b3d JS: make DynamicPropertyAccess.qll from PrototypePollutionUtility.ql 2020-02-07 13:57:52 +01:00
Erik Krogh Kristensen 1ece6b9afe update expected output of tests 2020-02-07 12:57:51 +01:00
semmle-qlci 125c6a071c
Merge pull request #2787 from asger-semmle/js/lazy-cache-test-case 
Approved by esbena
 2020-02-07 11:53:04 +00:00
Esben Sparre Andreasen 736ccb98c2 JS: model the `send` library for `js/path-injection` 2020-02-07 12:45:32 +01:00
Erik Krogh Kristensen 8ea6070120 add indirect command injection sink for a concatenated array 2020-02-07 11:04:34 +01:00
Asger Feldthaus a2fa6bb41f JS: Add test case for lazy-cache 2020-02-07 09:50:37 +00:00
Asger Feldthaus a628f787e8 JS: Fix qldoc comment 2020-02-06 14:59:52 +00:00
Asger Feldthaus f84af74d1d JS: Handle more libraries 2020-02-06 14:59:52 +00:00
Asger Feldthaus c559ab13e7 JS: Add test and handle parameter with source object 2020-02-06 14:59:52 +00:00
Asger Feldthaus 34a9dce33d JS: Detect property enumeration through for-own 2020-02-06 14:59:52 +00:00
Asger Feldthaus 418f841749 JS: Handle imports through lazy-cache 2020-02-06 14:59:52 +00:00
semmle-qlci 180e9d4731
Merge pull request #2779 from asger-semmle/js/protopol-regression-fix 
Approved by esbena
 2020-02-06 14:58:19 +00:00
Erik Krogh Kristensen 75f23a189d
update docstring 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-02-06 15:53:03 +01:00
Erik Krogh Kristensen 2865723059 add test for new barrier 2020-02-06 15:44:33 +01:00
Erik Krogh Kristensen ade93e66e1 move the if(!x) from DataFLow to TaintTracking 2020-02-06 15:44:22 +01:00
Asger Feldthaus 7090124a1d JS: Implement type inference through export * as ns 2020-02-06 14:29:35 +00:00
Asger Feldthaus a252a41459 JS: Rename/deprecate a predicate to loosen its return type 2020-02-06 14:27:23 +00:00
Asger Feldthaus 2b77c7969d JS: Add tests for 'export * as ns' 2020-02-06 14:04:12 +00:00
Asger Feldthaus f5c805bad1 JS: Move tests into one file 2020-02-06 13:55:29 +00:00
Asger Feldthaus 54c521d41c JS: Fix typo in test query 2020-02-06 13:50:06 +00:00
Erik Krogh Kristensen 1f7dda7fbc add dataflow barrier for if(xrandr) 2020-02-06 12:55:44 +01:00
Asger Feldthaus 0345c48503 JS: Bump extractor version string 2020-02-06 11:04:59 +00:00
Asger Feldthaus 38ef07ce73 JS: Fix join ordering 2020-02-06 10:29:05 +00:00
Erik Krogh Kristensen d8a30c48a3 update expected output of TaintedPath tests 2020-02-06 09:47:15 +01:00
semmle-qlci 5125dc7939
Merge pull request #2730 from esbena/js/model-path-parse 
Approved by asgerf
 2020-02-05 21:35:55 +00:00
semmle-qlci 163285bee7
Merge pull request #2735 from asger-semmle/prototype-pollution-manual-dataflow 
Approved by esbena
 2020-02-05 12:52:59 +00:00
Erik Krogh Kristensen da28d3b971 add "hash" and "search" to URL taint step 2020-02-05 12:44:10 +01:00
semmle-qlci a5e183bde3
Merge pull request #2619 from asger-semmle/ts-monorepo-deps 
Approved by erik-krogh, max-schaefer
 2020-02-05 10:57:55 +00:00
semmle-qlci 53763c789f
Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path 
Approved by erik-krogh
 2020-02-05 10:53:39 +00:00
semmle-qlci 52f34d7178
Merge pull request #2715 from erik-krogh/PrivateFields 
Approved by asgerf
 2020-02-05 10:20:28 +00:00
Erik Krogh Kristensen 88bb1dc23d bind `this` in each of the step methods of `UrlSearchParamsTaintStep` 2020-02-05 10:58:13 +01:00
Erik Krogh Kristensen 30d5eb5a13 update docstrings 2020-02-05 10:53:34 +01:00
Erik Krogh Kristensen ffc6fddddd update expected test output 2020-02-05 10:52:40 +01:00
Asger F cf18bd7bb8
Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-05 09:48:16 +00:00
Asger Feldthaus fd9975db85 JS: Address comments 2020-02-05 09:47:51 +00:00
Esben Sparre Andreasen f6ad22dd1f
Merge pull request #2758 from asger-semmle/js/string-concat-concat 
JS: Model concat() calls as string concatenation
 2020-02-05 10:41:02 +01:00
Erik Krogh Kristensen ec9c37075c address review feedback 2020-02-05 10:31:53 +01:00
Erik Krogh Kristensen 35a7e15a2f remove `private` modifer on `isUrlSearchParams` 2020-02-05 10:30:31 +01:00
Erik Krogh Kristensen 76aca02752 change the pseudo-property on URL to a two-stage process 2020-02-05 10:27:03 +01:00
Erik Krogh Kristensen e525cf0959 generalize `isAdditionalLoadStoreStep` such that it loads and stores different properties 2020-02-05 09:40:16 +01:00
Asger Feldthaus b4df03767d JS: Ignore obvious Array.prototype.concat calls 2020-02-04 16:36:41 +00:00
Asger Feldthaus db2212e33e TS: Only print number of errors if there were any 2020-02-04 15:31:30 +00:00
Erik Krogh Kristensen 8d37c03209 using pseudo-properties to model URL parsing 2020-02-04 16:30:07 +01:00
Asger Feldthaus 3ccdaa94ad JS: Expose argumentPassing as DataFlow::argumentPassingStep 2020-02-04 15:06:45 +00:00
Asger Feldthaus c185cededf JS: More pruning and more data flow 2020-02-04 15:06:42 +00:00
semmle-qlci 4b89eee683
Merge pull request #2757 from max-schaefer/js/resolveMainModule-extensions 
Approved by asgerf
 2020-02-04 13:07:08 +00:00
Erik Krogh Kristensen 15e26666cd add declaration for private field in syntax error test 2020-02-04 14:05:09 +01:00
Asger Feldthaus bf2c944b4f JS: Model concat() calls as string concatenation 2020-02-04 10:20:37 +00:00
Esben Sparre Andreasen 1ec8fa24b3 JS: reformulate optimization 2020-02-04 10:52:38 +01:00
Esben Sparre Andreasen 8a2c81b41c JS: address review comments about duplicated logic 2020-02-04 10:49:23 +01:00
Max Schaefer 43e4ed1e18 JavaScript: Teach `resolveMainModule` to try adding extensions. 2020-02-04 09:39:04 +00:00
Max Schaefer e21c24c60e JavaScript: Add failing test case. 2020-02-04 09:39:04 +00:00
Esben Sparre Andreasen e1180495f5 JS: optimize a prefix-check 2020-02-04 09:48:56 +01:00
semmle-qlci bd51ef35b7
Merge pull request #2731 from erik-krogh/CVE527 
Approved by esbena
 2020-02-04 08:38:26 +00:00
Esben Sparre Andreasen bbd60f52ba JS: add additional flow steps to js/path-injection 2020-02-03 16:36:25 +01:00
Erik Krogh Kristensen e3189aaa47 raise syntax error on declaration of private method, and add syntax tests for private fields 2020-02-03 16:00:25 +01:00
semmle-qlci 3a7845e7fc
Merge pull request #2653 from erik-krogh/exceptionFPs 
Approved by esbena
 2020-02-03 14:15:24 +00:00
Erik Krogh Kristensen 183dd68d6a add qldoc to isPrivateField 2020-02-03 14:23:27 +01:00
Asger Feldthaus 3c1cbcefa5 TS: Pass virtual source root explicitly to Node.js process 2020-02-03 10:36:36 +00:00
Asger Feldthaus 513854a608 TS: Add upgrade script 2020-02-03 09:32:56 +00:00
Asger Feldthaus 9abf5f06e6 TS: Resolve imports using TypeScript symbols 2020-02-03 09:32:56 +00:00
Asger Feldthaus abb95135c1 JS: Add UnresolvableImport metric 2020-02-03 09:32:56 +00:00
Erik Krogh Kristensen 5ff958a9cf fix compilation of PrototypePollutionUtility after refactor 2020-02-03 09:39:41 +01:00
Esben Sparre Andreasen 7f25c1bf47 JS: address doc-review comments 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen c70997febf JS: address review comments for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen eaff78b37e JS: change severity to warning 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen 1de1c15919 JS: minor fixups 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen 2ad9b843ae JS: fix FP for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen cfd567f01d JS: fix FP for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen 9e247921fc JS: add FP tests for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen fef918ac13 JS: add query "Unsafe jQuery plugin" 2020-01-31 19:33:04 +01:00
