hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

4104 Commits

Author SHA1 Message Date
Michael Nebel
c3fe3e468c Javascript: Update all test util paths to point to the new location. 2024-12-12 13:54:25 +01:00
Michael Nebel
0f146f1486 Javascript: Move test utilities into the query pack. 2024-12-12 13:54:23 +01:00
Jeroen Ketema
3d8493757e JS: Update expected test results 2024-12-03 19:19:01 +01:00
Napalys Klicius
1e1674a08a Merge pull request #18089 from Napalys/napalys/regexp-unknown-flags 
JS: RegExp unknown flags support and enhanced compatibility with RegExp objects
 2024-12-03 09:43:13 +01:00
Napalys
3171f38cdd JS: fixed bad alert messages when it came to incomplete sanitization for new RegExp objects 2024-11-29 11:14:45 +01:00
Napalys Klicius
9ca0fe4cbf Update RegExp handling and add test case 
Co-authored-by: erik-krogh <erik-krogh@github.com>
 2024-11-28 14:13:40 +01:00
Napalys
1d2e08a3b6 JS: now Reg Exp injection treats unknownFlags as sanitization, MetacharEscapeSanitizer 2024-11-28 11:26:58 +01:00
Napalys
62194f5337 JS: add test cases RegExp with unknown flags 2024-11-28 11:26:57 +01:00
Napalys
e673348ed3 JS: now RegExp with unknown flags is not flagged as an issue within password Clear text storage of sensitive information 2024-11-28 11:26:56 +01:00
Napalys
a2c46749c6 JS: fixed issue where MaskingReplacer would work only with regexp literals but not objects 2024-11-28 11:26:55 +01:00
Napalys
1ca57cfb9d JS: add test cases with RegExp object for MaskingReplacer, currently gives wrong results 2024-11-28 11:26:54 +01:00
Napalys
c71778f1aa JS: xss does not flag anymore replace with RegExp unknown flags 2024-11-28 11:26:53 +01:00
Napalys
dbae553146 JS: add xss test cases with unknownflags for replace using RegExp 2024-11-28 11:26:52 +01:00
Napalys
fe28657c7d JS: add test cases with unknown flags for double escaping, works as expected. 2024-11-28 11:26:51 +01:00
Napalys
98fd97799c JS: imcomplete sanization now handles properly maybe global 2024-11-28 11:26:50 +01:00
Napalys
1ae174849f JS: incomplete sanitization now also works with RegExp objects 2024-11-28 11:26:48 +01:00
Napalys
76318035ff JS: Add test cases for RegExp object usage in replace within incomplete sanitization 2024-11-28 11:26:47 +01:00
Napalys
9c2366a660 JS: Added tests for ReDos with unknownFlags, everything seems to be good 2024-11-28 11:26:46 +01:00
Napalys
875478c1c6 JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall 2024-11-28 11:26:45 +01:00
Napalys
aa557cf950 JS: Added tests for DotRemovingReplaceCall with RegExp Object. 2024-11-28 11:26:44 +01:00
Napalys
a0df33c3ac JS: UnsafeShellCommand Using unknown flags in the RegExp object is no longer flagged as bad sanitization to reduce false positives. 2024-11-28 11:26:43 +01:00
Napalys
155f1fca85 JS: Added test cases for unsafe shell command sanitization with RegExpr Object, instead of literal 2024-11-28 11:26:42 +01:00
Napalys
23b18aeca9 JS: Now unknown flags are not flagged in taint paths 2024-11-28 11:26:41 +01:00
Napalys
7db6f7c721 JS: Added test cases with new RegExp for Tainted paths, currently works only with literals 2024-11-28 11:26:39 +01:00
Napalys
faef9dd877 JS: protyte poluting now treats unknownFlags as potentially good sanitization. 2024-11-28 11:26:38 +01:00
Napalys
41fef0f2b3 JS: Added test cases which cover new RegExp creation with replace on protytpe pulluting 2024-11-28 11:26:37 +01:00
Napalys
18c7b18f82 JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged. 2024-11-28 11:26:36 +01:00
Napalys
89f3b6f8d3 JS: Added test case for bad sanitizer with unknown flags, currently not flagged. 2024-11-28 11:26:35 +01:00
Napalys
38be0e4c0a JS: Now BadHtmlSanitizers also flags new RegExp as potential issue 2024-11-28 11:26:34 +01:00
Napalys
41f21d429b JS: Added test case which is not flagged but should be abusing new RegExp with global flag 2024-11-28 11:26:33 +01:00
Napalys Klicius
e9dff4d68f Merge pull request #17953 from Napalys/napalys/ts57 
JS: upgrade TypeScript to 5.7
 2024-11-25 14:16:40 +01:00
Napalys Klicius
d6372aebc7 Update javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-11-25 12:12:12 +01:00
Napalys
e38b63ebcd JS: previously js/case-sensitive-middleware-path was not taking into consideration unknown flags 2024-11-25 11:56:06 +01:00
Napalys
178da21fb8 JS: Added test case for CWE-178 RegExp with unknown flags 2024-11-25 11:53:00 +01:00
Napalys Klicius
61e00861e5 Merge pull request #18008 from Napalys/napalys/ES2024-group-functions 
JS: Added support for [Object, Map].groupBy ES2024 feature
 2024-11-21 19:03:57 +01:00
Napalys Klicius
edb9b47111 Merge pull request #18047 from Napalys/napalys/ES2023-string-protytpe-toWellFormed 
JS: Added taint-step String.prototype.toWellFormed ES2023 feature
 2024-11-21 14:01:21 +01:00
Napalys
afc2d3e6d2 JS: Add: String.protytpe.toWellFormed to StringManipulationTaintStep 2024-11-20 17:42:25 +01:00
Napalys
09f73d8d6f JS: Add: test cases for toWellFormed 2024-11-20 17:36:43 +01:00
Napalys Klicius
a957e00fe5 Merge branch 'main' into napalys/ES2024-group-functions 2024-11-20 14:03:31 +01:00
Napalys
58faa2d71e JS: Add: dataflow step for static method of groupBy from Map. 2024-11-20 13:34:11 +01:00
Napalys
6344f83e4b JS: Add: tests for taint tracking in groupBy functions 2024-11-20 13:22:53 +01:00
Napalys
28ead4011a JS: Add: taint step to handle propagation of data flow from the array to callback 2024-11-19 14:15:15 +01:00
Napalys
f1e95a8a1d JS: Add: taint step test cases for findLastIndex, findLast, find 2024-11-19 14:09:58 +01:00
Napalys
c03d69af1e JS: Add: dataflow step for find, findLast, findLastIndex callback functions 2024-11-19 09:42:11 +01:00
Napalys
b64b837db3 JS: Add: test cases for find, findLast, findLastIndex with callbacks 2024-11-19 09:35:43 +01:00
Napalys
213ce225e0 JS: Add: taint step for Object.groupBy function, fixed test cases from 8ae05d8be4 2024-11-18 12:58:07 +01:00
Napalys
8ae05d8be4 JS: Add: test case for Object.groupBy 2024-11-18 12:55:17 +01:00
Napalys
c02ad65fdc JS: Add: taint step for Map.groupBy function 2024-11-18 12:50:06 +01:00
Napalys
3786ad4277 JS: Add: test case for Map.groupBy 2024-11-18 12:44:49 +01:00
Napalys
a28fc8e772 JS: Add: Use of returnless function support for findLast and findLastIndex 2024-11-15 14:44:25 +01:00