hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,672 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

249 Commits

Author SHA1 Message Date
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Asger F
94dd9a1c04 JS: Block XSS flow through encodeURIComponent 2019-10-28 17:12:40 +00:00
Asger F
8aa34e6a54 JS: Add XSS test case for new PostMessageEventHandler cases 2019-10-21 11:32:22 +01:00
Max Schaefer
d4fca84898 JavaScript: Improve XSS sanitizer detection. 
We now use local data flow to detect more regexp-based sanitizers.
 2019-09-23 17:07:06 +01:00
Erik Krogh Kristensen
2729566bbf add setAttributeNS('xlink', 'href',..) example in XSS test 2019-09-09 09:41:08 +01:00
Erik Krogh Kristensen
c780956f0d add setAttributeNS method in the XSS test 2019-09-06 21:56:29 +01:00
Erik Krogh Kristensen
ccdc821c5d add xlink:href as xss target when using setAttribute 2019-09-06 14:43:47 +01:00
Max Schaefer
b6220998d1 JavaScript: Restrict setAttribute sink to potentially dangerous attribute names. 2019-08-30 11:57:29 +01:00
Max Schaefer
78ce290de3 JavaScript: Fix DomMethodCallExpr.interpretsArgumentsAsHTML. 2019-08-28 11:22:03 +01:00
Max Schaefer
8b3e647ae9 JavaScript: Do not taint for-in loop variable. 2019-07-23 10:52:55 +01:00
Asger F
57dac1d0d5 JS: Update test output to reflect new edge relation 2019-06-25 16:41:29 +01:00
Esben Sparre Andreasen
59b7b0757a JS: make Express' res/req extend Node's res/req 2019-06-12 12:45:01 +02:00
Asger F
9046fd15f7 JS: Update expected output of XSS query (benign) 2019-05-23 08:56:01 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Esben Sparre Andreasen
4ce7ec1661 JS: add XSS vector for Vue's v-html 2019-02-25 12:17:56 +01:00
Max Schaefer
2fce626c3a JavaScript: Add Range.prototype.createContextualFragment as an XSS sink. 2019-02-12 16:32:30 +00:00
Max Schaefer
25d06ad0cf JavaScript: Treat regexp replacements of HTML metacharacters as sanitizers for XSS queries. 2019-02-08 09:57:06 +00:00
Max Schaefer
18c23ecfd4 JavaScript: Introduce shared library for modelling XSS-relevant concepts. 
As its first application, this library makes it possible for `StoredXss` to reuse the `Source` classes of `DomBasedXss` and `ReflectedXss` without having to pull in their libraries (which contain their `Configuration` classes, causing `StoredXss` to recompute all flow information for the other two queries).
 2019-02-08 09:53:51 +00:00
Anders Schack-Mulligen
e58094c732 Javascript: Autoformat. 2019-01-11 11:02:42 +01:00
Max Schaefer
97e6c75b94 JavaScript: Remove a few other deprecated predicates and classes. 2019-01-09 09:23:59 +00:00
Max Schaefer
b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
Asger F
7f538e82c0 JS: add test case for non-whitelisted use of location 2018-12-18 13:55:05 +00:00
Asger F
02978c97f1 JS: whitelist $(location) in simple cases 2018-12-18 13:11:42 +00:00
Asger F
c17eca90a1 JS: add test case for $(location) 2018-12-18 13:06:12 +00:00
Aditya Sharad
f71e5ac338 Merge master into next. 2018-12-13 17:57:31 +00:00
Max Schaefer
e194021c3b Merge pull request #629 from esben-semmle/js/persistent-read-taint 
JS: add persistent storage taint steps
 2018-12-13 08:24:42 +00:00
Aditya Sharad
f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
Asger F
a96c53f9b8 JS: restrict when a variable reference is considered a source 2018-12-12 12:28:26 +00:00
Esben Sparre Andreasen
28b4a78430 JS: introduce DOM::PersistentWebStorage 2018-12-06 14:53:22 +01:00
Max Schaefer
ef347b3870 JavaScript: Teach Xss query about WinJS HTML injection functions. 2018-12-06 09:13:21 +00:00
Pavel Avgustinov
16ec9f1aa4 Merge remote-tracking branch 'origin/next' into bump/master-next 2018-11-19 10:37:07 +00:00
Max Schaefer
9221b62ded JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates. 2018-11-14 09:32:31 +00:00
Max Schaefer
d57b5d9628 JavaScript: Remove ReflectdXssPath.ql, which is now spurious. 2018-11-14 09:16:40 +00:00
Aditya Sharad
761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Asger F
e0d5557ef4 JS: add email HTML body as XSS sink 2018-11-07 11:31:40 +00:00
Aditya Sharad
553c2f5d34 Merge master into next. 
As of 2846d80f1c.
 2018-11-06 11:52:51 +00:00
Max Schaefer
c75d785684 JavaScript: Fix modelling of _.partial. 
Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array;
cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial.
 2018-10-31 06:31:59 -04:00
Tom Hvitved
b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Asger F
030bae9454 JS: Canonicalize ThisNode 2018-10-09 08:53:41 +01:00
Tom Hvitved
49644bfb47 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 11:48:56 +02:00
Aditya Sharad
75680dbfef Merge branch 'next' into qlucie/master 2018-09-26 12:08:33 +01:00
Asger F
269bbc9a1a JavaScript: add flow steps through partial function application 2018-09-25 10:16:40 +01:00
alexet
b94df82833 JavaScript: Fix expected output due to qltest change. 2018-09-20 15:56:20 +01:00
Esben Sparre Andreasen
33f98dd1a7 JS: add query: js/stored-xss 2018-09-14 15:30:44 +02:00
Esben Sparre Andreasen
bbdf6b0f1d JS: mark PrintfStyleCall as a taint step 2018-08-21 09:02:35 +02:00
Max Schaefer
199990feea JavaScript: Add WebView-related taint sinks for CodeInjection, DomBasedXss and ServerSideUrlRedirect. 2018-08-10 15:59:27 +01:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00