github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
6 561 коммит 1 544 Ветки 131 Тег 485 MiB
Граф коммитов

1955 Коммитов

Автор SHA1 Сообщение Дата
semmle-qlci 50e8034b0b
Merge pull request #1544 from esben-semmle/js/additional-configuration-splitting 
Approved by xiemaisi
 2019-07-05 09:10:22 +01:00
Ellen Arteca 39c37f519d JavaScript: Use type tracking to identify more portal entry/exit nodes. 2019-07-05 09:03:37 +01:00
Arthur Baars 9bf0a3f2cd
Merge pull request #1547 from Semmle/rc/1.21 
Merge rc/1.21 into master
 2019-07-05 07:20:28 +02:00
Esben Sparre Andreasen fca815f96d JS: make use of the recent Configuration split 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 6d5b84fa88 JS: split XmlBomb.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 5163ccfd39 JS: split InsufficientPasswordHash.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 8664908f78 JS: split PrototypePollution.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 289c29828f JS: split UnvalidatedDynamicMethodCall.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 9e675d9973 JS: split TaintedFormatString.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 26c29cbde5 JS: split TypeConfusionThroughParameterTampering.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 8225d9923c JS: split ClientSideUrlRedirect.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen c3973c061e JS: split ZipSlip.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 29e69b32b0 JS: split XpathInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 48b655f1c7 JS: split CommandInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen ccc171ce18 JS: split RemotePropertyInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 063abb5af9 JS: split PostMessageStar.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 3ad46cd5bf JS: split HardcodedCredentials.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen ec6d233180 JS: split CleartextLogging.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 813253e0ac JS: split BrokenCryptoAlgorithm.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 27d0caed3e JS: split RegExpInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen c8a60f74f0 JS: split StackTraceExposure.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen f2b3fa57eb JS: split RequestForgery.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 6f6887993c JS: split Xxe.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 9d670f7d39 JS: split CleartextStorage.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 013f471cf6 JS: split TaintedPath.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 2bb702ceea JS: split SqlInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 2972c28e58 JS: split NosqlInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 057b18c316 JS: split ServerSideUrlRedirect.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen a89a073623 JS: split FileAccessToHttp.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen efe7ba4f3d JS: split InsecureRandomness.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen b85d3756b0 JS: split DifferentKindsComparisonBypass.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 56172317ed JS: split HardCodedDataInterpretedAsCode.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen d786f36120 JS: split CorsMisconfigurationForCredentials.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen 1f54f3269d JS: split HttpToFileAccess.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen ee6003655a JS: split UnsafeDynamicMethodAccess.qll 2019-07-04 22:42:55 +02:00
semmle-qlci 298aa92814
Merge pull request #1543 from xiemaisi/js/reflective-call-flow 
Approved by asger-semmle
 2019-07-04 12:02:24 +01:00
Max Schaefer 91a718cfe5 JavaScript: Fix data flow out of reflective calls. 
We were previously missing a data-flow edge from reflected calls to the corresponding reflective call, that is, for `f.call(...)` we didn't have a flow edge from the implicit call to `f` to the result of `f.call(...)`.
