github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
6 561 коммит 1 544 Ветки 131 Тег 485 MiB
Граф коммитов

1955 Коммитов

Автор SHA1 Сообщение Дата
Asger F 408fd3e106 JS: Augment call graph using type-tracked class instances 2019-07-02 10:09:06 +01:00
Asger F 779d98a143 JS: Prevent bad join in hasOwnProperty 2019-07-02 10:09:05 +01:00
Max Schaefer bfb236f56d JavaScript: Add more default source nodes. 
In particular, `await`, `yield` and dynamic `import` expressions are now source nodes, as well as a few other experimental and legacy language features involving non-local flow.
 2019-07-02 08:10:28 +01:00
semmle-qlci 71c86fa69b
Merge pull request #1527 from esben-semmle/js/classify-more-generated-and-tests 
Approved by asger-semmle
 2019-07-02 07:38:10 +01:00
semmle-qlci 26fd1b91cf
Merge pull request #1485 from esben-semmle/js/fix-yaml-strings 
Approved by xiemaisi
 2019-07-02 07:00:43 +01:00
semmle-qlci b0b152aaaa
Merge pull request #1529 from xiemaisi/js/getter-summaries 
Approved by asger-semmle
 2019-07-02 06:16:34 +01:00
Max Schaefer 7f95c20345 JavaScript: Add support for tracking flow into receivers of reflective calls. 2019-07-01 17:54:43 +01:00
semmle-qlci 3b126d9c4e
Merge pull request #1488 from asger-semmle/call-graph-metric 
Approved by xiemaisi
 2019-07-01 16:09:34 +01:00
Max Schaefer 895055f30e JavaScript: Avoid unhelpful magic. 
The constraint `exists(callback.getParameter(i))` was getting pushed into `higherOrderCall`, which isn't a bad thing to do. However, this then led to a join on `i`, which is a very bad thing to do.
 2019-07-01 15:45:57 +01:00
Max Schaefer b5b89c0eac JavaScript: Track flow into method receivers. 2019-07-01 15:45:57 +01:00
Esben Sparre Andreasen 062778bdd8 JS: heuristically recognize x.spec.y and x.test.y as test files 2019-07-01 15:49:17 +02:00
Esben Sparre Andreasen 7cab308205 fixup! JS: classify numeric file names as generated 2019-07-01 15:49:03 +02:00
Asger F 0c04580b5e JS: fix typo in doc 2019-07-01 13:25:55 +01:00
Asger F ff4d6ece80 JS: Rename metrics to ResolvableCallX 2019-07-01 12:34:48 +01:00
Asger F 16e6dd12d0 JS: Address review comments part 1 2019-07-01 12:30:51 +01:00
Esben Sparre Andreasen 41e568d1f7 JS: classify files with many short variables as minified 2019-07-01 13:25:07 +02:00
Asger F 2ab72c4eef JS: Support line breaks in types 2019-07-01 11:46:30 +01:00
Asger F 625cdb8765 JS: Update test output 2019-07-01 11:29:55 +01:00
Asger F 4f05eab3fd JS: Make docs match reality 2019-07-01 11:29:55 +01:00
Asger F 2822e493ae JS: Switch to absolute offsets 2019-07-01 11:29:55 +01:00
Asger F d6ba1ffa8a JS: Some loc() fixes 2019-07-01 11:29:55 +01:00
Asger F fd0791bd8c JS: Parse types from original source string 2019-07-01 11:29:55 +01:00
Asger F a3c7b631f4 JS: Extract type source text with substring 2019-07-01 11:29:55 +01:00
Asger F edd96b056e JS: Remove redundant source field 2019-07-01 11:29:55 +01:00
Asger F 9403834af5 JS: Include leading star in parsed source 2019-07-01 11:29:55 +01:00
Asger F 9b4bdaecce JS: Remove unneeded replace call 2019-07-01 11:29:55 +01:00
Esben Sparre Andreasen 2eb7e4a818 JS: classify `x.test.js` files with `test(...)` calls as jest tests 2019-07-01 10:28:10 +02:00
Esben Sparre Andreasen 5ebcef41fa JS: classify numeric file names as generated 2019-07-01 10:25:38 +02:00
Asger F aff90b1082 TS: Add a missing semicolon 2019-06-28 10:53:33 +01:00
Asger F f5569b8b58 TS: Avoid infinite recursion in stringifyType 2019-06-28 10:53:33 +01:00
Max Schaefer 3c3422e221 JavaScript: Refactor unpromoted-candidate queries to no longer rely on tracked nodes. 2019-06-28 10:25:23 +01:00
Max Schaefer ff62c56df1 JavaScript: Replace remaining uses of `TrackedExpr` with type tracking. 2019-06-28 09:21:41 +01:00
Max Schaefer b3e8103dce JavaScript: Track flow through property getter functions. 2019-06-28 08:51:27 +01:00
Max Schaefer 1c175cbe71 JavaScript: Rename `loadStep` to `basicLoadStep`. 2019-06-28 08:51:27 +01:00
semmle-qlci c4cb75eff5
Merge pull request #1508 from xiemaisi/js/fix-MessageEvent-externs 
Approved by asger-semmle
 2019-06-27 14:32:21 +01:00
Asger F 8f4228b7c3 JS: Ignore RemoteFlowSource case due to bad join ordering 2019-06-27 12:23:07 +01:00
semmle-qlci 44bd540c44
Merge pull request #1495 from asger-semmle/array-taint-step 
Approved by xiemaisi
