1112 Commits

Author	SHA1	Message	Date
Esben Sparre Andreasen	cc768345d0	JS: add security tests for malicious torrents	2019-11-14 13:54:19 +01:00
Max Schaefer	ab583b7994	JavaScript: Add query IncompleteUrlSchemeCheck.ql.	2019-11-13 10:27:18 +00:00
Max Schaefer	155cea7b5b	Revert "JavaScript: Improve double-escaping query"	2019-11-12 22:54:12 +00:00
semmle-qlci	3a7f9a588d	Merge pull request #2267 from max-schaefer/js/qltest-extractor-options ... Approved by asger-semmle	2019-11-07 11:36:45 +00:00
Max Schaefer	8fdf6298b9	JavaScript: Remove --platform node extractor options.	2019-11-06 13:01:28 +00:00
Max Schaefer	3e92d0ffb5	JavaScript: Remove redundant --experimental extractor options.	2019-11-05 15:59:24 +00:00
semmle-qlci	eb6e8866fa	Merge pull request #2247 from max-schaefer/odasa-8149 ... Approved by asger-semmle, esbena	2019-11-05 09:40:54 +00:00
Max Schaefer	8aae1f443f	JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments.	2019-10-31 12:13:55 +00:00
semmle-qlci	2a3980222b	Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes ... Approved by asger-semmle	2019-10-31 10:47:30 +00:00
Max Schaefer	bb0771b36c	JavaScript: Deal with escape-unescape-escape (and similar) chains.	2019-10-30 14:49:01 +00:00
Max Schaefer	8c133ff61d	JavaScript: Deal with (un-)escaping on captured variables.	2019-10-30 14:46:50 +00:00
Max Schaefer	a8214ce7ee	JavaScript: Fix regexes for escaping schemes.	2019-10-30 14:15:59 +00:00
Max Schaefer	5349e0f881	JavaScript: Recognise wrapped chains of replacements.	2019-10-30 13:14:38 +00:00
Max Schaefer	02d16b1dc9	JavaScript: Recognise wrapped string replacement functions.	2019-10-30 13:01:17 +00:00
Max Schaefer	aaeca32519	JavaScript: Recognize string escaping using .replace with a callback.	2019-10-30 12:45:32 +00:00
Max Schaefer	bd1c99d8a4	JavaScript: Recognise JSON.stringify and JSON.parse as escaper/unescaper.	2019-10-30 12:38:05 +00:00
semmle-qlci	a778efe71e	Merge pull request #2216 from asger-semmle/xss-encodeURIComponent ... Approved by max-schaefer	2019-10-30 11:49:31 +00:00
Max Schaefer	b42026a90a	JavaScript: Update expected output.	2019-10-29 15:36:24 +00:00
Max Schaefer	dc1d1c2f22	JavaScript: Update expected output.	2019-10-29 15:30:06 +00:00
Max Schaefer	6964945c74	JavaScript: Restrict edges to only contain nodes.	2019-10-29 15:03:52 +00:00
Asger F	94dd9a1c04	JS: Block XSS flow through encodeURIComponent	2019-10-28 17:12:40 +00:00
semmle-qlci	33374ee089	Merge pull request #2202 from asger-semmle/express-sendfile ... Approved by esbena	2019-10-28 09:24:34 +00:00
Max Schaefer	b333c6a214	Merge pull request #2106 from asger-semmle/call-graph-3 ... JS: Call graph changes	2019-10-28 09:24:10 +00:00
Asger F	5636d42c13	JS: Update test	2019-10-25 09:57:10 +01:00
Esben Sparre Andreasen	5a983cb535	JS: add query js/shell-command-injection-from-environment	2019-10-21 23:31:55 +02:00
Asger F	8aa34e6a54	JS: Add XSS test case for new PostMessageEventHandler cases	2019-10-21 11:32:22 +01:00
Esben Sparre Andreasen	e1d7434be4	JS: add query js/useless-regexp-character-escape	2019-10-16 00:15:54 +02:00
Max Schaefer	d4fca84898	JavaScript: Improve XSS sanitizer detection. ... We now use local data flow to detect more regexp-based sanitizers.	2019-09-23 17:07:06 +01:00
semmle-qlci	825a3d2917	Merge pull request #1954 from asger-semmle/type-tracking-through-captured-vars ... Approved by xiemaisi	2019-09-23 12:10:30 +01:00
semmle-qlci	e2c941c577	Merge pull request #1916 from erik-krogh/taintedLength ... Approved by asger-semmle, xiemaisi	2019-09-23 11:47:48 +01:00
Asger F	1ce0a48996	JS: Update tests	2019-09-20 15:41:36 +01:00
semmle-qlci	6f2e485ace	Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible ... Approved by esben-semmle	2019-09-19 12:45:45 +01:00
Max Schaefer	3970ead7ab	JavaScript: Add support for rate-limiter-flexible package.	2019-09-18 12:25:33 +01:00
Esben Sparre Andreasen	ac6554b7da	Merge branch 'master' into js/improve-getAResponseDataNode	2019-09-17 13:18:41 +02:00
Esben Sparre Andreasen	a5645e168a	JS: exclude keys from whitelist	2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen	0e2d2f8662	JS: whitelist some hardcoded dummy-passwords in two queries	2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen	aa3f4a7048	JS: change passwords in tests	2019-09-16 10:09:59 +02:00
Erik Krogh Kristensen	9dc9adda64	fix capitalization in test case ... Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>	2019-09-13 14:54:18 +01:00
Erik Krogh Kristensen	3fb64abb09	fix consistency and spelling in the documentation ... suggestions from the documentation team Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>	2019-09-13 14:52:11 +01:00
Erik Krogh Kristensen	c4f27ed4cc	rename TaintedLength to LoopBoundInjection	2019-09-13 11:12:01 +01:00
Erik Krogh Kristensen	5b2b60f132	change DOS to DoS, and other small documentation fixes ... Co-Authored-By: Max Schaefer <max@semmle.com>	2019-09-13 10:26:01 +01:00
Erik Krogh Kristensen	119b1ffb80	changes based on review from max	2019-09-12 16:30:42 +01:00
Erik Krogh Kristensen	3d359bc8dc	Merge remote-tracking branch 'upstream/master' into taintedLength	2019-09-12 15:24:36 +01:00
Erik Krogh Kristensen	30f1bcf5bc	updated query ID and expected output	2019-09-12 15:24:33 +01:00
Erik Krogh Kristensen	bec522f0df	small changes based on review feedback	2019-09-11 11:26:59 +01:00
semmle-qlci	16c95d8c5e	Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting ... Approved by xiemaisi	2019-09-11 09:16:57 +01:00
Esben Sparre Andreasen	f3de75ae07	JS: update a js/code-injection test	2019-09-11 09:45:54 +02:00
Esben Sparre Andreasen	f7bfc472c1	JS: treat server responses as untrusted for command injections	2019-09-11 09:38:18 +02:00
Erik Krogh Kristensen	97fc10e669	Add query for detecting potential DOS form a tainted .length property	2019-09-10 14:59:48 +01:00
semmle-qlci	df1bf4a95b	Merge pull request #1907 from asger-semmle/mongoose-types ... Approved by xiemaisi	2019-09-10 12:05:57 +01:00