 2019-07-04 08:29:04 +01:00
Esben Sparre Andreasen bb452bea45 JS: split UnsafeDeserialization.qll 2019-07-04 08:39:10 +02:00
Esben Sparre Andreasen 626f3fa598 JS: split ConditionalBypass.qll 2019-07-04 08:33:39 +02:00
semmle-qlci 40f7e6f514
Merge pull request #1540 from esben-semmle/js/bump-prototype-pollution-lodash 
Approved by xiemaisi
 2019-07-04 07:19:45 +01:00
semmle-qlci 6cda33c39e
Merge pull request #511 from esben-semmle/js/classify-minified-by-variable-names 
Approved by xiemaisi
 2019-07-03 16:31:43 +01:00
semmle-qlci b07a3e6725
Merge pull request #1439 from esben-semmle/js/configuration-node-separation 
Approved by asger-semmle, xiemaisi
 2019-07-03 16:31:10 +01:00
semmle-qlci 7fbc730b05
Merge pull request #1517 from asger-semmle/instance-type-tracking-final 
Approved by xiemaisi
 2019-07-03 08:26:16 +01:00
semmle-qlci 44823ca46d
Merge pull request #1522 from asger-semmle/ts-stringify-recursive-type-alias 
Approved by xiemaisi
 2019-07-03 08:25:50 +01:00
Esben Sparre Andreasen 051c6ca31f JS: split CodeInjection.qll into two parts 2019-07-03 09:18:27 +02:00
Esben Sparre Andreasen ecf367fa65 JS: bump vulnerable lodash version for prototype pollution 
See https://github.com/lodash/lodash/pull/4336
 2019-07-03 08:18:16 +02:00
Asger F 70cbecaf1b JS: Update more test outputs 2019-07-02 21:08:13 +01:00
Asger F 52a5bce10d TS: Update test affected by new stringification 2019-07-02 21:01:47 +01:00
Asger F 329ff0db1b JS: Add an use getAPropertySource() 2019-07-02 10:09:06 +01:00
Asger F 5ce08e2c78 JS: Address review comments 2019-07-02 10:09:06 +01:00
Asger F 408fd3e106 JS: Augment call graph using type-tracked class instances 2019-07-02 10:09:06 +01:00
Asger F 779d98a143 JS: Prevent bad join in hasOwnProperty 2019-07-02 10:09:05 +01:00
Max Schaefer bfb236f56d JavaScript: Add more default source nodes. 
In particular, `await`, `yield` and dynamic `import` expressions are now source nodes, as well as a few other experimental and legacy language features involving non-local flow.
 2019-07-02 08:10:28 +01:00
semmle-qlci 71c86fa69b
Merge pull request #1527 from esben-semmle/js/classify-more-generated-and-tests 
Approved by asger-semmle
 2019-07-02 07:38:10 +01:00
semmle-qlci 26fd1b91cf
Merge pull request #1485 from esben-semmle/js/fix-yaml-strings 
Approved by xiemaisi
 2019-07-02 07:00:43 +01:00
semmle-qlci b0b152aaaa
Merge pull request #1529 from xiemaisi/js/getter-summaries 
Approved by asger-semmle
 2019-07-02 06:16:34 +01:00
Max Schaefer 7f95c20345 JavaScript: Add support for tracking flow into receivers of reflective calls. 2019-07-01 17:54:43 +01:00
semmle-qlci 3b126d9c4e
Merge pull request #1488 from asger-semmle/call-graph-metric 
Approved by xiemaisi
 2019-07-01 16:09:34 +01:00
Max Schaefer 895055f30e JavaScript: Avoid unhelpful magic. 
The constraint `exists(callback.getParameter(i))` was getting pushed into `higherOrderCall`, which isn't a bad thing to do. However, this then led to a join on `i`, which is a very bad thing to do.
 2019-07-01 15:45:57 +01:00
Max Schaefer b5b89c0eac JavaScript: Track flow into method receivers. 2019-07-01 15:45:57 +01:00
Esben Sparre Andreasen 062778bdd8 JS: heuristically recognize x.spec.y and x.test.y as test files 2019-07-01 15:49:17 +02:00
Esben Sparre Andreasen 7cab308205 fixup! JS: classify numeric file names as generated 2019-07-01 15:49:03 +02:00
Asger F 0c04580b5e JS: fix typo in doc 2019-07-01 13:25:55 +01:00
Asger F ff4d6ece80 JS: Rename metrics to ResolvableCallX 2019-07-01 12:34:48 +01:00
Asger F 16e6dd12d0 JS: Address review comments part 1 2019-07-01 12:30:51 +01:00
Esben Sparre Andreasen 41e568d1f7 JS: classify files with many short variables as minified 2019-07-01 13:25:07 +02:00
Asger F 2ab72c4eef JS: Support line breaks in types 2019-07-01 11:46:30 +01:00
Asger F 625cdb8765 JS: Update test output 2019-07-01 11:29:55 +01:00
