2631 Commits

Author	SHA1	Message	Date
Asger Feldthaus	4eda6f643f	JS: Recognize subclasses of HTMLElement in domValueRef	2022-04-07 09:57:31 +02:00
Erik Krogh Kristensen	0435cee57f	add a taint-step through URL.createObjectURL for js/xss-through-dom	2022-04-06 12:18:47 +02:00
Erik Krogh Kristensen	b11d48e749	add files in the DOM as a source for js/xss-through-dom	2022-04-06 12:09:07 +02:00
Stephan Brandauer	9c3fcb6268	precise tracking of handlebars arguments	2022-03-28 17:26:43 +02:00
Erik Krogh Kristensen	cf94c93b1a	Merge pull request #8481 from erik-krogh/schemeChain ... JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check	2022-03-25 11:13:10 +01:00
Stephan Brandauer	a28e9c5b6e	documentation for handlebars.js flow step	2022-03-24 13:08:52 +01:00
Stephan Brandauer	0bd9e9f298	add handlebars taint step	2022-03-24 11:46:16 +01:00
Erik Krogh Kristensen	c8385a1e80	js/xss-through-dom: filter away reads of .src that end in a URL sink	2022-03-21 16:48:59 +01:00
Arthur Baars	431b60506e	Merge remote-tracking branch 'upstream/main' into incomplete-hostname	2022-03-18 13:05:34 +01:00
Erik Krogh Kristensen	693c77f3df	add test for string replacement chains of URL schemes	2022-03-18 11:05:59 +01:00
Erik Krogh Kristensen	6cdc38748c	update expected output	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	d8a5947a08	simplify TaintedUrlSuffix::source() to only consider window.location based sources	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	f083e87fa1	refactor the js/xss query to use three flowlabels and one configuration	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	87842bb8b7	add client-side-url sinks that may execute JavaScript as XSS sinks	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	b471fec149	split interpretsArgumentsAsURL out of interpretsArgumentsAsHTML, and use it to generalize AttributeUrlSink	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	fc79242674	add tests	2022-03-16 22:32:08 +01:00
Arthur Baars	ab93b3784b	Merge remote-tracking branch 'upstream/main' into incomplete-hostname	2022-03-16 12:31:12 +01:00
Erik Krogh Kristensen	195ce9c58a	add some API-nodes to js/disabling-certificate-validation	2022-03-14 21:33:13 +01:00
Erik Krogh Kristensen	cebd24156c	support that the base is not a method-call in getAChainedMethodCall	2022-03-09 11:12:04 +01:00
Arthur Baars	bb348116ab	JavaScript: update expected output	2022-03-07 16:10:08 +01:00
Erik Krogh Kristensen	4fba5e4dfb	step through parentheses in barrier functions	2022-02-25 17:47:12 +01:00
Erik Krogh Kristensen	ad3399733b	recognize more module exports from the factory pattern	2022-02-23 21:29:45 +01:00
Erik Krogh Kristensen	e13b2df86f	Merge pull request #8185 from erik-krogh/amdImp ... JS: recognize modules imported by AMD imports as library inputs	2022-02-23 20:21:45 +01:00
Stephan Brandauer	a664e02d04	Merge pull request #8014 from kaeluka/js/functionality-from-untrusted-source ... JS: Functionality from untrusted sources query (CWE-830)	2022-02-23 12:45:31 +01:00
Erik Krogh Kristensen	203212657e	recognize modules imported by AMD imports as library inputs	2022-02-23 10:39:45 +01:00
Stephan Brandauer	c17d8b145a	Merge pull request #8054 from asgerf/js/split-request-forgery ... JS: split request forgery query into server-side and client-side variants	2022-02-23 10:27:16 +01:00
Esben Sparre Andreasen	58e0d54744	Merge pull request #8168 from github/esbena/hapi-reflected-xss ... JS: model hapi handler returns as reflected-xss sinks	2022-02-23 08:53:15 +01:00
Esben Sparre Andreasen	2c527f7b35	model hapi handler returns as reflected-xss sinks	2022-02-22 14:12:01 +01:00
Erik Krogh Kristensen	517e17d422	support more property writes in js/prototype-pollution-utility, and generalize ObjectDefinePropertyAsPropWrite	2022-02-22 13:23:34 +01:00
Stephan Brandauer	2278e7f6e6	CWE 830 polish error messages	2022-02-22 11:41:54 +01:00
Stephan Brandauer	82330391c3	CWE-830 add support for setting attributes via setAttribute method	2022-02-22 11:41:54 +01:00
Stephan Brandauer	d80cd1aeb5	CWE 830 test where both branches in a ternary are unsafe	2022-02-22 11:41:53 +01:00
Stephan Brandauer	2934aa1a3a	rewrite docs, improve error messages, etc	2022-02-22 11:41:53 +01:00
Stephan Brandauer	d2335b65d5	stylistic improvements after review	2022-02-22 11:41:53 +01:00
Stephan Brandauer	9aec4437e2	polish qhelp for CWE-830 and add test file	2022-02-22 11:41:53 +01:00
Stephan Brandauer	fd77e27ed9	replace taint tracking by type tracking and merge remaining queries for CWE-830	2022-02-22 11:41:53 +01:00
Stephan Brandauer	8cafa6d562	improve error message in CWE-830	2022-02-22 11:41:53 +01:00
Stephan Brandauer	780fa97869	always require integrity checking for certain CDNs	2022-02-22 11:41:53 +01:00
Stephan Brandauer	83764df4f5	rename tests for CW-830 to clarify responsibilities	2022-02-22 11:41:52 +01:00
Stephan Brandauer	8d397fea09	JS: query to find dynamic creations of DOM elements that use untrusted sources	2022-02-22 11:41:52 +01:00
Stephan Brandauer	b35c70994f	permit http urls to 127.0.0.1 and others	2022-02-22 11:41:52 +01:00
Stephan Brandauer	6722c17bb0	JS: Functionality from untrusted sources query (CWE-830)	2022-02-22 11:41:52 +01:00
Esben Sparre Andreasen	1d437dd722	Merge pull request #8043 from github/esbena/sharpen-hardcoded-credentials ... JS: Sharpen hardcoded credentials	2022-02-21 10:02:58 +01:00
Asger Feldthaus	cf66d01e80	JS: Add consistency test	2022-02-16 13:35:01 +01:00
Asger Feldthaus	3103cfd925	JS: Rename to tests to clientSide.js and serverSide.js	2022-02-16 13:35:01 +01:00
Asger Feldthaus	3fbc3a4d70	JS: Add ClientSideRequestForgery to RequestForgery test	2022-02-16 13:35:01 +01:00
Esben Sparre Andreasen	f08a140505	update tests for password patterns	2022-02-16 13:22:19 +01:00
Esben Sparre Andreasen	816d79692b	ignore deliberately hardcoded password strings	2022-02-16 09:47:01 +01:00
Esben Sparre Andreasen	78744a0182	add additional tests	2022-02-16 09:44:56 +01:00
Esben Sparre Andreasen	e67c09f9ab	change example passwords in test	2022-02-16 08:56:00 +01:00