Asger F
e0ca1b0482
JS: Benign test updates
2024-09-10 13:07:24 +02:00
Asger F
55d4e7e742
JS: Use ArrayElementKnown when reading a constant array index
2024-09-09 13:26:25 +02:00
Asger F
094112c905
Merge pull request #17213 from asgerf/jss/spread-argument
...
JS: Improve handling of spread arguments and rest parameters [shared data flow branch]
2024-09-09 13:15:22 +02:00
Alvaro Muñoz
5d1da861a2
fix: Use YamlScalar for booleans
2024-09-06 23:21:41 +02:00
Alvaro Muñoz
d9e8792d33
[javascript] Query to detect GITHUB_TOKEN leaked in artifacts
2024-09-06 22:55:58 +02:00
Asger F
fb9732a33f
JS: Add another test and TODO about an issue with constant array indices
2024-09-06 08:43:11 +02:00
Asger F
1da68aac73
JS: Benign test output change
...
This happened as a result of the bugfix in the previous commit
2024-09-06 08:43:10 +02:00
Asger F
a9a8351cce
JS: Fix one case of missing handling of unknown array index
2024-09-06 08:43:09 +02:00
Asger F
379c7ef20a
JS: Add test to show lack of unknown array element being propagated
2024-09-06 08:43:08 +02:00
erik-krogh
0fdd06fff5
use my script to delete outdated deprecations
2024-09-03 20:30:58 +02:00
Asger F
4568967a76
JS: Do not use legacy taint steps in TaintedUrlSuffix
...
Tainted URL suffix steps are added as configuration-specific additional
steps, which means implicit reads may occur before any of these steps.
These steps accidentally included the legacy taint steps which include
a step from 'arguments' to all positional parameters. Combined with the
implicit read, arguments could escape their array index and flow to
any parameter while in the tainted-url flow state.
2024-08-29 13:48:30 +02:00
Asger F
65a36b0b3b
JS: Add regression test for argument position confusion
2024-08-29 13:42:28 +02:00
Asger F
f65879eef1
JS: Update a test that no longer fails
2024-08-27 11:35:37 +02:00
Asger F
cb5dbb919d
JS: Update test to reflect implicit read flow has been fixed
...
Shows the effect of https://github.com/github/codeql/pull/17262
2024-08-27 11:35:36 +02:00
Asger F
a2d53c261b
JS: Update test output and add related TODO in model of 'async'
2024-08-27 11:35:35 +02:00
Asger F
837a8be1b8
JS: Update test output and add related TODO in 'markdown-table' model
2024-08-27 11:35:34 +02:00
Asger F
2e2181be2c
JS: Update test output that only affects nodes/edges/subpaths
2024-08-27 11:35:33 +02:00
Asger F
3e196f83f1
JS: Update Promises/flow2 test
2024-08-27 11:35:32 +02:00
Asger F
aa8bd332bf
JS: Add a few more tests
2024-08-27 11:35:31 +02:00
Asger F
371f7ef551
JS: Add implicit taint read of array elements
2024-08-27 11:35:31 +02:00
Asger F
df42e7c527
JS: Add test showing lack of implicit reads for ArrayElement
2024-08-27 11:35:30 +02:00
Asger F
4e7bd9ddd8
JS: Update Arrays test now that array elements do not taint the whole array
2024-08-27 11:35:29 +02:00
Asger F
4389b5c999
JS: Fix issue for .apply() calls
2024-08-27 11:35:28 +02:00
Asger F
34e6864fa3
JS: Note issue with .apply() calls
2024-08-27 11:35:27 +02:00
Asger F
ac1dd1850e
JS: Remove taint step from array element to whole array
2024-08-27 11:35:26 +02:00
Asger F
5084d0260f
Update tests.expected
...
The 'arguments' node is only materialised for functions that use 'arguments
2024-08-27 11:35:25 +02:00
Asger F
895cb872ad
JS: Add taint into dynamic argument array
2024-08-27 11:35:24 +02:00
Asger F
079a622cf9
JS: Add tests showing missing taint flow
...
When the spread argument itself is tained and not
inside any content, the read steps currently fail
to propagate the data.
2024-08-27 11:35:23 +02:00
Asger F
acdc896c04
JS: Support for dynamic args to flow summaries
2024-08-27 11:35:21 +02:00
Asger F
5c7e623c47
JS: Add some tests for missing handling of dynamic args in flow summaries
2024-08-27 11:35:19 +02:00
Asger F
c04f0beb8a
Update DataFlowConsistency.expected
2024-08-27 11:35:18 +02:00
Asger F
fa7ad03068
JS: Add store/load steps for the new argument arrays
2024-08-27 11:35:15 +02:00
Asger F
5d77c336fc
Test case for spread and rest args/params
2024-08-27 11:35:11 +02:00
Asger F
4cdaccd22e
JS: Add InlineFlowTest
2024-08-27 11:35:10 +02:00
Asger F
47c519fc0a
JS: Add test for flow through dynamic imports
2024-08-26 15:15:49 +02:00
Asger F
a2dd47aeb2
JS: Update test output
...
These files conflicted and have been regenerated.
2024-08-22 14:27:15 +02:00
Asger F
c54f5858b1
Merge branch 'main' into js/shared-dataflow-merge-main
2024-08-22 13:22:05 +02:00
Asger F
09aca6b47e
Merge pull request #17212 from mbaluda/main
...
Add support for importing NPM modules in XSJS sources
2024-08-22 10:54:33 +02:00
Asger F
7a7ab457a9
JS: Delete unneeded test code (and shift line numbers)
2024-08-16 14:38:54 +02:00
Asger F
9ee7599aeb
JS: Move AngularJSTemplateUrlSink to ClientSideUrlRedirection query
...
This is not perfect but at least we can be consistent about keeping URLs-that-lead-to-xss in the same query
2024-08-16 14:37:13 +02:00
Asger F
699d3a0a0a
JS: Update a RegExp injection test
...
RegExpInjection does not use client-side sources, but one of its tests was using postMessage events
as the taint source. Updating the test to use a different taint source.
2024-08-16 14:20:34 +02:00
Mauro Baluda
be0a60a7f6
Add support for importing NPM modules in XSJS sources
2024-08-13 14:45:03 +02:00
Erik Krogh Kristensen
41506fbfef
Merge pull request #14666 from am0o0/amammad-js-hardcodedJWTKey
...
JS: Extends CredentialsNode class mostly related to JWT authentication packages
2024-08-08 10:20:45 +02:00
erik-krogh
b8187ed294
support arbitary export specifiers
2024-08-06 20:45:57 +02:00
erik-krogh
5f7f37f6c8
support arbitary import specifiers
2024-08-06 20:45:53 +02:00
Asger F
2d814428d6
JS: Update expected output with provenance
2024-08-06 12:45:08 +02:00
Asger F
df64388d79
Merge branch 'main' into js/shared-dataflow-merge-main
2024-08-02 13:18:38 +02:00
am0o0
354fcbe7fe
apply changes from @erik-krogh
2024-08-01 20:14:36 +02:00
Paul Hodgkinson
c9af53f050
Merge branch 'main' into aegilops/polyfill-io-compromised-script
2024-07-12 12:53:44 +01:00
aegilops
d71be8aeaf
Moved from experimental into default queries
2024-07-11 11:44:01 +01:00