Asger F 4f05eab3fd JS: Make docs match reality 2019-07-01 11:29:55 +01:00
Asger F 2822e493ae JS: Switch to absolute offsets 2019-07-01 11:29:55 +01:00
Asger F d6ba1ffa8a JS: Some loc() fixes 2019-07-01 11:29:55 +01:00
Asger F fd0791bd8c JS: Parse types from original source string 2019-07-01 11:29:55 +01:00
Asger F a3c7b631f4 JS: Extract type source text with substring 2019-07-01 11:29:55 +01:00
Asger F edd96b056e JS: Remove redundant source field 2019-07-01 11:29:55 +01:00
Asger F 9403834af5 JS: Include leading star in parsed source 2019-07-01 11:29:55 +01:00
Asger F 9b4bdaecce JS: Remove unneeded replace call 2019-07-01 11:29:55 +01:00
Esben Sparre Andreasen 2eb7e4a818 JS: classify `x.test.js` files with `test(...)` calls as jest tests 2019-07-01 10:28:10 +02:00
Esben Sparre Andreasen 5ebcef41fa JS: classify numeric file names as generated 2019-07-01 10:25:38 +02:00
Asger F aff90b1082 TS: Add a missing semicolon 2019-06-28 10:53:33 +01:00
Asger F f5569b8b58 TS: Avoid infinite recursion in stringifyType 2019-06-28 10:53:33 +01:00
Max Schaefer 3c3422e221 JavaScript: Refactor unpromoted-candidate queries to no longer rely on tracked nodes. 2019-06-28 10:25:23 +01:00
Max Schaefer ff62c56df1 JavaScript: Replace remaining uses of `TrackedExpr` with type tracking. 2019-06-28 09:21:41 +01:00
Max Schaefer b3e8103dce JavaScript: Track flow through property getter functions. 2019-06-28 08:51:27 +01:00
Max Schaefer 1c175cbe71 JavaScript: Rename `loadStep` to `basicLoadStep`. 2019-06-28 08:51:27 +01:00
semmle-qlci c4cb75eff5
Merge pull request #1508 from xiemaisi/js/fix-MessageEvent-externs 
Approved by asger-semmle
 2019-06-27 14:32:21 +01:00
Asger F 8f4228b7c3 JS: Ignore RemoteFlowSource case due to bad join ordering 2019-06-27 12:23:07 +01:00
semmle-qlci 44bd540c44
Merge pull request #1495 from asger-semmle/array-taint-step 
Approved by xiemaisi
 2019-06-27 12:16:17 +01:00
Max Schaefer 7565eb263e JavaScript: Update externs for `MessageEvent`. 2019-06-26 19:12:05 -07:00
semmle-qlci 1a9f3624c2
Merge pull request #1504 from xiemaisi/js/shift-bigint 
Approved by asger-semmle
 2019-06-26 18:30:48 +01:00
Max Schaefer e35fde322b JavaScript: Teach `ShiftOutOfRange` about BigInt. 2019-06-26 09:16:34 -07:00
Asger F 102fd11e8d JS: Change to queries of @kind metric 2019-06-25 22:12:11 +01:00
Asger F 57dac1d0d5 JS: Update test output to reflect new edge relation 2019-06-25 16:41:29 +01:00
Asger F aa4d28028e JS: Add test 2019-06-25 14:15:06 +01:00
Asger F 71100bb68a JS: Do not require predecessor to be a SourceNode 2019-06-25 14:03:57 +01:00
Chris Gavin bce153648e JavaScript: Update link to the OWASP XSS prevetion cheat sheet. 2019-06-24 23:21:14 +01:00
Esben Sparre Andreasen 4f9a7d0b71 JS: updated expected output for different SnakeYaml version 2019-06-24 09:24:12 +02:00
Asger F 207ed1e14a JS: Add query for measuring call graph quality 2019-06-24 01:01:13 +01:00
Max Schaefer a417884173 JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-23 21:56:02 +02:00
Esben Sparre Andreasen 6885b5cf1f JS: fix yaml StringIndexOutOfBoundsException 2019-06-21 15:18:56 +02:00
semmle-qlci 59dd3b2fb7
Merge pull request #1477 from asger-semmle/ts-debug-failure-in-tsconfig 
Approved by xiemaisi
 2019-06-21 12:45:13 +01:00
semmle-qlci 4d779026d2
Merge pull request #1479 from xiemaisi/js/remove-circularity 
Approved by asger-semmle
 2019-06-21 09:03:13 +01:00
Max Schaefer 4370f25b32 JavaScript: Remove dependency of module import on `globalVarRef`. 2019-06-20 21:08:34 +01:00
Max Schaefer 544a55dd0e JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-20 17:04:47 +01:00
Ellen Arteca 99c32f08fb JavaScript: Recognize imports from TypeScript type annotations 2019-06-20 10:45:30 +01:00
Asger F 52f31dcb07 TS: Rely on ts.sys.readFile for decoding 2019-06-19 11:57:22 +01:00
Mark Shannon 77030c4dde Merge branch 'rc/1.21' into 'master' 2019-06-13 12:32:45 +01:00