semmle-qlci d995d5a4a0
Merge pull request #2716 from esbena/js/additional-koa-requests 
Approved by erik-krogh
 2020-01-31 18:30:42 +00:00
Erik Krogh Kristensen 84be6e1286 update docString on getAnAliasedSourceNode 2020-01-31 15:38:19 +01:00
Erik Krogh Kristensen 32bcb18cdf add pragma[inline] to getAnAliasedSourceNode 2020-01-31 15:35:38 +01:00
Erik Krogh Kristensen 72114a48f5 rename getASourceAccess to getAnAliasedSourceNode 2020-01-31 15:34:58 +01:00
Erik Krogh Kristensen e6d46b9279 add test for new prefix check on TaintedPath 2020-01-31 12:35:03 +01:00
Erik Krogh Kristensen b6611b1fb3 add "slice" as a recognized prefix method in ClientSideUrlRedirectCustomizations.qll 2020-01-31 12:24:12 +01:00
Erik Krogh Kristensen 279c584bb8 fix FP in js/path-injection by recognizing more prefix checks 2020-01-31 11:03:11 +01:00
semmle-qlci f8d0b4e602
Merge pull request #2618 from erik-krogh/ExceptionalPromise 
Approved by asgerf
 2020-01-31 07:59:09 +00:00
Esben Sparre Andreasen 5f1317fa2d JS: model path.parse and its ponyfill package: "path-parse" 2020-01-30 21:26:18 +01:00
Esben Sparre Andreasen 5b5f52979d JS: add uniform support for path, path.posix and path.win32 2020-01-30 21:26:18 +01:00
Erik Krogh Kristensen 8fc273b9ec update expected output 2020-01-30 15:19:27 +01:00
semmle-qlci 3158b8401a
Merge pull request #2705 from erik-krogh/CVE75 
Approved by asgerf
 2020-01-30 13:07:05 +00:00
semmle-qlci 120b50f497
Merge pull request #2708 from asger-semmle/js/react-flow-through-imports 
Approved by esbena
 2020-01-30 13:05:07 +00:00
Erik Krogh Kristensen 162c19c348 changes based on review 2020-01-30 14:04:04 +01:00
Asger F b88cc50cdb
Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-01-30 12:42:58 +00:00
Asger Feldthaus 1bf8165098 TS: Other review comments 2020-01-30 12:41:02 +00:00
Asger Feldthaus 92dbfb2858 JS: Handle LGTM_WORKSPACE and fix emptiness check 2020-01-30 12:31:25 +00:00
Asger Feldthaus 141d4bfb70 TS: Handle multiple slashes in scope name 2020-01-30 12:28:16 +00:00
Erik Krogh Kristensen 7637ebcc03 Merge remote-tracking branch 'upstream/master' into exceptionFPs 2020-01-30 10:56:41 +01:00
Esben Sparre Andreasen 31743c42e5
Update javascript/ql/src/semmle/javascript/frameworks/Koa.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-29 20:28:29 +01:00
Esben Sparre Andreasen a6d3afd817 JS: support additional Koa request sources 2020-01-29 14:49:01 +01:00
Esben Sparre Andreasen d4d910b681 JS: add koa test 2020-01-29 14:41:23 +01:00
Anders Schack-Mulligen 743b612d0d Javascript/Python: Sync XML.qll 2020-01-29 13:31:25 +01:00
Erik Krogh Kristensen b8834ffcad add support for private fields in classes 2020-01-29 13:10:45 +01:00
semmle-qlci fb90c2ba52
Merge pull request #2681 from asger-semmle/csrf-only-session-cookie-access 
Approved by erik-krogh, max-schaefer
 2020-01-29 10:46:48 +00:00
Erik Krogh Kristensen aea365c424 adjust API naming 2020-01-28 15:09:31 +01:00
Erik Krogh Kristensen cb16116b4d adjust type-tracking on custom EventEmitters 2020-01-28 14:00:26 +01:00
Asger F 701d9989be
Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:51 +00:00
Asger F 310dd05185
Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:34 +00:00
semmle-qlci 5ab6457370
Merge pull request #2699 from asger-semmle/js/callback-doc-typo 
Approved by max-schaefer
 2020-01-28 11:00:49 +00:00