calumgrant
diff --git a/‎javascript/config/suites/javascript/security‎
Lines changed: 2 additions & 0 deletions b/‎javascript/config/suites/javascript/security‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎javascript/ql/src/Declarations/ArgumentsRedefined.ql‎
Lines changed: 1 addition & 0 deletions b/‎javascript/ql/src/Declarations/ArgumentsRedefined.ql‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎javascript/ql/src/Declarations/RedeclaredVariable.ql‎
Lines changed: 10 additions & 1 deletion b/‎javascript/ql/src/Declarations/RedeclaredVariable.ql‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎javascript/ql/src/Declarations/UnusedVariable.ql‎
Lines changed: 3 additions & 1 deletion b/‎javascript/ql/src/Declarations/UnusedVariable.ql‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-022/TaintedPath.ql‎
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-022/TaintedPath.ql‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-078/CommandInjection.ql‎
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-078/CommandInjection.ql‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-079/ReflectedXss.ql‎
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-079/ReflectedXss.ql‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-079/Xss.ql‎
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-079/Xss.ql‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-089/SqlInjection.ql‎
Lines changed: 2 additions & 2 deletions b/‎javascript/ql/src/Security/CWE-089/SqlInjection.ql‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎javascript/ql/src/Security/CWE-094/CodeInjection.ql‎
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-094/CodeInjection.ql‎
Lines changed: 1 addition & 1 deletion
@@ -13,10 +13,12 @@
 + semmlecode-javascript-queries/Security/CWE-338/InsecureRandomness.ql: /Security/CWE/CWE-338
 + semmlecode-javascript-queries/Security/CWE-346/CorsMisconfigurationForCredentials.ql: /Security/CWE/CWE-346
 + semmlecode-javascript-queries/Security/CWE-352/MissingCsrfMiddleware.ql: /Security/CWE/CWE-352
++ semmlecode-javascript-queries/Security/CWE-400/RemotePropertyInjection.ql: /Security/CWE/CWE-400
 + semmlecode-javascript-queries/Security/CWE-502/UnsafeDeserialization.ql: /Security/CWE/CWE-502
 + semmlecode-javascript-queries/Security/CWE-601/ClientSideUrlRedirect.ql: /Security/CWE/CWE-601
 + semmlecode-javascript-queries/Security/CWE-601/ServerSideUrlRedirect.ql: /Security/CWE/CWE-601
 + semmlecode-javascript-queries/Security/CWE-611/Xxe.ql: /Security/CWE/CWE-611
++ semmlecode-javascript-queries/Security/CWE-643/XpathInjection.ql: /Security/CWE/CWE-643
 + semmlecode-javascript-queries/Security/CWE-730/RegExpInjection.ql: /Security/CWE/CWE-730
 + semmlecode-javascript-queries/Security/CWE-770/MissingRateLimiting.ql: /Security/CWE/CWE-770
 + semmlecode-javascript-queries/Security/CWE-776/XmlBomb.ql: /Security/CWE/CWE-776
 
@@ -16,6 +16,7 @@ import Definitions
 
 from DefiningIdentifier id, string name
 where not id.inExternsFile() and
+      not id.isAmbient() and
       name = id.getName() and
       (name = "eval" or name = "arguments")
 select id, "Redefinition of " + name + "."
@@ -16,5 +16,14 @@ from Variable v, TopLevel tl, VarDecl decl, VarDecl redecl
 where decl = firstRefInTopLevel(v, Decl(), tl) and
       redecl = refInTopLevel(v, Decl(), tl) and
       redecl != decl and
-      not tl.isExterns()
+      not tl.isExterns() and
+
+      // Ignore redeclared ambient declarations, such as overloaded functions.
+      not decl.isAmbient() and
+      not redecl.isAmbient() and
+
+      // Redeclaring a namespace extends the previous definition.
+      not decl = any(NamespaceDeclaration ns).getId() and
+      not redecl = any(NamespaceDeclaration ns).getId()
+
 select redecl, "This variable has already been declared $@.", decl, "here"
@@ -121,5 +121,7 @@ where v = vd.getVariable() and
       // exclude decorated functions and classes
       not isDecorated(vd) and
       // exclude names of enum members; they also define property names
-      not isEnumMember(vd)
+      not isEnumMember(vd) and
+      // ignore ambient declarations - too noisy
+      not vd.isAmbient()
 select vd, "Unused " + describe(vd) + "."
@@ -18,6 +18,6 @@ import javascript
 import semmle.javascript.security.dataflow.RemoteFlowSources
 import semmle.javascript.security.dataflow.TaintedPath::TaintedPath
 
-from Configuration cfg, Source source, Sink sink
+from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)
 select sink, "This path depends on $@.", source, "a user-provided value"
@@ -15,6 +15,6 @@
 import javascript
 import semmle.javascript.security.dataflow.CommandInjection::CommandInjection
 
-from Configuration cfg, Source source, Sink sink
+from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)
 select sink, "This command depends on $@.", source, "a user-provided value"
@@ -14,7 +14,7 @@
 import javascript
 import semmle.javascript.security.dataflow.ReflectedXss::ReflectedXss
 
-from Configuration xss, Source source, Sink sink
+from Configuration xss, DataFlow::Node source, DataFlow::Node sink
 where xss.hasFlow(source, sink)
 select sink, "Cross-site scripting vulnerability due to $@.",
        source, "user-provided value"
@@ -14,7 +14,7 @@
 import javascript
 import semmle.javascript.security.dataflow.DomBasedXss::DomBasedXss
 
-from Configuration xss, Source source, Sink sink
+from Configuration xss, DataFlow::Node source, DataFlow::Node sink
 where xss.hasFlow(source, sink)
 select sink, "Cross-site scripting vulnerability due to $@.",
        source, "user-provided value"
@@ -14,11 +14,11 @@ import javascript
 import semmle.javascript.security.dataflow.SqlInjection
 import semmle.javascript.security.dataflow.NosqlInjection
 
-predicate sqlInjection(SqlInjection::Source source, SqlInjection::Sink sink) {
+predicate sqlInjection(DataFlow::Node source, DataFlow::Node sink) {
   any(SqlInjection::Configuration cfg).hasFlow(source, sink)
 }
 
-predicate nosqlInjection(NosqlInjection::Source source, NosqlInjection::Sink sink) {
+predicate nosqlInjection(DataFlow::Node source, DataFlow::Node sink) {
   any(NosqlInjection::Configuration cfg).hasFlow(source, sink)
 }
 
 
@@ -15,6 +15,6 @@
 import javascript
 import semmle.javascript.security.dataflow.CodeInjection::CodeInjection
 
-from Configuration codeInjection, Source source, Sink sink
+from Configuration codeInjection, DataFlow::Node source, DataFlow::Node sink
 where codeInjection.hasFlow(source, sink)
 select sink, "$@ flows to here and is interpreted as code.", source, "User-provided value"
Original file line number	Diff line number	Diff line change
`@@ -14,11 +14,11 @@ import javascript`
`14`	`14`	`import semmle.javascript.security.dataflow.SqlInjection`
`15`	`15`	`import semmle.javascript.security.dataflow.NosqlInjection`
`16`	`16`
`17`		`-predicate sqlInjection(SqlInjection::Source source, SqlInjection::Sink sink) {`
	`17`	`+predicate sqlInjection(DataFlow::Node source, DataFlow::Node sink) {`
`18`	`18`	`any(SqlInjection::Configuration cfg).hasFlow(source, sink)`
`19`	`19`	`}`
`20`	`20`
`21`		`-predicate nosqlInjection(NosqlInjection::Source source, NosqlInjection::Sink sink) {`
	`21`	`+predicate nosqlInjection(DataFlow::Node source, DataFlow::Node sink) {`
`22`	`22`	`any(NosqlInjection::Configuration cfg).hasFlow(source, sink)`
`23`	`23`	`}`
`24`	`24`