codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Napalys Klicius	3fbe348f99	Merge pull request #19784 from Napalys/js/express_middleware JS: Improve Express middleware taint tracking	2025-06-20 15:36:26 +02:00
Napalys Klicius	060b98d36c	JS: enchance middleware taint tracking via local source	2025-06-17 08:30:19 +02:00
Napalys Klicius	da21a064ac	JS: add `_parsedUrl` as remote input source	2025-06-16 16:28:30 +02:00
Napalys Klicius	67aac7abfa	JS: add test cases for middleware property assignment tracking	2025-06-16 16:26:08 +02:00
Napalys Klicius	bdbc49c63f	JS: Removed `encodeURI` from request forgery sanitizer list	2025-06-16 13:08:11 +02:00
Napalys Klicius	b9b62fa1c1	JS: Add `URL` from `url` package constructor taint step for request forgery detection	2025-05-30 18:32:02 +02:00
Napalys	678eccb417	Added `searchParams.get` as potential source for SSRF	2025-04-11 09:42:07 +02:00
Napalys	8674b61e5a	Added SSRF test case with `searchParams` for `NextRequest`	2025-04-11 09:26:16 +02:00
Napalys	6e09a65da0	Added support for `NextRequest` `middleware` SSRF.	2025-04-11 08:43:36 +02:00
Napalys	63a3953b0c	Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures.	2025-04-10 14:48:17 +02:00
Asger F	1ad471cb32	JS: Track through spread/rest params in API graphs	2025-03-28 09:14:36 +01:00
Napalys	10498bbaa4	Added support for `axios.interceptors.request`.	2025-03-25 10:54:56 +01:00
Napalys	cb18408502	Added data as model for `ApolloServer`.	2025-03-19 13:36:06 +01:00
Asger F	2a194a53af	raw test output	2025-02-28 13:29:39 +01:00
Asger F	f5911c9e5a	JS: Accept raw test output	2025-02-28 13:27:38 +01:00
Asger F	53efb5837b	JS: Update some tests with provenance columns Only includes the changes that purely contain the new provenance columns	2024-06-26 13:51:44 +02:00
Asger F	b2216627be	JS: Port RequestForgery	2023-10-13 13:15:03 +02:00
erik-krogh	3cece50f78	add encodeURIComponent as a sanitizer for request-forgery	2023-01-23 13:53:53 +01:00
erik-krogh	be8ef1b324	add failing test	2023-01-23 13:52:36 +01:00
erik-krogh	368f84785b	fix some more style-guide violations in the alert-messages	2022-10-07 11:22:22 +02:00
Asger Feldthaus	3103cfd925	JS: Rename to tests to clientSide.js and serverSide.js	2022-02-16 13:35:01 +01:00
Erik Krogh Kristensen	99dd5330c2	add taint-step for URL construction in js/request-forgery	2021-04-08 11:10:33 +02:00
Erik Krogh Kristensen	c194598d37	recognize headers/url from the HTTP request to a server WebSocket.	2021-04-06 10:11:27 +02:00
Erik Krogh Kristensen	84e9229386	Merge branch 'main' into koa	2021-03-19 16:56:15 +01:00
Erik Krogh Kristensen	58617c5c59	recognize client websockets as ClientRequests	2021-03-18 19:08:39 +01:00
Erik Krogh Kristensen	3995ff322d	add models for `koa-route` and `koa-router`	2021-03-17 19:17:20 +01:00
Erik Krogh Kristensen	e6e4a485c8	add JSDOM.fromUrl() as a request forgery sink	2020-11-02 17:05:56 +01:00
Erik Krogh Kristensen	6110f85748	refactor chrome-remote-interface to use type-tracking promise steps	2020-03-10 12:27:21 +01:00
Erik Krogh Kristensen	897bb4d801	add test for chrome-remote-interface	2020-02-13 15:12:45 +01:00
Max Schaefer	b42026a90a	JavaScript: Update expected output.	2019-10-29 15:36:24 +00:00
Asger F	3bc7371fd6	JS: be less conservative about incomplete nodes in prefix sanitizers	2019-04-03 15:20:03 +01:00
Asger F	f6e0ccfcf0	JS: model URI and XHR methods from closure library	2019-02-08 15:18:27 +00:00
Asger F	fd2e9f1fcb	JS: shift line numbers in RequestForgery test	2019-02-08 15:13:33 +00:00
Esben Sparre Andreasen	c6b4e29b93	JS: add "host" as a sink for `js/request-forgery`	2018-12-17 10:32:30 +01:00
Max Schaefer	9221b62ded	JavaScript: Update expectd test output for security path queries to include `nodes` and `edges` query predicates.	2018-11-14 09:32:31 +00:00
Esben Sparre Andreasen	f5a6af54e6	JS: add security query: js/request-forgery	2018-09-04 09:25:42 +02:00

36 Commits