semmle-qlci 8a43fdc806
Merge pull request #1448 from xiemaisi/js/fix-access-paths-perf-regression 
Approved by esben-semmle
 2019-06-13 10:13:27 +01:00
semmle-qlci bffc3307b5
Merge pull request #1450 from esben-semmle/js/classify-json-js-as-generated 
Approved by xiemaisi
 2019-06-13 09:45:37 +01:00
semmle-qlci 7332446ee1
Merge pull request #1444 from esben-semmle/js/express-node-inheritance 
Approved by xiemaisi
 2019-06-12 21:43:44 +01:00
semmle-qlci 913544600a
Merge pull request #1449 from xiemaisi/js/fix-http-response-sink-perf-regression 
Approved by esben-semmle
 2019-06-12 21:36:23 +01:00
Max Schaefer 60964efce5 JavaScript: Avoid bad context pushing in `ReflectedXss::HttpResponseSink`. 2019-06-12 16:20:35 +01:00
Esben Sparre Andreasen 3f11ae7eaa Merge remote-tracking branch 'rc/1.21' into master 2019-06-12 12:57:55 +02:00
Esben Sparre Andreasen 6e022f66c4 JS: formatting of Express and NodeJSLib.qll 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen 59b7b0757a JS: make Express' res/req extend Node's res/req 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen 29f9103b39 JS: classify single-line JSON files as generated 2019-06-12 09:05:12 +02:00
semmle-qlci 7790ac45bd
Merge pull request #1409 from esben-semmle/js/more-command-injection 
Approved by xiemaisi
 2019-06-11 11:59:18 +01:00
Max Schaefer 70cf32c889 JavaScript: Add a few more tests. 2019-06-11 08:44:14 +01:00
Esben Sparre Andreasen 299d4c6e93 JS: add additional SystemCommandExecutors 2019-06-11 09:38:10 +02:00
Max Schaefer b32a037ff2 JavaScript: Refactor a few access path computation predicates. 2019-06-10 11:15:52 +01:00
Max Schaefer 398ee0c133 JavaScript: Add tests for data-flow tutorial. 2019-06-07 14:33:26 +01:00
Max Schaefer 16c33b54b6 JavaScript: Recognise references to the `process` global. 2019-06-06 11:48:18 +01:00
Max Schaefer d233cea79d JavaScript: Lower precision of `PasswordInConfigurationFile`. 
In spite of recent improvements, this query is still too noisy to show
by default.
 2019-06-05 08:09:19 +01:00
Max Schaefer d723ab76d8 JavaScript: Fix `getDelimiterMatchingRegexp` to work on multi-line strings. 2019-06-05 08:09:19 +01:00
Max Schaefer a4876270ec JavaScript: Tweak `PasswordInConfigurationFile` alerts. 
Only highlight first line, and include the password in the alert
message.
 2019-06-05 08:09:19 +01:00
Max Schaefer c09b859aa7 JavaScript: Add three missing `@metricType` annotations. 2019-06-04 17:17:14 +01:00
semmle-qlci 1fa975b4c9
Merge pull request #1393 from xiemaisi/js/concretify 
Approved by esben-semmle
 2019-06-04 11:34:47 +01:00
semmle-qlci 80ff63a3bb
Merge pull request #1387 from esben-semmle/js/unanchored-url-regex 
Approved by mc-semmle, xiemaisi
 2019-06-03 17:27:08 +01:00
Esben Sparre Andreasen 04868e5b97 JS: format qhelp examples 2019-06-03 17:05:19 +02:00
Esben Sparre Andreasen 9e0a97e82f JS: address qhelp review comments 2019-06-03 16:39:39 +02:00
Esben Sparre Andreasen bf51c54338 JS: add `RegExpPatternSource::getAParse` to hide the subclasses 2019-06-03 14:23:22 +02:00
Esben Sparre Andreasen 7b652214c5 JS: address docstring comments 2019-06-03 13:59:39 +02:00
Max Schaefer d8a101df6d JavaScript: Shrink `Configurations.qll` some more. 2019-06-03 10:32:25 +01:00
Esben Sparre Andreasen 14644270ac JS: fix comment typo 2019-06-03 08:32:35 +02:00
Esben Sparre Andreasen 7018a38691 JS: improve tests and regexp for js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen 3289c629f7 JS: address minor review comments 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen 0fa73b8331 JS: add query js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen 69db54a03a JS: add anchors to js/incomplete-hostname-regexp examples 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen 3358e49698 JS: refactor the predicate `RegExp::regexp` to three classes. 