 2019-06-27 12:16:17 +01:00
Max Schaefer 7565eb263e JavaScript: Update externs for `MessageEvent`. 2019-06-26 19:12:05 -07:00
semmle-qlci 1a9f3624c2
Merge pull request #1504 from xiemaisi/js/shift-bigint 
Approved by asger-semmle
 2019-06-26 18:30:48 +01:00
Max Schaefer e35fde322b JavaScript: Teach `ShiftOutOfRange` about BigInt. 2019-06-26 09:16:34 -07:00
Asger F 102fd11e8d JS: Change to queries of @kind metric 2019-06-25 22:12:11 +01:00
Asger F 57dac1d0d5 JS: Update test output to reflect new edge relation 2019-06-25 16:41:29 +01:00
Asger F aa4d28028e JS: Add test 2019-06-25 14:15:06 +01:00
Asger F 71100bb68a JS: Do not require predecessor to be a SourceNode 2019-06-25 14:03:57 +01:00
Chris Gavin bce153648e JavaScript: Update link to the OWASP XSS prevetion cheat sheet. 2019-06-24 23:21:14 +01:00
Esben Sparre Andreasen 4f9a7d0b71 JS: updated expected output for different SnakeYaml version 2019-06-24 09:24:12 +02:00
Asger F 207ed1e14a JS: Add query for measuring call graph quality 2019-06-24 01:01:13 +01:00
Max Schaefer a417884173 JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-23 21:56:02 +02:00
Esben Sparre Andreasen 6885b5cf1f JS: fix yaml StringIndexOutOfBoundsException 2019-06-21 15:18:56 +02:00
semmle-qlci 59dd3b2fb7
Merge pull request #1477 from asger-semmle/ts-debug-failure-in-tsconfig 
Approved by xiemaisi
 2019-06-21 12:45:13 +01:00
semmle-qlci 4d779026d2
Merge pull request #1479 from xiemaisi/js/remove-circularity 
Approved by asger-semmle
 2019-06-21 09:03:13 +01:00
Max Schaefer 4370f25b32 JavaScript: Remove dependency of module import on `globalVarRef`. 2019-06-20 21:08:34 +01:00
Max Schaefer 544a55dd0e JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-20 17:04:47 +01:00
Ellen Arteca 99c32f08fb JavaScript: Recognize imports from TypeScript type annotations 2019-06-20 10:45:30 +01:00
Asger F 52f31dcb07 TS: Rely on ts.sys.readFile for decoding 2019-06-19 11:57:22 +01:00
Mark Shannon 77030c4dde Merge branch 'rc/1.21' into 'master' 2019-06-13 12:32:45 +01:00
semmle-qlci 8a43fdc806
Merge pull request #1448 from xiemaisi/js/fix-access-paths-perf-regression 
Approved by esben-semmle
 2019-06-13 10:13:27 +01:00
semmle-qlci bffc3307b5
Merge pull request #1450 from esben-semmle/js/classify-json-js-as-generated 
Approved by xiemaisi
 2019-06-13 09:45:37 +01:00
semmle-qlci 7332446ee1
Merge pull request #1444 from esben-semmle/js/express-node-inheritance 
Approved by xiemaisi
 2019-06-12 21:43:44 +01:00
semmle-qlci 913544600a
Merge pull request #1449 from xiemaisi/js/fix-http-response-sink-perf-regression 
Approved by esben-semmle
 2019-06-12 21:36:23 +01:00
Max Schaefer 60964efce5 JavaScript: Avoid bad context pushing in `ReflectedXss::HttpResponseSink`. 2019-06-12 16:20:35 +01:00
Esben Sparre Andreasen 3f11ae7eaa Merge remote-tracking branch 'rc/1.21' into master 2019-06-12 12:57:55 +02:00
Esben Sparre Andreasen 6e022f66c4 JS: formatting of Express and NodeJSLib.qll 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen 59b7b0757a JS: make Express' res/req extend Node's res/req 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen 29f9103b39 JS: classify single-line JSON files as generated 2019-06-12 09:05:12 +02:00
semmle-qlci 7790ac45bd
Merge pull request #1409 from esben-semmle/js/more-command-injection 
Approved by xiemaisi
 2019-06-11 11:59:18 +01:00
Max Schaefer 70cf32c889 JavaScript: Add a few more tests. 2019-06-11 08:44:14 +01:00
Esben Sparre Andreasen 299d4c6e93 JS: add additional SystemCommandExecutors 2019-06-11 09:38:10 +02:00
Max Schaefer b32a037ff2 JavaScript: Refactor a few access path computation predicates. 2019-06-10 11:15:52 +01:00
Max Schaefer 398ee0c133 JavaScript: Add tests for data-flow tutorial. 2019-06-07 14:33:26 +01:00
Max Schaefer 16c33b54b6 JavaScript: Recognise references to the `process` global. 2019-06-06 11:48:18 +01:00
Max Schaefer d233cea79d JavaScript: Lower precision of `PasswordInConfigurationFile`. 
In spite of recent improvements, this query is still too noisy to show
by default.
 2019-06-05 08:09:19 +01:00
Max Schaefer d723ab76d8 JavaScript: Fix `getDelimiterMatchingRegexp` to work on multi-line strings. 2019-06-05 08:09:19 +01:00
Max Schaefer a4876270ec JavaScript: Tweak `PasswordInConfigurationFile` alerts. 
Only highlight first line, and include the password in the alert
message.
 2019-06-05 08:09:19 +01:00
Max Schaefer c09b859aa7 JavaScript: Add three missing `@metricType` annotations. 2019-06-04 17:17:14 +01:00
semmle-qlci 1fa975b4c9
Merge pull request #1393 from xiemaisi/js/concretify 
Approved by esben-semmle
 2019-06-04 11:34:47 +01:00
semmle-qlci 80ff63a3bb
Merge pull request #1387 from esben-semmle/js/unanchored-url-regex 
Approved by mc-semmle, xiemaisi
 2019-06-03 17:27:08 +01:00
Esben Sparre Andreasen 04868e5b97 JS: format qhelp examples 2019-06-03 17:05:19 +02:00
Esben Sparre Andreasen 9e0a97e82f JS: address qhelp review comments 2019-06-03 16:39:39 +02:00
Esben Sparre Andreasen bf51c54338 JS: add `RegExpPatternSource::getAParse` to hide the subclasses 2019-06-03 14:23:22 +02:00
Esben Sparre Andreasen 7b652214c5 JS: address docstring comments 2019-06-03 13:59:39 +02:00
Max Schaefer d8a101df6d JavaScript: Shrink `Configurations.qll` some more. 2019-06-03 10:32:25 +01:00
Esben Sparre Andreasen 14644270ac JS: fix comment typo 2019-06-03 08:32:35 +02:00
Esben Sparre Andreasen 7018a38691 JS: improve tests and regexp for js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen 3289c629f7 JS: address minor review comments 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen 0fa73b8331 JS: add query js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen 69db54a03a JS: add anchors to js/incomplete-hostname-regexp examples 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen 3358e49698 JS: refactor the predicate `RegExp::regexp` to three classes. 
This preserves the ad hoc message formatting in IncompleteHostnameRegExp.ql
 2019-06-03 08:27:49 +02:00
Esben Sparre Andreasen 98ae2597bb JS: refactor `IncompleteHostnameRegExp::regexp` to RegExp.qll 2019-06-03 08:27:49 +02:00
Max Schaefer c560096b17 JavaScript: Make `Script` and `CodeInAttribute` concrete. 2019-05-31 12:04:14 +01:00
Max Schaefer 74688bb600
Merge pull request #1341 from esben-semmle/js/sync-suites 
JS: Add queries to the manual suite for LGTM constistency
 2019-05-31 08:18:08 +01:00
Max Schaefer 3097037a6f
Merge pull request #1290 from esben-semmle/js/semver-lib 
JS: add SemVer library
 2019-05-31 08:09:24 +01:00
semmle-qlci 0fa06e5c8d
Merge pull request #1180 from asger-semmle/tainted-path-squashed 
Approved by xiemaisi
 2019-05-30 17:20:19 +01:00
Max Schaefer 3c8aea26da JavaScript: Update expected test output. 2019-05-30 15:05:43 +01:00
Max Schaefer 5ac408d641 JavaScript: Remove a few more configurations from AllConfigurations.qll. 
This works around BDD node exhaustion we get due to the complex type
hierarchy caused by importing many configurations at once. I've also
renamed the library accordingly.
 2019-05-30 13:13:16 +01:00
Asger F 72c0925967 TS: Bump to TypeScript 3.5.1 2019-05-30 11:40:25 +01:00
Max Schaefer 38a38ab780 JavaScript: Make autobuilder fail if no JS/TS code was seen. 
In particular, the autobuilder will no longer succeed for projects that
contain HTML or YAML files but no JS/TS code. Further down the line,
this prevents LGTM.com from classifying such projects as "JavaScript"
projects.
 2019-05-28 14:43:59 +01:00
semmle-qlci 9fb61d5f26
Merge pull request #1371 from xiemaisi/js/index-xml 
Approved by asger-semmle
 2019-05-28 14:30:43 +01:00
semmle-qlci ead59baa0e
Merge pull request #1369 from xiemaisi/js/fix-autobuild-test 
Approved by asger-semmle
 2019-05-28 12:27:17 +01:00
semmle-qlci bd15994bb4
Merge pull request #1367 from xiemaisi/js/configuration-api-consistency 
Approved by esben-semmle
 2019-05-28 12:26:58 +01:00
Asger F ef1ad0d3b7 JS: Summary expected output (not taint-tracking config anymore) 2019-05-28 12:05:51 +01:00
Asger F 9f43844f1e JS: Remove obsolete code 2019-05-28 11:54:57 +01:00
Asger F 8d60ae7200 JS: Avoid unnecessary casts 2019-05-28 11:54:42 +01:00
Asger F 9f1617a6a8 JS: Update TaintedPath.expected (4x paths) 2019-05-28 11:22:08 +01:00
Asger F 6617747185 JS: Update DataFlowTracking output for booleanOps.js 2019-05-28 11:19:23 +01:00
Max Schaefer 7f8f126338 JavaScript: Add support for XML extraction. 2019-05-28 09:44:24 +01:00
Max Schaefer 4992970181 JavaScript: Fix an auto-build test. 2019-05-28 09:44:24 +01:00
Max Schaefer 86e96c6dc3 JavaScript: Introduce `is{Barrier,Sanitizer}Edge` predicate. 
This name is more intuitive than the previous binary
`is{Barrier,Sanitizer}` predicates, and is consistent with the other
languages.
 2019-05-28 08:08:14 +01:00
Max Schaefer d9b3e461ba
Merge pull request #1351 from asger-semmle/js-incomplete-nodes 
JS: Mark some more nodes as incomplete
 2019-05-28 07:59:23 +01:00
Max Schaefer bad5465aad
Merge pull request #1360 from asger-semmle/customize-window-document 
JS: Make some DOM concepts customizable
 2019-05-28 07:58:44 +01:00
Esben Sparre Andreasen fd4c749e27 JS: change FrameworkLibraryInstance Script/TopLevel inheritance 
This is theoretically a breaking change, but it preserves the
semantics of all queries in this repository, as far as I can see.
