31 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	010d580f8e	add model for multiparty	2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen	61b4ffec3d	add remote flow from the Formidable library	2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen	a03f4ed3cd	add remote flow source for busboy	2021-02-11 09:34:02 +01:00
Erik Krogh Kristensen	e2fbf8a68c	add files uploaded with multer as RemoteFlowSource	2021-02-11 09:33:15 +01:00
Max Schaefer	dc7b447895	JavaScript: Make alert locations for command injection more precise.	2020-09-23 14:07:36 +01:00
Max Schaefer	439aadf0b6	JavaScript: Do even more type tracking in command injection.	2020-09-23 14:07:36 +01:00
Max Schaefer	ef18b39124	JavaScript: Fix use of type backtracker in IndirectCommandArgument.qll.	2020-09-23 14:07:36 +01:00
CodeQL CI	a4f8b19ae4	Merge pull request #3876 from erik-krogh/CWE078-Correctness ... Approved by esbena	2020-08-03 15:38:51 +01:00
Max Schaefer	91762ec274	JavaScript: Add partial model for opener. ... 3.5M weekly downloads. Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.	2020-07-27 11:42:32 +01:00
Max Schaefer	9aa26fa4bc	JavaScript: Add model for foreground-child. ... >1M weekly downloads, so seems worth doing.	2020-07-27 11:37:06 +01:00
Max Schaefer	2f842042ea	JavaScript: Model another execa function relevant for command injection.	2020-07-27 11:34:04 +01:00
Erik Krogh Kristensen	dc8042adeb	introduce conistency-checking for CWE-078	2020-07-06 12:47:56 +02:00
Erik Krogh Kristensen	0ee3f4977c	add test of webpack-dev-server and monorepo import	2020-06-19 14:15:46 +02:00
semmle-qlci	b9ecf1a304	Merge pull request #3447 from erik-krogh/LibCmdInjection ... Approved by asgerf, mchammer01	2020-05-22 17:10:57 +01:00
Max Schaefer	6797fec1a3	JavaScript: Add more models of packages that execute commands over SSH.	2020-05-18 12:08:14 +01:00
Erik Krogh Kristensen	a1a6826278	support non-SourceNode in IndirectCommandArgument#argumentList	2020-05-16 23:15:37 +02:00
Erik Krogh Kristensen	e8dc77d508	add support for util.promisify with child_process calls	2020-04-15 19:16:30 +02:00
Erik Krogh Kristensen	c6668da02e	expand how indirectCommandArguments are found	2020-02-07 15:00:05 +01:00
Erik Krogh Kristensen	8ea6070120	add indirect command injection sink for a concatenated array	2020-02-07 11:04:34 +01:00
Max Schaefer	8aae1f443f	JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments.	2019-10-31 12:13:55 +00:00
Max Schaefer	b42026a90a	JavaScript: Update expected output.	2019-10-29 15:36:24 +00:00
Max Schaefer	dc1d1c2f22	JavaScript: Update expected output.	2019-10-29 15:30:06 +00:00
Max Schaefer	6964945c74	JavaScript: Restrict edges to only contain nodes.	2019-10-29 15:03:52 +00:00
Esben Sparre Andreasen	5a983cb535	JS: add query js/shell-command-injection-from-environment	2019-10-21 23:31:55 +02:00
Esben Sparre Andreasen	f7bfc472c1	JS: treat server responses as untrusted for command injections	2019-09-11 09:38:18 +02:00
Esben Sparre Andreasen	299d4c6e93	JS: add additional SystemCommandExecutors	2019-06-11 09:38:10 +02:00
Asger F	50a77ea843	JS: update test expectations	2019-03-06 08:41:03 +00:00
Max Schaefer	f9d704bdcf	JavaScript: Add example of indirect command injection.	2019-01-11 10:24:41 +00:00
Esben Sparre Andreasen	376ed7a4d2	JS: generalize js/command-line-injection to handle ConstantString	2018-12-11 13:39:15 +01:00
Max Schaefer	9221b62ded	JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates.	2018-11-14 09:32:31 +00:00
Pavel Avgustinov	b55526aa58	QL code and tests for C#/C++/JavaScript.	2018-08-02 17:53:23 +01:00