Asger F
|
1964b347c7
|
Merge branch 'main' into js/test-suite
|
2025-01-16 13:19:07 +01:00 |
|
Asger F
|
bc34a045d3
|
JS: Triage discrepancies and update test
|
2025-01-10 14:18:31 +01:00 |
|
Asger F
|
18ab066e79
|
JS: Remove OK comments that don't provide further explanation
|
2025-01-10 14:18:30 +01:00 |
|
Asger F
|
c2b65b1f85
|
JS: Port IncompleteUrlSubstringSanitization test
|
2025-01-10 14:18:29 +01:00 |
|
Asger F
|
6b4be13a8e
|
JS: Move annotations to the correct line
|
2025-01-10 14:18:28 +01:00 |
|
Asger F
|
95e20a045b
|
JS: Port IncompleteUrlSchemeCheck test
|
2025-01-10 14:18:26 +01:00 |
|
Asger F
|
563471dd52
|
JS: Triage discrepancies and update test
|
2025-01-10 14:18:25 +01:00 |
|
Asger F
|
48f7a58d01
|
JS: Update IncompleteHostnameRegExp test to match reality
|
2025-01-10 14:18:24 +01:00 |
|
Asger F
|
a83508a828
|
JS: Port IncompleteHostNameRegExt test
|
2025-01-10 14:18:23 +01:00 |
|
Asger F
|
d52bc971b8
|
Merge branch 'main' into js/shared-dataflow-merge-main
|
2024-11-20 14:05:03 +01:00 |
|
Napalys
|
b239bfabf1
|
Added tests forIncompleteHostnameRegExp and normalizedPaths using matchAll
|
2024-11-05 09:22:26 +01:00 |
|
Napalys
|
ccee34d6d3
|
Added support for matchAll in CWE-020 including new test cases
|
2024-11-05 08:51:24 +01:00 |
|
Asger F
|
52ba91a7f8
|
JS: Updates to nodes/edges in tests
Only changes to nodes/edges for various reasons, no actual result changes
|
2024-10-29 08:32:13 +01:00 |
|
Asger F
|
12e316b99d
|
JS: Update test output after merging in 'main'
- Paths are now relative to the test case, not the qlpack
- Paths going through an implicit reads have changed slightly
|
2024-10-08 10:11:15 +02:00 |
|
Asger F
|
2e2181be2c
|
JS: Update test output that only affects nodes/edges/subpaths
|
2024-08-27 11:35:33 +02:00 |
|
Asger F
|
53efb5837b
|
JS: Update some tests with provenance columns
Only includes the changes that purely contain the new provenance columns
|
2024-06-26 13:51:44 +02:00 |
|
Asger F
|
5e7d1d5c2c
|
Merge branch 'main' into js/shared-dataflow-merged
|
2024-03-13 14:27:16 +01:00 |
|
erik-krogh
|
396da117bb
|
remove an FP in overly-large-range for [@-Z]
|
2024-01-25 14:15:06 +01:00 |
|
erik-krogh
|
1a8a70dc1b
|
mark the range [0-?] as good in the overly-large-range query
|
2024-01-17 13:11:57 +01:00 |
|
Asger F
|
8e95a90d03
|
JS: Port UntrustedDataToExternalAPI
|
2023-10-13 13:15:04 +02:00 |
|
Asger F
|
9df9ca2916
|
JS: Update test and expectations for MissingRegExpAnchor
|
2023-05-26 14:07:34 +02:00 |
|
Asger F
|
62dca44ee5
|
Update UntrustedDataToExternalAPI.expected
|
2023-04-17 08:23:04 +02:00 |
|
erik-krogh
|
e7aef17d30
|
don't report every non-ascii range in js/overly-large-range
|
2022-09-13 20:43:52 +02:00 |
|
Erik Krogh Kristensen
|
ff25451699
|
rename query to overly-large-range, and rewrite the @description
|
2022-07-12 16:02:46 +02:00 |
|
Erik Krogh Kristensen
|
a343ceaf8b
|
add suspicious-regexp-range query
|
2022-06-28 09:49:27 +02:00 |
|