 2019-05-28 08:31:23 +02:00
Esben Sparre Andreasen 1b1e9ed51a JS: cache matchMarkerComment 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen 189ac6c2bd JS: add js/prototype-pollution to the security suite 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen eb13ab52cf JS: sharpen js/prototype-pollution with version analysis 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen c143e31fb5 JS: rename getDefaultNode to getImportedModuleNode 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen 0660db37f6 JS: introduce SemVer matching library 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen 7d57d1915a JS: introduce `DataFlow::DependencyModuleImport` 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen 1cea29d89f JS: improve prototype pollution tests 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen af3f0b1d04 JS: add test for missing support for package-lock.json 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen ef6f4c7a5e JS: update docstring 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen f74653be46 JS: extract `getDefaultNode` from `DefaultRange` 2019-05-27 22:32:32 +02:00
Max Schaefer 1bf7bcf010
Merge pull request #1356 from asger-semmle/tainted-path-cherry-picked 
JS: Refactor LabelledBarrierGuard
 2019-05-23 12:26:35 +01:00
Asger F 6bb011a4cc JS: Stop using data/taint as flow labels in TaintedPath 2019-05-23 10:16:41 +01:00
Asger F 0823f6c935 JS: fix use of dataOrTaint() 2019-05-23 10:16:41 +01:00
Asger F 37fa2446d4 JS: review comments 2019-05-23 10:16:31 +01:00
Asger F 07d508d1bf JS: Track taint through .replace() 2019-05-23 09:23:48 +01:00
Asger F 1ec3475457 JS: All of TaintedPath 2019-05-23 09:23:47 +01:00
semmle-qlci fac620d6f3
Merge pull request #1357 from asger-semmle/jump-to-namespace 
Approved by xiemaisi
 2019-05-23 09:00:24 +01:00
Asger F 9046fd15f7 JS: Update expected output of XSS query (benign) 2019-05-23 08:56:01 +01:00
Asger F 2fc0ab5595 JS: Stop using the AST-based isDocumentURL internally 2019-05-23 08:55:21 +01:00
Asger F 8b7dbf8b0f JS: Align DOM::locationRef with isDocumentURL 2019-05-23 08:45:08 +01:00
Asger F 8590042a7e JS: customizable window, document, DOM value 2019-05-22 15:49:56 +01:00
Asger F 153e778f7f JS: Remove jump-to-namespace 2019-05-22 14:42:48 +01:00
Asger F deb217326d JS: Update our own queries 2019-05-22 13:13:08 +01:00
Asger F 61ef73b0f7 JS: Add change note and deprecation member 2019-05-22 12:23:29 +01:00
Asger F 6246eb2fe3 JS: Refactor LabeledSantizerGuard 2019-05-22 12:08:03 +01:00
semmle-qlci dc8123db8e
Merge pull request #1355 from xiemaisi/js/data-flow-api-fiddling 
Approved by asger-semmle
 2019-05-22 10:40:32 +01:00
semmle-qlci c100c70a65
Merge pull request #1348 from xiemaisi/js/add-external-link-cwe 
Approved by esben-semmle
 2019-05-22 08:12:51 +01:00
semmle-qlci 114ba0e722
Merge pull request #1349 from EdoDodo/js-performance 
Approved by xiemaisi
 2019-05-21 17:50:01 +01:00
Asger F 180b5443ba JS: Update output of incomplete.ql 2019-05-21 17:02:43 +01:00
Asger F de2f323172 JS: Mark unused parameter nodes as incomplete 2019-05-21 16:53:39 +01:00
Asger F 69dbbcf1c8 JS: Mark destructuring nodes as incomplete 2019-05-21 16:52:35 +01:00
Asger F faa47029d5 JS: Mark exceptional nodes as incomplete 2019-05-21 13:51:59 +01:00
Asger F 68ae409947 JS: Test for mismatch between taint and type inference 2019-05-21 13:26:02 +01:00
Edoardo Pirovano 9d2580f778 JS: Fix performance regression of query. 2019-05-21 12:26:11 +01:00
semmle-qlci 8cd3cb501a
Merge pull request #1346 from xiemaisi/js/revert-1078 
Approved by esben-semmle
 2019-05-21 12:19:57 +01:00
Max Schaefer cf22761ccc JavaScript: Add CWE-1022 to TargetBlank. 2019-05-21 12:16:32 +01:00
semmle-qlci fe920ecfaa
Merge pull request #1331 from asger-semmle/destructuring-assignment-fix 
Approved by xiemaisi
 2019-05-21 11:32:36 +01:00
semmle-qlci 2b5b8751ea
Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps 
Approved by esben-semmle, xiemaisi
 2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen 3af3c5413b
Merge pull request #1318 from asger-semmle/prototype-pollution-query2 
Move prototype pollution query into suite
 2019-05-21 12:23:41 +02:00
Max Schaefer 924664afcf JavaScript: Manually revert #1078. 
In its present form, `getAnUndefinedReturn` does not handle `finally`
blocks correctly. For example, in this snippet

```
try {
  return 42;
} finally {
  cleanup();
}
```

the call to `cleanup` is erroneously considered an undefined return.

We currently don't use the predicate anywhere, so it seems best to back
it out for the time being.