This preserves the ad hoc message formatting in IncompleteHostnameRegExp.ql
 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen 98ae2597bb JS: refactor `IncompleteHostnameRegExp::regexp` to RegExp.qll 2019-06-03 08:27:49 +02:00
Max Schaefer c560096b17 JavaScript: Make `Script` and `CodeInAttribute` concrete. 2019-05-31 12:04:14 +01:00
Max Schaefer 74688bb600
Merge pull request #1341 from esben-semmle/js/sync-suites 
JS: Add queries to the manual suite for LGTM constistency
 2019-05-31 08:18:08 +01:00
Max Schaefer 3097037a6f
Merge pull request #1290 from esben-semmle/js/semver-lib 
JS: add SemVer library
 2019-05-31 08:09:24 +01:00
semmle-qlci 0fa06e5c8d
Merge pull request #1180 from asger-semmle/tainted-path-squashed 
Approved by xiemaisi
 2019-05-30 17:20:19 +01:00
Max Schaefer 3c8aea26da JavaScript: Update expected test output. 2019-05-30 15:05:43 +01:00
Max Schaefer 5ac408d641 JavaScript: Remove a few more configurations from AllConfigurations.qll. 
This works around BDD node exhaustion we get due to the complex type
hierarchy caused by importing many configurations at once. I've also
renamed the library accordingly.
 2019-05-30 13:13:16 +01:00
Asger F 72c0925967 TS: Bump to TypeScript 3.5.1 2019-05-30 11:40:25 +01:00
Max Schaefer 38a38ab780 JavaScript: Make autobuilder fail if no JS/TS code was seen. 
In particular, the autobuilder will no longer succeed for projects that
contain HTML or YAML files but no JS/TS code. Further down the line,
this prevents LGTM.com from classifying such projects as "JavaScript"
projects.
 2019-05-28 14:43:59 +01:00
semmle-qlci 9fb61d5f26
Merge pull request #1371 from xiemaisi/js/index-xml 
Approved by asger-semmle
 2019-05-28 14:30:43 +01:00
semmle-qlci ead59baa0e
Merge pull request #1369 from xiemaisi/js/fix-autobuild-test 
Approved by asger-semmle
 2019-05-28 12:27:17 +01:00
semmle-qlci bd15994bb4
Merge pull request #1367 from xiemaisi/js/configuration-api-consistency 
Approved by esben-semmle
 2019-05-28 12:26:58 +01:00
Asger F ef1ad0d3b7 JS: Summary expected output (not taint-tracking config anymore) 2019-05-28 12:05:51 +01:00
Asger F 9f43844f1e JS: Remove obsolete code 2019-05-28 11:54:57 +01:00
Asger F 8d60ae7200 JS: Avoid unnecessary casts 2019-05-28 11:54:42 +01:00
Asger F 9f1617a6a8 JS: Update TaintedPath.expected (4x paths) 2019-05-28 11:22:08 +01:00
Asger F 6617747185 JS: Update DataFlowTracking output for booleanOps.js 2019-05-28 11:19:23 +01:00
Max Schaefer 7f8f126338 JavaScript: Add support for XML extraction. 2019-05-28 09:44:24 +01:00
Max Schaefer 4992970181 JavaScript: Fix an auto-build test. 2019-05-28 09:44:24 +01:00
Max Schaefer 86e96c6dc3 JavaScript: Introduce `is{Barrier,Sanitizer}Edge` predicate. 
This name is more intuitive than the previous binary
`is{Barrier,Sanitizer}` predicates, and is consistent with the other
languages.