Erik Krogh Kristensen
|
0a26e891a2
|
include startsWith/endsWith checks in js/missing-origin-check
|
2022-04-25 15:28:50 +02:00 |
|
Erik Krogh Kristensen
|
bca4d14129
|
rename files
|
2022-04-12 14:37:43 +02:00 |
|
Erik Krogh Kristensen
|
591fcda862
|
various improvements to the js/missing-origin-verification query
|
2022-04-12 14:20:41 +02:00 |
|
Erik Krogh Kristensen
|
e2badab251
|
update expected output after test reorganization
|
2022-04-12 10:39:28 +02:00 |
|
Erik Krogh Kristensen
|
ec9c308d06
|
reorganize the tests in CWE-020
|
2022-04-12 10:39:28 +02:00 |
|
Erik Krogh Kristensen
|
cf94c93b1a
|
Merge pull request #8481 from erik-krogh/schemeChain
JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check
|
2022-03-25 11:13:10 +01:00 |
|
Erik Krogh Kristensen
|
693c77f3df
|
add test for string replacement chains of URL schemes
|
2022-03-18 11:05:59 +01:00 |
|
Arthur Baars
|
bb348116ab
|
JavaScript: update expected output
|
2022-03-07 16:10:08 +01:00 |
|
Erik Krogh Kristensen
|
0023b885f5
|
update expected output
|
2021-11-15 13:50:12 +01:00 |
|
Erik Krogh Kristensen
|
9a11c13e11
|
update expected output
|
2021-11-11 11:56:30 +01:00 |
|
Erik Krogh Kristensen
|
12305aae42
|
extract regexp literals from string concatenations
|
2021-10-28 10:44:33 +02:00 |
|
Asger Feldthaus
|
5838e54a46
|
JS: Sharpen recognition of string 'match' calls
|
2021-06-16 09:27:02 +02:00 |
|
Asger Feldthaus
|
f737f34dcd
|
JS: Add UntrustedDataToExternalApi query
|
2020-11-19 13:42:25 +00:00 |
|
Erik Krogh Kristensen
|
15a74493e0
|
more permissive path elements in js/incomplete-url-substring-sanitization
|
2020-08-13 11:46:13 +02:00 |
|
Erik Krogh Kristensen
|
3fb9c28806
|
adjust comment about slash position
|
2020-08-13 11:46:13 +02:00 |
|
Erik Krogh Kristensen
|
1d111c3e1f
|
expand what urls are detected by js/incomplete-url-substring-sanitization
|
2020-08-12 14:25:35 +02:00 |
|
Esben Sparre Andreasen
|
e172d55ecb
|
Update javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.js
Co-authored-by: Asger F <asgerf@github.com>
|
2020-05-22 13:33:34 +02:00 |
|
Esben Sparre Andreasen
|
b3691cd0e9
|
JS: change MembershipTest to MembershipCandidate
|
2020-05-18 11:51:00 +02:00 |
|
Esben Sparre Andreasen
|
ddb545c182
|
JS: introduce MembershipTests.qll and use in two locations
|
2020-05-18 09:50:00 +02:00 |
|
Erik Krogh Kristensen
|
38db731e0b
|
add change note and new test for js/incomplete-url-scheme-check
|
2020-05-05 13:38:27 +02:00 |
|
Asger Feldthaus
|
2c6beadf68
|
JS: Recognize more forms of scheme checks
|
2020-04-06 12:30:03 +01:00 |
|
Esben Sparre Andreasen
|
5b1b945c35
|
JS: distinguishes escapes in strings and regular expression literals
|
2020-03-10 12:26:20 +01:00 |
|
Asger Feldthaus
|
e405a9769c
|
JS: Really autoformat everything
|
2020-03-02 10:48:33 +00:00 |
|
Asger F
|
e01a9846d8
|
JS: Update test annotations
|
2019-11-15 09:27:20 +00:00 |
|
Asger F
|
153d34638b
|
JS: Fix a FP
|
2019-11-15 09:27:20 +00:00 |
|