 2019-05-21 08:26:58 +01:00
semmle-qlci 56ab013114
Merge pull request #1340 from xiemaisi/js/es2019 
Approved by asger-semmle
 2019-05-20 16:47:09 +01:00
Asger F ba69e19e95 JS: Address doc review 2019-05-20 16:46:27 +01:00
Max Schaefer 7b7f92c19e JavaScript: Introduce `SSA::definition` and `SSA::variable`. 2019-05-20 16:22:01 +01:00
Max Schaefer fb744a6c53 JavaScript: Introduce `Parameter.getVariable()`. 2019-05-20 16:01:12 +01:00
Max Schaefer 2cb33f6088 JavaScript: Introduce `DataFlow::ExprNode` and `exprNode` for consistency with other languages. 2019-05-20 15:55:03 +01:00
Esben Sparre Andreasen c651e3a155 JS: Add queries to the manual suite for LGTM constistency 2019-05-20 12:32:11 +02:00
Asger F d4880540e8 JS: Update .expected after rebasing 2019-05-20 11:21:50 +01:00
Asger F 9989fcee21 JS: Add DataFlow::Configuration test 2019-05-20 09:22:02 +01:00
Asger F 87e0831872 JS: Fix flow for nested destructurings 2019-05-20 09:22:02 +01:00
Esben Sparre Andreasen 8256f2e736
Merge pull request #1308 from asger-semmle/exceptional-flow 
JS: Add flow through exceptions
 2019-05-17 08:33:44 +02:00
Asger F 65cbd47a2d
Merge pull request #1314 from xiemaisi/js/fix-hardcoded-pw-fps 
JavaScript: Further broaden the whitelist in `PasswordInConfigurationFile`.
 2019-05-16 14:42:09 +01:00
Asger F 9293010e4c JS: Fix some FPs in IncorrectSuffixCheck 2019-05-16 10:56:17 +01:00
Asger F 8fe2319a23 JS: Fix lurking cartesian product in Express 2019-05-15 18:07:24 +01:00
Asger F 682f2790cd JS: Address comments 2019-05-15 10:09:56 +01:00
Asger F 778244878a JS: Normalize whitespace 2019-05-14 10:31:28 +01:00
Asger F fd9765b99f JS: Add qhelp 2019-05-13 17:31:12 +01:00
Asger F 0c715f7540 JS: Lower precision to medium 2019-05-13 15:20:40 +01:00
Asger F aaf503837d JS: Move prototype pollution into real query 2019-05-13 15:20:25 +01:00
Asger F 4db7aa6ed2 JS: Relax type inference to account for overriding 2019-05-13 10:18:19 +01:00
Max Schaefer 9ec366cf88 JavaScript: Move support for optional catch to ES2019. 2019-05-10 08:27:25 +01:00
Max Schaefer d93d68d7f5 JavaScript: Add parser support for Unicode newlines in string literals. 2019-05-10 08:16:20 +01:00
Max Schaefer 86a7fa3abb JavaScript: Make extractor default to ECMA 2019. 
Also introduces an enum constant for ECMA 2020 (not used anywhere yet).
 2019-05-10 08:09:46 +01:00
Max Schaefer b478c0ddaa JavaScript: Further broaden the whitelist in `PasswordInConfigurationFile`. 2019-05-09 17:07:59 +01:00
semmle-qlci 9653fbd4f7
Merge pull request #1311 from emarteca/unreachableThrows 
Approved by xiemaisi
 2019-05-09 10:37:41 +01:00
Ellen Arteca a12d12d59a JavaScript: Update UnreachableStmt query so unreachable throws no longer gives an alert 2019-05-08 16:25:54 +01:00
Asger F 27e8ea85f7 JS: Fix bug from sorting lines 2019-05-08 10:42:14 +01:00
Max Schaefer c16e9a77f3 JavaScript: Fix a few false positives in `PasswordInConfigurationFile`. 2019-05-08 08:26:05 +01:00
Asger F 86885f4ff0 JS: Address comments 2019-05-07 18:00:36 +01:00
Asger F 7c9d20ae81 JS: Implement for TrackedNode to maintain consistency 2019-05-07 17:38:43 +01:00
Asger F a3cf07af7e JS: Add flow steps through iteration callback 2019-05-07 13:52:31 +01:00
Asger F e7bf485807 JS: Add another interprocedural flow test case 2019-05-07 10:33:01 +01:00
Asger F 3cbd6d3786 JS: Test case for nested statements 2019-05-07 10:26:30 +01:00
Asger F f3a4acf0b2 JS: Add async functions to test 2019-05-07 10:11:42 +01:00
Asger F 1f897b4b63 JS: step through Error constructor and accept the potential FP 2019-05-07 10:11:41 +01:00
Asger F b0090c2fe6 JS: Add test case for flow through new Error() 2019-05-07 10:11:41 +01:00
Asger F 36cefd8fc6 JS: Track taint through exceptions 2019-05-07 10:11:41 +01:00
Max Schaefer e0e6224987
Merge pull request #1298 from asger-semmle/full-mode-fixes-rc120 
TS: Backport full-mode fixes to rc/1.20
 2019-05-03 13:57:47 +01:00
Asger F 5ed3c50dbe TS: Workaround issue with `infer` types 2019-05-02 13:28:30 +01:00
Asger F c7300fa197 TS: Add workaround for 'globalThis' getProperties() crash 2019-05-02 13:28:30 +01:00
Asger F 9934996f9b TS: Fix handling of 'export =' 2019-05-02 13:07:29 +01:00
Asger F 15299aba7d TS: Workaround issue with `infer` types 2019-04-30 16:07:45 +01:00
Asger F 5c8dd7eedd TS: Add workaround for 'globalThis' getProperties() crash 2019-04-30 12:44:58 +01:00
Asger F 686d72c356 TS: Fix handling of 'export =' 2019-04-30 12:41:59 +01:00
Asger F 11c07a3217 TS: Update to TypeScript 3.4.5 2019-04-30 12:41:59 +01:00
semmle-qlci 3f70d91a11
Merge pull request #1288 from xiemaisi/js/fix-end-node-labels 