 2019-05-28 08:08:14 +01:00
Max Schaefer d9b3e461ba
Merge pull request #1351 from asger-semmle/js-incomplete-nodes 
JS: Mark some more nodes as incomplete
 2019-05-28 07:59:23 +01:00
Max Schaefer bad5465aad
Merge pull request #1360 from asger-semmle/customize-window-document 
JS: Make some DOM concepts customizable
 2019-05-28 07:58:44 +01:00
Esben Sparre Andreasen fd4c749e27 JS: change FrameworkLibraryInstance Script/TopLevel inheritance 
This is theoretically a breaking change, but it preserves the
semantics of all queries in this repository, as far as I can see.
 2019-05-28 08:31:23 +02:00
Esben Sparre Andreasen 1b1e9ed51a JS: cache matchMarkerComment 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen 189ac6c2bd JS: add js/prototype-pollution to the security suite 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen eb13ab52cf JS: sharpen js/prototype-pollution with version analysis 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen c143e31fb5 JS: rename getDefaultNode to getImportedModuleNode 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen 0660db37f6 JS: introduce SemVer matching library 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen 7d57d1915a JS: introduce `DataFlow::DependencyModuleImport` 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen 1cea29d89f JS: improve prototype pollution tests 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen af3f0b1d04 JS: add test for missing support for package-lock.json 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen ef6f4c7a5e JS: update docstring 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen f74653be46 JS: extract `getDefaultNode` from `DefaultRange` 2019-05-27 22:32:32 +02:00
Max Schaefer 1bf7bcf010
Merge pull request #1356 from asger-semmle/tainted-path-cherry-picked 
JS: Refactor LabelledBarrierGuard
 2019-05-23 12:26:35 +01:00
Asger F 6bb011a4cc JS: Stop using data/taint as flow labels in TaintedPath 2019-05-23 10:16:41 +01:00
Asger F 0823f6c935 JS: fix use of dataOrTaint() 2019-05-23 10:16:41 +01:00
Asger F 37fa2446d4 JS: review comments 2019-05-23 10:16:31 +01:00
Asger F 07d508d1bf JS: Track taint through .replace() 2019-05-23 09:23:48 +01:00
Asger F 1ec3475457 JS: All of TaintedPath 2019-05-23 09:23:47 +01:00
semmle-qlci fac620d6f3
Merge pull request #1357 from asger-semmle/jump-to-namespace 
Approved by xiemaisi
 2019-05-23 09:00:24 +01:00
Asger F 9046fd15f7 JS: Update expected output of XSS query (benign) 2019-05-23 08:56:01 +01:00
Asger F 2fc0ab5595 JS: Stop using the AST-based isDocumentURL internally 2019-05-23 08:55:21 +01:00
Asger F 8b7dbf8b0f JS: Align DOM::locationRef with isDocumentURL 2019-05-23 08:45:08 +01:00
Asger F 8590042a7e JS: customizable window, document, DOM value 2019-05-22 15:49:56 +01:00
Asger F 153e778f7f JS: Remove jump-to-namespace 2019-05-22 14:42:48 +01:00
Asger F deb217326d JS: Update our own queries 2019-05-22 13:13:08 +01:00
Asger F 61ef73b0f7 JS: Add change note and deprecation member 2019-05-22 12:23:29 +01:00
Asger F 6246eb2fe3 JS: Refactor LabeledSantizerGuard 2019-05-22 12:08:03 +01:00
semmle-qlci dc8123db8e
Merge pull request #1355 from xiemaisi/js/data-flow-api-fiddling 
Approved by asger-semmle
 2019-05-22 10:40:32 +01:00
semmle-qlci c100c70a65
Merge pull request #1348 from xiemaisi/js/add-external-link-cwe 
Approved by esben-semmle
 2019-05-22 08:12:51 +01:00
semmle-qlci 114ba0e722
Merge pull request #1349 from EdoDodo/js-performance 
Approved by xiemaisi
 2019-05-21 17:50:01 +01:00
Asger F 180b5443ba JS: Update output of incomplete.ql 2019-05-21 17:02:43 +01:00
Asger F de2f323172 JS: Mark unused parameter nodes as incomplete 2019-05-21 16:53:39 +01:00
Asger F 69dbbcf1c8 JS: Mark destructuring nodes as incomplete 2019-05-21 16:52:35 +01:00
Asger F faa47029d5 JS: Mark exceptional nodes as incomplete 2019-05-21 13:51:59 +01:00
Asger F 68ae409947 JS: Test for mismatch between taint and type inference 2019-05-21 13:26:02 +01:00
Edoardo Pirovano 9d2580f778 JS: Fix performance regression of query. 2019-05-21 12:26:11 +01:00
semmle-qlci 8cd3cb501a
Merge pull request #1346 from xiemaisi/js/revert-1078 
Approved by esben-semmle
 2019-05-21 12:19:57 +01:00
Max Schaefer cf22761ccc JavaScript: Add CWE-1022 to TargetBlank. 2019-05-21 12:16:32 +01:00
semmle-qlci fe920ecfaa
Merge pull request #1331 from asger-semmle/destructuring-assignment-fix 
Approved by xiemaisi
 2019-05-21 11:32:36 +01:00
semmle-qlci 2b5b8751ea
Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps 
Approved by esben-semmle, xiemaisi
 2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen 3af3c5413b
Merge pull request #1318 from asger-semmle/prototype-pollution-query2 
Move prototype pollution query into suite
 2019-05-21 12:23:41 +02:00
Max Schaefer 924664afcf JavaScript: Manually revert #1078. 
