hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

52 Commits

Author SHA1 Message Date
Napalys
678eccb417 Added searchParams.get as potential source for SSRF 2025-04-11 09:42:07 +02:00
Napalys
8674b61e5a Added SSRF test case with searchParams for NextRequest 2025-04-11 09:26:16 +02:00
Napalys
6e09a65da0 Added support for NextRequest middleware SSRF. 2025-04-11 08:43:36 +02:00
Napalys
734ad2d767 Removed legacy Consistency check as it is redundant now with inline test expectations. 2025-04-11 08:43:08 +02:00
Napalys
208487f236 Added middleware test 2025-04-11 08:39:47 +02:00
Napalys
63a3953b0c Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures. 2025-04-10 14:48:17 +02:00
Napalys
81cba7fa2f Added test cases with missing alerts for Request and NextRequest. 2025-04-10 14:43:48 +02:00
Asger F
1ad471cb32 JS: Track through spread/rest params in API graphs 2025-03-28 09:14:36 +01:00
Napalys
10498bbaa4 Added support for axios.interceptors.request. 2025-03-25 10:54:56 +01:00
Napalys
ea181e4173 Added test case for axios.interceptors.request 2025-03-25 10:54:17 +01:00
Napalys
056bf4fde7 Added test case with inheretence. 2025-03-20 13:08:56 +01:00
Napalys
cb18408502 Added data as model for ApolloServer. 2025-03-19 13:36:06 +01:00
Napalys
23fdc3534f Added test case @apollo/server with SSRF. 2025-03-19 13:34:27 +01:00
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
64d39da5f8 JS: Accept Sources/Sink tags 2025-02-28 13:29:30 +01:00
Asger F
4d7cbe6f60 JS: Accept to web socket-based SSRF alerts 2025-02-28 13:29:07 +01:00
Asger F
764eb98809 JS: Move two alerts and add query ID 2025-02-28 13:29:06 +01:00
Asger F
976096540f JS: Accept an alert 2025-02-28 13:29:05 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Michael Nebel
c3fe3e468c Javascript: Update all test util paths to point to the new location. 2024-12-12 13:54:25 +01:00
Asger F
08d25c122d JS: Deprecate more uses of ConsistencyConfiguration 2024-12-03 14:30:27 +01:00
Asger F
0ce1fe767d JS: Deprecate ConsistencyChecking to avoid deprecation warnings 2024-12-03 14:30:23 +01:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
92816b1c9a JS: Port ClientSideRequestForgery 2023-10-13 13:15:03 +02:00
Asger F
b2216627be JS: Port RequestForgery 2023-10-13 13:15:03 +02:00
erik-krogh
3cece50f78 add encodeURIComponent as a sanitizer for request-forgery 2023-01-23 13:53:53 +01:00
erik-krogh
be8ef1b324 add failing test 2023-01-23 13:52:36 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Asger Feldthaus
cf66d01e80 JS: Add consistency test 2022-02-16 13:35:01 +01:00
Asger Feldthaus
3103cfd925 JS: Rename to tests to clientSide.js and serverSide.js 2022-02-16 13:35:01 +01:00
Asger Feldthaus
3fbc3a4d70 JS: Add ClientSideRequestForgery to RequestForgery test 2022-02-16 13:35:01 +01:00
Erik Krogh Kristensen
99dd5330c2 add taint-step for URL construction in js/request-forgery 2021-04-08 11:10:33 +02:00
Erik Krogh Kristensen
c194598d37 recognize headers/url from the HTTP request to a server WebSocket. 2021-04-06 10:11:27 +02:00
Erik Krogh Kristensen
84e9229386 Merge branch 'main' into koa 2021-03-19 16:56:15 +01:00
Erik Krogh Kristensen
58617c5c59 recognize client websockets as ClientRequests 2021-03-18 19:08:39 +01:00
Erik Krogh Kristensen
3995ff322d add models for koa-route and koa-router 2021-03-17 19:17:20 +01:00
Asger Feldthaus
2e57a7d3e9 JS: Add ClientSideRemoteFlowSource 2021-03-16 13:28:09 +00:00
Erik Krogh Kristensen
e6e4a485c8 add JSDOM.fromUrl() as a request forgery sink 2020-11-02 17:05:56 +01:00
Erik Krogh Kristensen
ec38df69b3 update consistency comments for CWE-918 2020-07-08 10:24:55 +02:00
Erik Krogh Kristensen
6110f85748 refactor chrome-remote-interface to use type-tracking promise steps 2020-03-10 12:27:21 +01:00
Erik Krogh Kristensen
3ddfd7ba73 add extra promise test for chrome-remote-interface 2020-03-10 12:24:16 +01:00
Erik Krogh Kristensen
897bb4d801 add test for chrome-remote-interface 2020-02-13 15:12:45 +01:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Asger F
3bc7371fd6 JS: be less conservative about incomplete nodes in prefix sanitizers 2019-04-03 15:20:03 +01:00
Asger F
f6e0ccfcf0 JS: model URI and XHR methods from closure library 2019-02-08 15:18:27 +00:00
Asger F
fd2e9f1fcb JS: shift line numbers in RequestForgery test 2019-02-08 15:13:33 +00:00
Esben Sparre Andreasen
c6b4e29b93 JS: add "host" as a sink for js/request-forgery 2018-12-17 10:32:30 +01:00