am0o0
354fcbe7fe
apply changes from @erik-krogh
2024-08-01 20:14:36 +02:00
am0o0
b360c8adb8
Update hardcodedCredentials query file to only exclude 'jwt key' kind from with the isTestFile predicate.
...
According to expected test results, with a new query, the jwt sinks of __test__/ dir have been exluded from query results.
2024-07-01 15:00:08 +02:00
am0o0
5a1877547f
update test cases of __tests__/ dir
...
since we want to check if a jwt related sink is in this dir or not
2024-07-01 14:50:07 +02:00
am0o0
6ecd8b7ee8
add new default cred kind
2024-07-01 14:42:34 +02:00
am0o0
65fdb8ccce
move jose SharedTaintStep to a local taint step, add more additional steps with test cases, update test cases and expected test results
2024-07-01 11:38:17 +02:00
am0o0
5a69bbf6b0
use isTestFile from ClassifyFiles module file instead previous where condition, update tests accordingly
2024-06-07 06:11:48 +02:00
am0o0
e4ffdb848e
add tests for new where condition, update expected test results
2024-06-06 14:30:06 +02:00
am0o0
d77513579f
update tests
2024-05-25 12:15:25 +02:00
am0o0
4e365e242c
fix conflict
2024-05-25 12:08:05 +02:00
am0o0
20c087ce39
update tests
2024-05-25 12:06:07 +02:00
am0o0
1860af075d
fix conflict
2024-05-25 12:01:12 +02:00
amammad
e1d42fad2c
move new secret key sinks to existing CredentialsNode class,
...
add new additional global taint and dataflow steps
update tests of CWE-798
add a new sanitizer for `semmle.javascript.security.dataflow.HardcodedCredentialsQuery`
2023-11-02 16:09:01 +01:00
erik-krogh
9f2d7dfb29
update expected output
2022-09-29 22:48:41 +02:00
erik-krogh
0a5ff1b79a
recognize another kind of dummy passwords to fix an FP in hardcoded-credentials
2022-09-29 21:25:40 +02:00
Esben Sparre Andreasen
816d79692b
ignore deliberately hardcoded password strings
2022-02-16 09:47:01 +01:00
Esben Sparre Andreasen
78744a0182
add additional tests
2022-02-16 09:44:56 +01:00
Esben Sparre Andreasen
e67c09f9ab
change example passwords in test
2022-02-16 08:56:00 +01:00
Erik Krogh Kristensen
87c0c60c22
don't report dummy authentication headers as hardcoded-crendentials
2021-08-02 22:56:14 +02:00
Erik Krogh Kristensen
99d03bab24
only flag the secret key in JWT
2020-11-12 21:36:05 +01:00
Erik Krogh Kristensen
5ecae55e77
add keys used by jsonwebtoken as CredentialsExpr
2020-11-10 10:41:39 +01:00
Erik Krogh Kristensen
d814e73023
update comment position to match alert location for CWE-798
2020-07-08 10:12:12 +02:00
Erik Krogh Kristensen
a90c8769ee
update expected output
2020-06-03 15:24:04 +02:00
Erik Krogh Kristensen
a1940979ba
support credentials in a Buffer
2020-06-03 12:02:00 +02:00
Erik Krogh Kristensen
ba44ebe8a8
better support for browser based fetch API
2020-06-03 11:51:24 +02:00
Erik Krogh Kristensen
3622fb8716
support more variants of the Headers API
2020-06-03 11:50:10 +02:00
Erik Krogh Kristensen
3c802007a3
add support for string concatenations and base64-encoding of hardcoded credentials
2020-06-02 23:15:13 +02:00
Erik Krogh Kristensen
b6dc94fccb
add fetch.Headers.Authorization as a CredentialsExpr
2020-06-02 23:02:16 +02:00
Max Schaefer
b42026a90a
JavaScript: Update expected output.
2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22
JavaScript: Update expected output.
2019-10-29 15:30:06 +00:00
Esben Sparre Andreasen
a5645e168a
JS: exclude keys from whitelist
2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen
0e2d2f8662
JS: whitelist some hardcoded dummy-passwords in two queries
2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen
aa3f4a7048
JS: change passwords in tests
2019-09-16 10:09:59 +02:00
Asger F
378b0bfb74
JS: Do not treat the empty string as a credential
2019-07-30 17:29:12 +01:00
Asger F
3245142203
JS: Dont flag empty string as hardcoded username
2019-01-28 13:01:52 +00:00
Max Schaefer
9221b62ded
JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates.
2018-11-14 09:32:31 +00:00
Pavel Avgustinov
b55526aa58
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