In its present form, `getAnUndefinedReturn` does not handle `finally`
blocks correctly. For example, in this snippet

```
try {
  return 42;
} finally {
  cleanup();
}
```

the call to `cleanup` is erroneously considered an undefined return.

We currently don't use the predicate anywhere, so it seems best to back
it out for the time being.
 2019-05-21 08:26:58 +01:00
semmle-qlci 56ab013114
Merge pull request #1340 from xiemaisi/js/es2019 
Approved by asger-semmle
 2019-05-20 16:47:09 +01:00
Asger F ba69e19e95 JS: Address doc review 2019-05-20 16:46:27 +01:00
Max Schaefer 7b7f92c19e JavaScript: Introduce `SSA::definition` and `SSA::variable`. 2019-05-20 16:22:01 +01:00
Max Schaefer fb744a6c53 JavaScript: Introduce `Parameter.getVariable()`. 2019-05-20 16:01:12 +01:00
Max Schaefer 2cb33f6088 JavaScript: Introduce `DataFlow::ExprNode` and `exprNode` for consistency with other languages. 2019-05-20 15:55:03 +01:00
Esben Sparre Andreasen c651e3a155 JS: Add queries to the manual suite for LGTM constistency 2019-05-20 12:32:11 +02:00
Asger F d4880540e8 JS: Update .expected after rebasing 2019-05-20 11:21:50 +01:00
Asger F 9989fcee21 JS: Add DataFlow::Configuration test 2019-05-20 09:22:02 +01:00
Asger F 87e0831872 JS: Fix flow for nested destructurings 2019-05-20 09:22:02 +01:00
Esben Sparre Andreasen 8256f2e736
Merge pull request #1308 from asger-semmle/exceptional-flow 
JS: Add flow through exceptions
 2019-05-17 08:33:44 +02:00
Asger F 65cbd47a2d
Merge pull request #1314 from xiemaisi/js/fix-hardcoded-pw-fps 
JavaScript: Further broaden the whitelist in `PasswordInConfigurationFile`.
 2019-05-16 14:42:09 +01:00
Asger F 9293010e4c JS: Fix some FPs in IncorrectSuffixCheck 2019-05-16 10:56:17 +01:00
Asger F 8fe2319a23 JS: Fix lurking cartesian product in Express 2019-05-15 18:07:24 +01:00
Asger F 682f2790cd JS: Address comments 2019-05-15 10:09:56 +01:00
Asger F 778244878a JS: Normalize whitespace 2019-05-14 10:31:28 +01:00
Asger F fd9765b99f JS: Add qhelp 2019-05-13 17:31:12 +01:00
Asger F 0c715f7540 JS: Lower precision to medium 2019-05-13 15:20:40 +01:00
Asger F aaf503837d JS: Move prototype pollution into real query 2019-05-13 15:20:25 +01:00
Asger F 4db7aa6ed2 JS: Relax type inference to account for overriding 2019-05-13 10:18:19 +01:00
Max Schaefer 9ec366cf88 JavaScript: Move support for optional catch to ES2019. 2019-05-10 08:27:25 +01:00
Max Schaefer d93d68d7f5 JavaScript: Add parser support for Unicode newlines in string literals. 2019-05-10 08:16:20 +01:00
Max Schaefer 86a7fa3abb JavaScript: Make extractor default to ECMA 2019. 
