Skip to content

JavaScript: Simplify flow-summary queries.#1131

Merged
semmle-qlci merged 1 commit into
github:rc/1.20from
xiemaisi:js/simplify-flow-summary-queries
Mar 19, 2019
Merged

JavaScript: Simplify flow-summary queries.#1131
semmle-qlci merged 1 commit into
github:rc/1.20from
xiemaisi:js/simplify-flow-summary-queries

Conversation

@xiemaisi

Copy link
Copy Markdown

Previously, AllConfigurations.qll would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.

I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.

(No documentation impact.)

Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.

I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
@xiemaisi xiemaisi added the JS label Mar 19, 2019
@xiemaisi xiemaisi added this to the 1.20 milestone Mar 19, 2019
@xiemaisi xiemaisi requested a review from a team as a code owner March 19, 2019 11:01

@asger-semmle asger-semmle left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I can imagine RequestForgery and TypeConfusionThroughParameterTampering might be worth bringing back later.

@semmle-qlci semmle-qlci merged commit 17e8b64 into github:rc/1.20 Mar 19, 2019
@xiemaisi xiemaisi deleted the js/simplify-flow-summary-queries branch April 2, 2019 07:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants