codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
Napalys Klicius	3fbe348f99	Merge pull request #19784 from Napalys/js/express_middleware JS: Improve Express middleware taint tracking	2025-06-20 15:36:26 +02:00
Napalys Klicius	060b98d36c	JS: enchance middleware taint tracking via local source	2025-06-17 08:30:19 +02:00
Napalys Klicius	da21a064ac	JS: add `_parsedUrl` as remote input source	2025-06-16 16:28:30 +02:00
Napalys Klicius	67aac7abfa	JS: add test cases for middleware property assignment tracking	2025-06-16 16:26:08 +02:00
Napalys Klicius	bdbc49c63f	JS: Removed `encodeURI` from request forgery sanitizer list	2025-06-16 13:08:11 +02:00
Napalys Klicius	deb715a517	JS: Add test case with `encodeURI` for request forgery	2025-06-16 10:49:29 +02:00
Napalys Klicius	b9b62fa1c1	JS: Add `URL` from `url` package constructor taint step for request forgery detection	2025-05-30 18:32:02 +02:00
Napalys Klicius	19cc3e335f	JS: Add test case for `RequestForgery` with url wrapped via package `URL`	2025-05-30 18:26:47 +02:00
Michael Nebel	2e0ce44fde	Javascript: Update test files.	2025-04-23 15:41:41 +02:00
Napalys	678eccb417	Added `searchParams.get` as potential source for SSRF	2025-04-11 09:42:07 +02:00
Napalys	8674b61e5a	Added SSRF test case with `searchParams` for `NextRequest`	2025-04-11 09:26:16 +02:00
Napalys	6e09a65da0	Added support for `NextRequest` `middleware` SSRF.	2025-04-11 08:43:36 +02:00
Napalys	734ad2d767	Removed legacy `Consistency` check as it is redundant now with inline test expectations.	2025-04-11 08:43:08 +02:00
Napalys	208487f236	Added `middleware` test	2025-04-11 08:39:47 +02:00
Napalys	63a3953b0c	Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures.	2025-04-10 14:48:17 +02:00
Napalys	81cba7fa2f	Added test cases with missing alerts for `Request` and `NextRequest`.	2025-04-10 14:43:48 +02:00
Asger F	1ad471cb32	JS: Track through spread/rest params in API graphs	2025-03-28 09:14:36 +01:00
Napalys	10498bbaa4	Added support for `axios.interceptors.request`.	2025-03-25 10:54:56 +01:00
Napalys	ea181e4173	Added test case for `axios.interceptors.request`	2025-03-25 10:54:17 +01:00
Napalys	056bf4fde7	Added test case with inheretence.	2025-03-20 13:08:56 +01:00
Napalys	cb18408502	Added data as model for `ApolloServer`.	2025-03-19 13:36:06 +01:00
Napalys	23fdc3534f	Added test case `@apollo/server` with `SSRF`.	2025-03-19 13:34:27 +01:00
Asger F	2a194a53af	raw test output	2025-02-28 13:29:39 +01:00
Asger F	64d39da5f8	JS: Accept Sources/Sink tags	2025-02-28 13:29:30 +01:00
Asger F	4d7cbe6f60	JS: Accept to web socket-based SSRF alerts	2025-02-28 13:29:07 +01:00
Asger F	764eb98809	JS: Move two alerts and add query ID	2025-02-28 13:29:06 +01:00
Asger F	976096540f	JS: Accept an alert	2025-02-28 13:29:05 +01:00
Asger F	f5911c9e5a	JS: Accept raw test output	2025-02-28 13:27:38 +01:00
Asger F	d0ce53ed82	JS: Enable post-processing for all .qlref files	2025-02-28 13:27:33 +01:00
Asger F	9be041e27d	JS: Update OK-style comments to $-style	2025-02-28 13:27:28 +01:00
Asger F	3acd4814de	Merge branch 'main' into js/shared-dataflow-merge-main	2024-12-19 10:14:38 +01:00
Michael Nebel	c3fe3e468c	Javascript: Update all test util paths to point to the new location.	2024-12-12 13:54:25 +01:00
Asger F	08d25c122d	JS: Deprecate more uses of ConsistencyConfiguration	2024-12-03 14:30:27 +01:00
Asger F	0ce1fe767d	JS: Deprecate ConsistencyChecking to avoid deprecation warnings	2024-12-03 14:30:23 +01:00
Asger F	53efb5837b	JS: Update some tests with provenance columns Only includes the changes that purely contain the new provenance columns	2024-06-26 13:51:44 +02:00
Asger F	92816b1c9a	JS: Port ClientSideRequestForgery	2023-10-13 13:15:03 +02:00
Asger F	b2216627be	JS: Port RequestForgery	2023-10-13 13:15:03 +02:00
erik-krogh	3cece50f78	add encodeURIComponent as a sanitizer for request-forgery	2023-01-23 13:53:53 +01:00
erik-krogh	be8ef1b324	add failing test	2023-01-23 13:52:36 +01:00
erik-krogh	368f84785b	fix some more style-guide violations in the alert-messages	2022-10-07 11:22:22 +02:00
Asger Feldthaus	cf66d01e80	JS: Add consistency test	2022-02-16 13:35:01 +01:00
Asger Feldthaus	3103cfd925	JS: Rename to tests to clientSide.js and serverSide.js	2022-02-16 13:35:01 +01:00
Asger Feldthaus	3fbc3a4d70	JS: Add ClientSideRequestForgery to RequestForgery test	2022-02-16 13:35:01 +01:00
Erik Krogh Kristensen	99dd5330c2	add taint-step for URL construction in js/request-forgery	2021-04-08 11:10:33 +02:00
Erik Krogh Kristensen	c194598d37	recognize headers/url from the HTTP request to a server WebSocket.	2021-04-06 10:11:27 +02:00
Erik Krogh Kristensen	84e9229386	Merge branch 'main' into koa	2021-03-19 16:56:15 +01:00
Erik Krogh Kristensen	58617c5c59	recognize client websockets as ClientRequests	2021-03-18 19:08:39 +01:00
Erik Krogh Kristensen	3995ff322d	add models for `koa-route` and `koa-router`	2021-03-17 19:17:20 +01:00
Asger Feldthaus	2e57a7d3e9	JS: Add ClientSideRemoteFlowSource	2021-03-16 13:28:09 +00:00
Erik Krogh Kristensen	e6e4a485c8	add JSDOM.fromUrl() as a request forgery sink	2020-11-02 17:05:56 +01:00

1 2

61 Commits