Approved by asger-semmle
 2019-04-30 07:32:29 +01:00
Max Schaefer 7ca5cc22d8
Merge pull request #1257 from asger-semmle/jsdoc 
JS: Add common interface between TypeExpr and JSDocTypeExpr
 2019-04-29 16:20:17 +01:00
Max Schaefer 8a34ea8b71
Merge pull request #1284 from esben-semmle/js/fix-azure-performance 
JS: fix azure performance
 2019-04-29 13:15:16 +01:00
semmle-qlci 52d6626547
Merge pull request #1242 from esben-semmle/js/whitelist-trailing-newline-removal 
Approved by xiemaisi
 2019-04-29 07:35:15 +01:00
Asger F 3e7bac465b JS: fix join ordering in SimpleParameter.getJSDocTag 2019-04-26 16:56:04 +01:00
Asger F db3060d336 JS: Add missing override 2019-04-26 16:56:04 +01:00
Asger F a17756c3d5 JS: Fix formatting 2019-04-26 16:56:04 +01:00
Asger F 2f98acaf6e JS: upgrade script 2019-04-26 16:56:04 +01:00
Asger F f99db08542 JS: Update trap files 2019-04-26 16:56:04 +01:00
Asger F 9086dfdc6f JS: TypeAnnotation.getType() for backwards compatibility 2019-04-26 16:56:04 +01:00
Asger F e9fcb670ff JS: Provide source locations for JSDocTypeExpr 2019-04-26 16:56:04 +01:00
Asger F cf8c327a10 JS: make TypeAnnotation extend Locatable 2019-04-26 16:56:04 +01:00
Max Schaefer c44f99a204 Update javascript/ql/src/semmle/javascript/Variables.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-04-26 16:56:04 +01:00
Asger F 6eb8c692b1 JS: Add partial backwards compatibility with ASTNode 2019-04-26 16:56:04 +01:00
Asger F e295c3a224 JS: Add JSDoc test 2019-04-26 16:56:04 +01:00
Asger F 6b2b64cb2e JS: test case with unresolved types in TS 2019-04-26 16:56:04 +01:00
Asger F c9c9a32a37 JS: hasQualifiedName 2019-04-26 16:56:04 +01:00
Asger F 454fff1398 JS: Implement getAnUnderlyingType(). 2019-04-26 16:56:04 +01:00
Asger F 8458a64642 JS: implement isXXX methods in JSDocTypeExpr classes 2019-04-26 16:56:04 +01:00
Asger F c92a6b72b5 JS: Update getTypeAnnotation() to return TypeAnnotations 2019-04-26 16:56:04 +01:00
Asger F be5d90d4e7 JS: Make use of JSDocParamTag 2019-04-26 16:56:04 +01:00
Asger F 967752c6c1 JS: Add TypeAnnotations class 2019-04-26 16:56:04 +01:00
Max Schaefer e2666a9203
Update javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll 
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com>
 2019-04-26 11:58:40 +02:00
Esben Sparre Andreasen 27f88c38ac JS: help the optimizer with NPMPackage/File relations 2019-04-26 11:49:07 +02:00
semmle-qlci 3231b60e6b
Merge pull request #1272 from asger-semmle/access-path-capture 
Approved by xiemaisi
 2019-04-25 11:32:54 +01:00
Asger F 47ba7d3004
Merge pull request #1278 from xiemaisi/js/symbolic-constants 
JavaScript: Generalise `ConstantComparison` sanitisers.
 2019-04-25 11:17:22 +01:00
Max Schaefer a8470a984a JavaScript: Generalise `ConstantComparison` sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
semmle-qlci a504ad4261
Merge pull request #1270 from xiemaisi/odasa/7904 
Approved by esben-semmle
 2019-04-24 21:50:07 +01:00
Asger F a16753c125 JS: Add documentation 2019-04-24 10:12:55 +01:00
Aditya Sharad 4121e7245b TS extractor: Allow the Node.js runtime to be configured via environment variables. 
`SEMMLE_TYPESCRIPT_NODE_RUNTIME` can be used to provide the path to the Node.js runtime executable.
If this is omitted, the extractor defaults to the current behaviour of looking for `node` on the PATH.

`SEMMLE_TYPESCRIPT_NODE_RUNTIME_EXTRA_ARGS` can be used to provide additional arguments to the
Node.js runtime. These are passed first, before the arguments supplied by the extractor.

These changes are designed to allow TypeScript extraction in controlled customer environments where
we cannot control the PATH, or must use custom Node.js executables with certain arguments set.
 2019-04-23 15:04:14 -07:00
Max Schaefer 7faa4fd938 JavaScript: Add test case exposing two bugs in data flow library. 
This test case exposes two bugs in our data flow library (fixed by the
two previous commits):

  - the charpreds of `SourcePathNode` and `SinkPathNode` only ensured
    that they were on a path from a source to a sink, not that they
    actually were the source/sink themselves;
  - function summarization would allow for non-level paths; in the
    test case, this meant that one of the summaries for `source`
    represented the path returning from `source` on line 13 and then
    flowing back into the call on line 15, in the process transforming
    the parity of the flow label and hence causing a spurious flow.
 2019-04-23 13:16:30 +01:00
Max Schaefer 465be47574 JavaScript: Only follow level flow steps when summarising functions. 
