17 Commits

Author	SHA1	Message	Date
aegilops	d71be8aeaf	Moved from experimental into default queries	2024-07-11 11:44:01 +01:00
aegilops	86afd54a9b	Moved new query to 'experimental' ... Moved lists of domains to data extensions, including adding those to the overall qlpack.yml Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io	2024-07-09 16:38:01 +01:00
aegilops	e2b37f97b0	Added dot to end of test message	2024-07-01 17:41:26 +01:00
aegilops	a1b0703690	Added detection for specific Polyfill.io CDN compromise - edited existing library and added new query and tests	2024-07-01 16:21:34 +01:00
Stephan Brandauer	2278e7f6e6	CWE 830 polish error messages	2022-02-22 11:41:54 +01:00
Stephan Brandauer	82330391c3	CWE-830 add support for setting attributes via setAttribute method	2022-02-22 11:41:54 +01:00
Stephan Brandauer	d80cd1aeb5	CWE 830 test where both branches in a ternary are unsafe	2022-02-22 11:41:53 +01:00
Stephan Brandauer	2934aa1a3a	rewrite docs, improve error messages, etc	2022-02-22 11:41:53 +01:00
Stephan Brandauer	d2335b65d5	stylistic improvements after review	2022-02-22 11:41:53 +01:00
Stephan Brandauer	9aec4437e2	polish qhelp for CWE-830 and add test file	2022-02-22 11:41:53 +01:00
Stephan Brandauer	fd77e27ed9	replace taint tracking by type tracking and merge remaining queries for CWE-830	2022-02-22 11:41:53 +01:00
Stephan Brandauer	8cafa6d562	improve error message in CWE-830	2022-02-22 11:41:53 +01:00
Stephan Brandauer	780fa97869	always require integrity checking for certain CDNs	2022-02-22 11:41:53 +01:00
Stephan Brandauer	83764df4f5	rename tests for CW-830 to clarify responsibilities	2022-02-22 11:41:52 +01:00
Stephan Brandauer	8d397fea09	JS: query to find dynamic creations of DOM elements that use untrusted sources	2022-02-22 11:41:52 +01:00
Stephan Brandauer	b35c70994f	permit http urls to 127.0.0.1 and others	2022-02-22 11:41:52 +01:00
Stephan Brandauer	6722c17bb0	JS: Functionality from untrusted sources query (CWE-830)	2022-02-22 11:41:52 +01:00