Moved new query to 'experimental'

Moved lists of domains to data extensions, including adding those to the overall qlpack.yml Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io
2026-04-30 11:15:13 +02:00 · 2024-07-09 16:38:01 +01:00
parent 1fe14e26b1
commit 86afd54a9b
22 changed files with 204 additions and 136 deletions
--- a/javascript/ql/test/experimental/Security/CWE-830/FunctionalityFromUntrustedDomain.expected
+++ b/javascript/ql/test/experimental/Security/CWE-830/FunctionalityFromUntrustedDomain.expected
@@ -0,0 +1,6 @@
+WARNING: Unused predicate isCdnDomainWithCheckingRequiredTest (FunctionalityFromUntrustedDomain.ql:34,11-46)
+WARNING: Unused predicate isUntrustedDomainTest (FunctionalityFromUntrustedDomain.ql:26,11-32)
+WARNING: Unused predicate isUntrustedDomainTest2 (FunctionalityFromUntrustedDomain.ql:30,11-33)
+WARNING: Unused predicate isUntrustedHostnameTest (FunctionalityFromUntrustedDomain.ql:21,11-34)
+WARNING: Unused predicate isUntrustedTest (FunctionalityFromUntrustedDomain.ql:16,11-26)
+| polyfill-nocheck.html:4:9:4:98 | <script>...</> | Content loaded from untrusted domain with no integrity check. |
--- a/javascript/ql/test/experimental/Security/CWE-830/FunctionalityFromUntrustedDomain.qlref
+++ b/javascript/ql/test/experimental/Security/CWE-830/FunctionalityFromUntrustedDomain.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-830/FunctionalityFromUntrustedDomain.ql
--- a/javascript/ql/test/experimental/Security/CWE-830/polyfill-check.html
+++ b/javascript/ql/test/experimental/Security/CWE-830/polyfill-check.html
--- a/javascript/ql/test/experimental/Security/CWE-830/polyfill-nocheck.html
+++ b/javascript/ql/test/experimental/Security/CWE-830/polyfill-nocheck.html
--- a/javascript/ql/test/query-tests/Security/CWE-830/FunctionalityFromUntrustedSource.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-830/FunctionalityFromUntrustedSource.expected
@@ -5,4 +5,3 @@
 | StaticCreationOfUntrustedSourceUse.html:6:9:6:56 | <script>...</> | Script loaded using unencrypted connection. |
 | StaticCreationOfUntrustedSourceUse.html:9:9:9:58 | <iframe>...</> | Iframe loaded using unencrypted connection. |
 | StaticCreationOfUntrustedSourceUse.html:21:9:21:155 | <script>...</> | Script loaded from content delivery network with no integrity check. |
-| polyfill-nocheck.html:4:9:4:98 | <script>...</> | Script loaded from content delivery network with no integrity check. |
--- a/javascript/ql/test/query-tests/Security/CWE-830/PolyfillIOCompromisedScript.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-830/PolyfillIOCompromisedScript.expected
@@ -1 +0,0 @@
-| polyfill-nocheck.html:4:9:4:98 | <script>...</> | Script loaded from known-compromised content delivery network with no integrity check. |
--- a/javascript/ql/test/query-tests/Security/CWE-830/PolyfillIOCompromisedScript.qlref
+++ b/javascript/ql/test/query-tests/Security/CWE-830/PolyfillIOCompromisedScript.qlref
@@ -1 +0,0 @@
-Security/CWE-830/PolyfillIOCompromisedScript.ql
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE-830/FunctionalityFromUntrustedDomain.ql`
				`@@ -1 +0,0 @@`
				`\| polyfill-nocheck.html:4:9:4:98 \| <script>...</> \| Script loaded from known-compromised content delivery network with no integrity check. \|`
				`@@ -1 +0,0 @@`
				`Security/CWE-830/PolyfillIOCompromisedScript.ql`