hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

72 Commits

Author SHA1 Message Date
Asger F
92dfdc8194 Update javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/UnsafeHtmlExpansion.js 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-03-10 14:19:33 +01:00
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
64d39da5f8 JS: Accept Sources/Sink tags 2025-02-28 13:29:30 +01:00
Asger F
e5bee19b19 JS: Accept a double-flagged line 
This is flagged by two queries but for two separate issues. Seems valid to flag it twice.
 2025-02-28 13:27:51 +01:00
Asger F
68fae9ded8 JS: Accept alerts about newline replacement 2025-02-28 13:27:49 +01:00
Asger F
1f3c49638b JS: Accept some less obvious alerts 
These are listed in a function called 'good' but it's difficult to say in isolation whether they should be flagged or not. Accepting the changes as they seem reasonable.
 2025-02-28 13:27:48 +01:00
Asger F
10a7294327 JS: Accept trivial test changes 
This adds Alert annotations for alerts that seem intentional by the test
but has not been annotated with 'NOT OK', or the comment was in the wrong
place.

In a few cases I included 'Source' expectations to make it easier to see
what happened. Other 'Source' expectations will be added in bulk a later
commit.
 2025-02-28 13:27:43 +01:00
Asger F
0453ded338 JS: Add query ID to some alerts 2025-02-28 13:27:41 +01:00
Asger F
86932c51bc JS: Move some alerts to their correct location 
One of the diffs look confusing but:
Previously parameter {2,3} where flagged, now parameter {1,2} are flagged.

Note that for command injection, the SystemCommandExecution is flagged
despite the test file claiming otherwise.
 2025-02-28 13:27:40 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
426edd55f2 JS: Update output after line number change 
Some OK-style comments had to be moved to the following line, shifting line numbers.

In selected range also included the comments themselves.

Lastly, the result sets were reordered by the CLI in some cases.
 2025-02-28 13:27:31 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Napalys
3171f38cdd JS: fixed bad alert messages when it came to incomplete sanitization for new RegExp objects 2024-11-29 11:14:45 +01:00
Napalys
fe28657c7d JS: add test cases with unknown flags for double escaping, works as expected. 2024-11-28 11:26:51 +01:00
Napalys
98fd97799c JS: imcomplete sanization now handles properly maybe global 2024-11-28 11:26:50 +01:00
Napalys
1ae174849f JS: incomplete sanitization now also works with RegExp objects 2024-11-28 11:26:48 +01:00
Napalys
76318035ff JS: Add test cases for RegExp object usage in replace within incomplete sanitization 2024-11-28 11:26:47 +01:00
Napalys
18c7b18f82 JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged. 2024-11-28 11:26:36 +01:00
Napalys
89f3b6f8d3 JS: Added test case for bad sanitizer with unknown flags, currently not flagged. 2024-11-28 11:26:35 +01:00
Napalys
38be0e4c0a JS: Now BadHtmlSanitizers also flags new RegExp as potential issue 2024-11-28 11:26:34 +01:00
Napalys
41f21d429b JS: Added test case which is not flagged but should be abusing new RegExp with global flag 2024-11-28 11:26:33 +01:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
e3ab5bdd16 JS: Port IncompleteHtmlAttributeSanitization 2023-10-13 13:15:05 +02:00
erik-krogh
f9eee906cf fix FP by requiring that the regular expression mention on of the chars important in the prefix 2023-07-01 20:30:09 +02:00
erik-krogh
bd400be6ec add FP for incomplete-multi-char-sanitization 2023-07-01 20:28:31 +02:00
erik-krogh
38ca68febb recognize "-->" as a bad tag filter 2023-01-10 18:09:56 +01:00
erik-krogh
15416a9c86 fix getCanonicalCharClass in NfaUtils 2022-11-01 21:35:07 +01:00
erik-krogh
78e35e2f29 add failing test 2022-11-01 21:33:19 +01:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
Harry Maclean
f1a546c4d6 Rename IncompleteMultiCharacterSanitization[Query] 2022-08-17 16:03:49 +12:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
Erik Krogh Kristensen
4cc2ac9d35 exclude char classes that match everything 2021-08-18 08:59:17 +00:00
Erik Krogh Kristensen
9c2d83e82b add tests 2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
6d06550f7d update expected output 2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
3640bbd466 add test for IncompleteHtmlAttributeSanitization 2021-03-16 13:25:27 +01:00
Erik Krogh Kristensen
ca435763b0 separate message for double and single quotes 2021-02-01 23:54:12 +01:00
Erik Krogh Kristensen
3f1e81533c support html attribute concatenations with single quotes 2021-01-29 10:37:37 +01:00
Esben Sparre Andreasen
847687974f JS: only select non-nullable terms in the broken sanitizer 2021-01-12 08:50:19 +01:00
Esben Sparre Andreasen
40cfbab335 JS: address review feedback 2021-01-12 08:49:08 +01:00
Esben Sparre Andreasen
580a24e982 JS: rewrite js/incomplete-multi-character-sanitization 2021-01-11 11:26:45 +01:00
Esben Sparre Andreasen
2d2468463b JS: initial version of IncompleteMultiCharacterSanitization.ql 2020-06-09 08:59:59 +02:00
Esben Sparre Andreasen
344f0c36b0 JS: update expected output 2020-05-06 11:18:14 +02:00
Esben Sparre Andreasen
304b013f88 JS: query and tests for unsafe HTML expansion 2020-05-05 10:32:16 +02:00
Esben Sparre Andreasen
89613dbd23 JS: add query for incomplete HTML attribute sanitization 2020-04-24 09:17:46 +02:00
Max Schaefer
0edb70f373 JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-11-22 09:24:34 +00:00
Max Schaefer
cb54618a5d JavaScript: Deal with (un-)escaping on captured variables. 2019-11-22 09:24:34 +00:00
Max Schaefer
61aa075e8d JavaScript: Fix regexes for escaping schemes. 2019-11-22 09:24:34 +00:00
Max Schaefer
4f899a9b0d JavaScript: Recognize string escaping using .replace with a callback. 2019-11-22 09:24:34 +00:00