It is not only wasteful to consider paths with unmatched calls/returns,
but also wrong; see test case in next commit.
 2019-04-23 13:16:30 +01:00
Max Schaefer 455dbccd05 JavaScript: Fix definitions of `SourcePathNode` and `SinkPathNode`. 
Their charpreds previously only ensured that they were on a path from a
source to a sink, not that they actually were the source and sink,
respectively. See two commits further for a test case.
 2019-04-23 13:15:47 +01:00
Asger F 08bc29cddb TS: fix analysis of export= statements 2019-04-23 13:09:40 +01:00
Esben Sparre Andreasen ac0913c878 JS: add newline removal whitelist for js/incomplete-sanitization 2019-04-23 08:38:23 +02:00
Esben Sparre Andreasen bdbd00e046 JS: add newline removal tests for js/incomplete-sanitization 2019-04-23 08:37:39 +02:00
Asger F f3c80c738e JS: Unify access paths for captured variables 2019-04-18 11:27:15 +01:00
Asger F e543097c45 JS: Add test 2019-04-18 11:26:39 +01:00
Max Schaefer 76e01f0055 JavaScript: Update `TypeTracker` to align with `TypeBackTracker`. 
It now also has `step` and `smallstep` predicates. In the usual case,
however, I think I prefer the `SourceNode::track` API, so I left the
recommended style in the qldoc alone (and adjusted the one for
`TypeBackTracker` to match).
 2019-04-18 09:08:09 +01:00
Max Schaefer a61ca489f1
Merge pull request #1258 from asger-semmle/prototype-pollution 
JS: prototype pollution query template
 2019-04-17 12:58:05 +01:00
semmle-qlci f36eafce3f
Merge pull request #1246 from xiemaisi/js/hardcoded-password 
Approved by asger-semmle
 2019-04-17 08:54:09 +01:00
Asger F 48ca4ae0d8 JS: prototype pollution query template 2019-04-16 17:40:41 +01:00
Asger F fafdd5bbcd TS: Dont extract redirect SourceFiles 2019-04-16 10:17:45 +01:00
semmle-qlci ff25a3ee5a
Merge pull request #1243 from asger-semmle/access-path-refinements 
Approved by xiemaisi
 2019-04-16 09:57:51 +01:00
Max Schaefer 65e508ae3b
Merge pull request #1252 from esben-semmle/mb/1.20-master 
Mergeback: rc/1.20 into Semmle/master
 2019-04-16 09:27:50 +01:00
semmle-qlci aeebc3692d
Merge pull request #1247 from asger-semmle/tscrash 
Approved by xiemaisi
 2019-04-16 07:59:02 +01:00
semmle-qlci 97018f7c3a
Merge pull request #1248 from asger-semmle/ts-full-default 
Approved by xiemaisi
 2019-04-16 07:56:50 +01:00
Max Schaefer 7af4baf57f
Merge pull request #1220 from esben-semmle/js/another-getAPropertyAttribut-performance-fix 
JS: inline CallToObjectDefineProperty::getAPropertyAttribute
 2019-04-16 07:55:53 +01:00
Esben Sparre Andreasen c80ee3df01 Mergeback: rc/1.20 into Semmle/master 2019-04-16 08:46:15 +02:00
Asger F abbfe2d5ce TS: Dont extract redirect SourceFiles 2019-04-15 18:57:02 +01:00
Max Schaefer 4c9edafef3
Merge pull request #1211 from esben-semmle/js/type-tracking-for-incomplete-hostname-regexp 
JS: type tracking for js/incomplete-hostname-regexp
 2019-04-15 12:19:46 +01:00
Asger F b6ea121808 TS: Make full TS extraction the default in AutoBuild 2019-04-15 12:11:05 +01:00
Max Schaefer 1d5bb97121 JavaScript: Refine `PasswordInConfigurationFile` to avoid FPs. 
We now exclude passwords that look like they might be filled in via
templating or shell substitution.
 2019-04-15 12:10:21 +01:00
Max Schaefer ce53a7d575
Merge pull request #1175 from psygnisfive/NullSensitiveContext 
[JS] Null Sensitive Context (new library)
 2019-04-15 08:50:14 +01:00
Rebecca Valentine fb40548be5 fixes semicolon issues 2019-04-12 10:56:31 -07:00
Rebecca Valentine a66d1c0e09 fixes test errors 2019-04-12 10:39:34 -07:00
Rebecca Valentine d4f2172bdc void exprs are also ok 2019-04-12 10:39:20 -07:00
Asger F b8ec7083d4 JS: Update isBarrier test output 2019-04-12 16:35:01 +01:00
Asger F b36075ca46 JS: step through refinements in AccessPaths 2019-04-12 11:12:50 +01:00
Asger F 720555be45 JS: Add test case 2019-04-12 11:11:26 +01:00
Esben Sparre Andreasen 9c65277b53 JS: reformulate js/incomplete-hostname-regexp with type tracking 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen 5a7101481c JS: make message for js/incomplete-hostname-regexp more informative 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen d643904faf JS: improve tests for fixup js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen cf7d0a7ea5 JS: fixup qhelp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen 74144b0271 JS: make RegExpPatterns::commonTLD more robust 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen 9eb039038e JS: update docstring example for TypeBackTracker 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen 1f565bd49c JS: Introduce TypeBackTracker::step and TypeBackTracker::smallstep 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen fd429ce639 JS: whitelist delimiter unwrapping for js/incomplete-sanitization 2019-04-12 08:38:44 +02:00
Esben Sparre Andreasen a0ed362310 JS: add test case for js/incomplete-sanitization 2019-04-12 08:37:47 +02:00
semmle-qlci ccbb7ce04b
Merge pull request #1224 from asger-semmle/cheerio 
Approved by esben-semmle
 2019-04-11 15:21:44 +01:00
semmle-qlci a1cc2fbed3
Merge pull request #1233 from xiemaisi/js/amd-type-inference 
Approved by asger-semmle
 2019-04-11 15:20:00 +01:00
semmle-qlci ed5fd96603
Merge pull request #1227 from asger-semmle/typescript3.4 
Approved by xiemaisi
 2019-04-11 10:39:57 +01:00
semmle-qlci 9f13b6be18
Merge pull request #1234 from xiemaisi/js/customizations-qll 
Approved by esben-semmle
 2019-04-11 08:31:28 +01:00
Esben Sparre Andreasen a6cf9503da
Merge pull request #1235 from xiemaisi/js/include-yaml 
JavaScript: Teach AutoBuilder to extract YAML files by default.
