hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

329 Commits

Author SHA1 Message Date
Michael Nebel
c3fe3e468c Javascript: Update all test util paths to point to the new location. 2024-12-12 13:54:25 +01:00
Napalys
c71778f1aa JS: xss does not flag anymore replace with RegExp unknown flags 2024-11-28 11:26:53 +01:00
Napalys
dbae553146 JS: add xss test cases with unknownflags for replace using RegExp 2024-11-28 11:26:52 +01:00
Sid Gawri
e8c68fff7f resolve id conflict with dom based xss test ql 2024-09-25 10:01:59 -04:00
Asger F
9ee7599aeb JS: Move AngularJSTemplateUrlSink to ClientSideUrlRedirection query 
This is not perfect but at least we can be consistent about keeping URLs-that-lead-to-xss in the same query
 2024-08-16 14:37:13 +02:00
erik-krogh
129286aa1c allow more flow through .filter() 2024-03-13 12:03:00 +01:00
erik-krogh
a9f2b3fad6 promote PropsTaintStep to a PreCallGraphStep 2024-01-04 10:45:22 +01:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
tyage
933b55d37d Track interfile useRouter 2023-04-28 15:49:26 +09:00
Asger F
04079752f7 JS: update test output after adding 'this' sanitizer 2023-04-17 12:15:46 +02:00
Asger F
f87f6c8556 JS: Add test to unsafe jquery plugin 2023-04-17 12:15:05 +02:00
Asger F
b0d4b31103 JS: Trim whitespace in test 2023-04-17 08:23:04 +02:00
Asger F
c7f16cd224 JS: Add test 2023-04-17 08:23:03 +02:00
erik-krogh
b1957623c1 add browser history as XSS sink 2023-04-12 13:38:18 +02:00
tyage
320cb99dbf Add replace method test 2023-04-08 18:31:48 +09:00
tyage
668e1accaa Remove unnecessary whiteline 2023-04-08 18:24:31 +09:00
tyage
7f9b8557ac Add Next.js router push as XSS sink 2023-04-08 18:18:34 +09:00
Asger F
43174cfe3a Merge pull request #12668 from asgerf/js/jquery-callback-sinks 
JS: fix handling of jQuery sinks involving callback
 2023-03-30 12:42:53 +02:00
Asger F
92a681213d JS: Step through jQuery callback return values 2023-03-27 11:17:27 +02:00
Asger F
bc2a772f3b JS: Add test case showing false negative 2023-03-27 11:08:39 +02:00
erik-krogh
2bba9057a0 better callgraph support for global variables 2023-03-22 13:49:33 +01:00
Asger F
856b50735d JS: Expand test case 2023-03-07 13:04:26 +01:00
erik-krogh
a6c9af4182 add the html argument to the jQuery functions as an XSS sink 2023-03-03 11:09:53 +01:00
erik-krogh
94870b838f add failing test 2023-03-03 11:08:33 +01:00
erik-krogh
0e60fc5512 Merge branch 'main' into alias-html 2023-02-27 09:16:25 +01:00
erik-krogh
51ddb55d7b use tainted-object to precisely model that plain object are fine, but their properties are not 2023-02-15 15:02:03 +01:00
erik-krogh
b7305fd229 also consider relative exports when finding library inputs 2023-02-14 21:08:13 +01:00
erik-krogh
b85bfc8ba6 add HtmlSanitizer as a sanitizer for DOMBasedXss 2023-02-13 11:57:29 +01:00
erik-krogh
c258e44772 add failing test for spurious edge through sanitizer 2023-02-13 11:49:57 +01:00
erik-krogh
ba2734909f JS: don't use deprecated files in tests 2022-11-17 22:12:50 +01:00
Erik Krogh Kristensen
bbdda9ef70 Merge pull request #10727 from erik-krogh/js-last-msg 
JS: fix some more style-guide violations in the alert-messages
 2022-10-27 15:48:12 +02:00
tyage
54050bf1b6 update test result XssWithAdditionalSources 2022-10-27 10:23:37 +09:00
tyage
232893aafa make query parameters in ServerSideProps and next/router 
as a RemoteFlowSource
 2022-10-26 14:41:07 +09:00
tyage
1f4fc7fc2d add params, query to test 2022-10-26 10:53:11 +09:00
tyage
06925681b0 add test for context.params 2022-10-26 10:53:11 +09:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
tyage
ddc8f72ef7 accept test result Xss.qlref 2022-10-06 18:23:10 +09:00
tyage
192c1f3d89 make test json.stringify 2022-10-04 17:40:52 +09:00
tyage
726cd2ca8a refactor test 2022-10-04 17:11:37 +09:00
tyage
2006ae8332 rename file 2022-10-04 17:05:15 +09:00
tyage
33d204913c add test for json stringify xss 2022-10-04 14:45:09 +09:00
erik-krogh
87fb01d55b apply another suggestion from doc review 2022-09-12 15:36:02 +02:00
erik-krogh
afcb767f8d Merge branch 'main' into js-followMsg 2022-09-12 13:21:16 +02:00
Erik Krogh Kristensen
cb95e8f263 Merge pull request #10351 from erik-krogh/moreMains 
JS: find a main module in more cases
 2022-09-12 11:01:17 +02:00
Erik Krogh Kristensen
9893650f7c Merge pull request #8604 from erik-krogh/httpNode 
JS: refactor most library models away from AST nodes
 2022-09-09 10:04:17 +02:00
erik-krogh
aee72357b8 find a main module in more cases 2022-09-08 20:21:31 +02:00
erik-krogh
a35fe1ffab Merge branch 'main' into js-followMsg 2022-09-08 13:09:15 +02:00
erik-krogh
0407198dd2 add a markdown step through the mermaid library 2022-09-08 09:23:45 +02:00
Erik Krogh Kristensen
e387ebaedd add domNode.innerHTML += sink as a DOM sink 2022-09-05 16:11:55 +02:00