Asger F
8ee5b237e2
Update javascript/ql/test/query-tests/Security/CWE-730/server-crash.js
...
Co-authored-by: Napalys Klicius <napalys@github.com >
2025-03-10 14:21:46 +01:00
Asger F
2a194a53af
raw test output
2025-02-28 13:29:39 +01:00
Asger F
64d39da5f8
JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00
Asger F
0453ded338
JS: Add query ID to some alerts
2025-02-28 13:27:41 +01:00
Asger F
f5911c9e5a
JS: Accept raw test output
2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82
JS: Enable post-processing for all .qlref files
2025-02-28 13:27:33 +01:00
Asger F
426edd55f2
JS: Update output after line number change
...
Some OK-style comments had to be moved to the following line, shifting line numbers.
In selected range also included the comments themselves.
Lastly, the result sets were reordered by the CLI in some cases.
2025-02-28 13:27:31 +01:00
Asger F
9be041e27d
JS: Update OK-style comments to $-style
2025-02-28 13:27:28 +01:00
Asger F
d79f429978
JS: Update changes to nodes/edges/subpaths
...
No changes in actual alerts
2025-02-17 10:36:05 +01:00
Asger F
f8dc7eb25b
JS: Update output from tests that changed on main
2024-12-19 15:25:47 +01:00
Asger F
3acd4814de
Merge branch 'main' into js/shared-dataflow-merge-main
2024-12-19 10:14:38 +01:00
Napalys
1d2e08a3b6
JS: now Reg Exp injection treats unknownFlags as sanitization, MetacharEscapeSanitizer
2024-11-28 11:26:58 +01:00
Napalys
62194f5337
JS: add test cases RegExp with unknown flags
2024-11-28 11:26:57 +01:00
Asger F
2e2181be2c
JS: Update test output that only affects nodes/edges/subpaths
2024-08-27 11:35:33 +02:00
Asger F
a2dd47aeb2
JS: Update test output
...
These files conflicted and have been regenerated.
2024-08-22 14:27:15 +02:00
Asger F
c54f5858b1
Merge branch 'main' into js/shared-dataflow-merge-main
2024-08-22 13:22:05 +02:00
Asger F
699d3a0a0a
JS: Update a RegExp injection test
...
RegExpInjection does not use client-side sources, but one of its tests was using postMessage events
as the taint source. Updating the test to use a different taint source.
2024-08-16 14:20:34 +02:00
Asger F
53efb5837b
JS: Update some tests with provenance columns
...
Only includes the changes that purely contain the new provenance columns
2024-06-26 13:51:44 +02:00
Asger F
dcc73a7f90
JS: Port RegExpInjection
2023-10-13 13:15:05 +02:00
Asger F
40daa9c906
JS: Update RegExpInjection test and expectations
2023-05-26 14:05:36 +02:00
erik-krogh
393649b7ce
don't call environment variables for command-line arguments
2023-02-14 14:27:41 +01:00
erik-krogh
36478124ae
add process.env and process.argv etc. as source for js/regex-injection
2023-02-14 14:21:53 +01:00
erik-krogh
368f84785b
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
erik-krogh
aa56ca37ae
make the alert messages of taint-tracking queries more consistent
2022-09-05 14:04:52 +02:00
Asger Feldthaus
16e3681fd3
JS: Update RegExpInjection test case
2021-06-22 12:00:04 +02:00
Erik Krogh Kristensen
33641c84f6
recognize sanitizing string replace call for regexp-injection
2021-05-14 11:58:27 +02:00
Erik Krogh Kristensen
ab53f3b380
add array.filter() as a taint-step
2021-05-05 12:03:14 +02:00
Asger Feldthaus
aa1c8c041e
JS: Exclude client-side sources from RegExpInjection
2021-03-16 13:28:11 +00:00
Esben Sparre Andreasen
3015dcd310
JS: reformulate js/server-crash. Support promises and shorter paths.
2021-01-19 09:08:52 +01:00
Esben Sparre Andreasen
1bc7d68a50
Update javascript/ql/test/query-tests/Security/CWE-730/server-crash.js
...
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com >
2021-01-13 14:49:42 +01:00
Esben Sparre Andreasen
d591c519a8
JS: reformulate js/server-crash as a path problem
2021-01-13 00:08:28 +01:00
Esben Sparre Andreasen
2dbd762bd9
JS: reintroduce reverted js/server-crash
...
This reverts commit 0a8d15ccc4
2021-01-11 14:13:41 +01:00
Erik Krogh Kristensen
0d64a0f2c8
update consistency comment for CWE-730
2020-07-08 10:07:34 +02:00
Erik Krogh Kristensen
15d74b7d03
remove FP from js/regexpinjection where no regexp was constructed
2019-12-19 10:47:03 +01:00
Max Schaefer
b42026a90a
JavaScript: Update expected output.
2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22
JavaScript: Update expected output.
2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74
JavaScript: Restrict edges to only contain nodes.
2019-10-29 15:03:52 +00:00
Asger F
50a77ea843
JS: update test expectations
2019-03-06 08:41:03 +00:00
Max Schaefer
9221b62ded
JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates.
2018-11-14 09:32:31 +00:00
Esben Sparre Andreasen
3d3b7b0254
JS: fix typo in test case
2018-09-06 22:54:07 +02:00
Esben Sparre Andreasen
b9d825b379
JS: better matching of String.prototype.search in js/regex-injection
2018-09-05 08:35:00 +02:00
Pavel Avgustinov
b55526aa58
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