 2019-04-11 09:28:59 +02:00
Max Schaefer f22cb186e3 JavaScript: Teach AutoBuilder to extract YAML files by default. 2019-04-10 18:47:06 -07:00
Max Schaefer 078151f9d1 JavaScript: Add an (empty) `Customizations.qll` module. 
Somewhat analogous to the `Options.qll` module in C++; see module
comments for further explanation.
 2019-04-10 18:26:27 -07:00
Max Schaefer 301dab0e40 JavaScript: Improve AMD support in type inference. 
Now leverages the recently introduced logic for resolving AMD imports
based on unique matching paths.
 2019-04-10 09:47:54 -07:00
Max Schaefer 20312fc3bf JavaScript: Improve socket.io model. 
Recognise `io` imports and use type-tracking to better track handlers.
 2019-04-10 08:02:40 -07:00
Asger F bfa6208a58 TS: Fix test output 2019-04-10 15:44:37 +01:00
Asger F ef7bde472b TS: Fix javadoc 2019-04-10 15:33:39 +01:00
Max Schaefer 6ac72bd469 Update javascript/ql/src/semmle/javascript/TypeScript.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-04-10 15:33:22 +01:00
Asger F 4b4e7eb5ff TS: update trap test output 2019-04-10 13:17:15 +01:00
Asger F d28597ffbb TS: DB upgrade script and stats 2019-04-10 13:13:46 +01:00
Esben Sparre Andreasen b86f43be98 JS: reformulate CallToObjectDefineProperty::getAPropertyAttribute 2019-04-10 14:03:28 +02:00
Asger F c1c7ebfc48 TS: Support const type assertions 2019-04-10 12:54:42 +01:00
Asger F d5ae69d40a TS: Support readonly type expressions 2019-04-10 12:26:46 +01:00
Asger F 11f460c6a3 JS: Generalize KeyofTypeExpr to UnaryTypeExpr 2019-04-10 12:21:28 +01:00
Asger F 8304ce1e16 TS: Update test output with new toString value 2019-04-10 11:34:27 +01:00
Asger F 65d863f8fb TS: update to TypeScript 3.4 2019-04-10 11:18:23 +01:00
Esben Sparre Andreasen e70413922b Update javascript/ql/src/semmle/javascript/frameworks/Cheerio.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-04-09 14:25:33 +01:00
Esben Sparre Andreasen 2113e6e4d3 Update javascript/ql/src/semmle/javascript/frameworks/Cheerio.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-04-09 14:25:19 +01:00
Esben Sparre Andreasen ad119dae21 Update javascript/ql/src/semmle/javascript/frameworks/jQuery.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-04-09 14:25:11 +01:00
Esben Sparre Andreasen b72c678b2c Update javascript/ql/src/semmle/javascript/frameworks/jQuery.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-04-09 14:25:01 +01:00
Asger F bd1d9ed810 JS: Add test 2019-04-09 12:21:54 +01:00
Asger F 0fcdf91d4a JS: Add model of cheerio 2019-04-09 12:21:54 +01:00
Esben Sparre Andreasen e7adb62288
Merge pull request #1221 from asger-semmle/contextual-typing 
TS: Extract contextual type for object/array literals
 2019-04-09 10:43:01 +02:00
Esben Sparre Andreasen 9d1f511ca0 JS: fixup missing space 2019-04-09 10:39:26 +02:00
Esben Sparre Andreasen 89596052cf JS: autoformat TypeTracking.qll 2019-04-09 10:39:26 +02:00
semmle-qlci 92acd322fc
Merge pull request #1218 from esben-semmle/js/whitelist-typeconfusion-lt1-checks 
Approved by asger-semmle
 2019-04-09 01:11:34 +01:00
Rebecca Valentine c120cca9d3 better explanation of null sensitive contexts 2019-04-08 10:12:04 -07:00
Asger F db9fd3f721 TS: update test change 2019-04-08 15:17:40 +01:00
semmle-qlci f54366bf95
Merge pull request #1214 from asger-semmle/taint-addexpr-phi 
Approved by esben-semmle, xiemaisi
 2019-04-08 11:55:06 +01:00
Esben Sparre Andreasen 52d86471af JS: whitelist another emptiness check for the type-confusion query 2019-04-08 09:52:27 +02:00
semmle-qlci 662ad4b2ca
Merge pull request #1205 from asger-semmle/prefix-sanitizer 
Approved by esben-semmle
 2019-04-08 08:29:04 +01:00
Asger F 50c2921625 TS: Use contextual typing for literals 2019-04-05 18:43:51 +01:00