Also introduces an enum constant for ECMA 2020 (not used anywhere yet).
 2019-05-10 08:09:46 +01:00
Max Schaefer b478c0ddaa JavaScript: Further broaden the whitelist in `PasswordInConfigurationFile`. 2019-05-09 17:07:59 +01:00
semmle-qlci 9653fbd4f7
Merge pull request #1311 from emarteca/unreachableThrows 
Approved by xiemaisi
 2019-05-09 10:37:41 +01:00
Ellen Arteca a12d12d59a JavaScript: Update UnreachableStmt query so unreachable throws no longer gives an alert 2019-05-08 16:25:54 +01:00
Asger F 27e8ea85f7 JS: Fix bug from sorting lines 2019-05-08 10:42:14 +01:00
Max Schaefer c16e9a77f3 JavaScript: Fix a few false positives in `PasswordInConfigurationFile`. 2019-05-08 08:26:05 +01:00
Asger F 86885f4ff0 JS: Address comments 2019-05-07 18:00:36 +01:00
Asger F 7c9d20ae81 JS: Implement for TrackedNode to maintain consistency 2019-05-07 17:38:43 +01:00
Asger F a3cf07af7e JS: Add flow steps through iteration callback 2019-05-07 13:52:31 +01:00
Asger F e7bf485807 JS: Add another interprocedural flow test case 2019-05-07 10:33:01 +01:00
Asger F 3cbd6d3786 JS: Test case for nested statements 2019-05-07 10:26:30 +01:00
Asger F f3a4acf0b2 JS: Add async functions to test 2019-05-07 10:11:42 +01:00
Asger F 1f897b4b63 JS: step through Error constructor and accept the potential FP 2019-05-07 10:11:41 +01:00
Asger F b0090c2fe6 JS: Add test case for flow through new Error() 2019-05-07 10:11:41 +01:00
Asger F 36cefd8fc6 JS: Track taint through exceptions 2019-05-07 10:11:41 +01:00
Max Schaefer e0e6224987
Merge pull request #1298 from asger-semmle/full-mode-fixes-rc120 
TS: Backport full-mode fixes to rc/1.20
 2019-05-03 13:57:47 +01:00
Asger F 5ed3c50dbe TS: Workaround issue with `infer` types 2019-05-02 13:28:30 +01:00
Asger F c7300fa197 TS: Add workaround for 'globalThis' getProperties() crash 2019-05-02 13:28:30 +01:00
Asger F 9934996f9b TS: Fix handling of 'export =' 2019-05-02 13:07:29 +01:00
Asger F 15299aba7d TS: Workaround issue with `infer` types 2019-04-30 16:07:45 +01:00
Asger F 5c8dd7eedd TS: Add workaround for 'globalThis' getProperties() crash 2019-04-30 12:44:58 +01:00
Asger F 686d72c356 TS: Fix handling of 'export =' 2019-04-30 12:41:59 +01:00
Asger F 11c07a3217 TS: Update to TypeScript 3.4.5 2019-04-30 12:41:59 +01:00
semmle-qlci 3f70d91a11
Merge pull request #1288 from xiemaisi/js/fix-end-node-labels 
Approved by asger-semmle
 2019-04-30 07:32:29 +01:00
Max Schaefer 7ca5cc22d8
Merge pull request #1257 from asger-semmle/jsdoc 
JS: Add common interface between TypeExpr and JSDocTypeExpr
 2019-04-29 16:20:17 +01:00
Max Schaefer 8a34ea8b71
Merge pull request #1284 from esben-semmle/js/fix-azure-performance 
JS: fix azure performance
 2019-04-29 13:15:16 +01:00
semmle-qlci 52d6626547
Merge pull request #1242 from esben-semmle/js/whitelist-trailing-newline-removal 
Approved by xiemaisi
 2019-04-29 07:35:15 +01:00
Asger F 3e7bac465b JS: fix join ordering in SimpleParameter.getJSDocTag 2019-04-26 16:56:04 +01:00