2558 Commits

Author	SHA1	Message	Date
erik-krogh	87fb01d55b	apply another suggestion from doc review	2022-09-12 15:36:02 +02:00
erik-krogh	98243118b2	recognize a list of bad strings as a sanitizer for js/prototype-polluting-assignment	2022-09-12 13:41:07 +02:00
erik-krogh	afcb767f8d	Merge branch 'main' into js-followMsg	2022-09-12 13:21:16 +02:00
erik-krogh	6ec03d4738	apply suggestions from doc review	2022-09-12 13:16:39 +02:00
Erik Krogh Kristensen	cb95e8f263	Merge pull request #10351 from erik-krogh/moreMains ... JS: find a main module in more cases	2022-09-12 11:01:17 +02:00
Erik Krogh Kristensen	9893650f7c	Merge pull request #8604 from erik-krogh/httpNode ... JS: refactor most library models away from AST nodes	2022-09-09 10:04:17 +02:00
erik-krogh	aee72357b8	find a main module in more cases	2022-09-08 20:21:31 +02:00
erik-krogh	a21a4275f3	add taint-step in js/insecure-randomness for selecting a random element	2022-09-08 15:00:00 +02:00
erik-krogh	a35fe1ffab	Merge branch 'main' into js-followMsg	2022-09-08 13:09:15 +02:00
Erik Krogh Kristensen	57bf92a70c	Merge pull request #10347 from erik-krogh/mermaid ... JS: add a markdown step through the `mermaid` library	2022-09-08 12:41:58 +02:00
Erik Krogh Kristensen	9534f31eac	Merge pull request #10343 from erik-krogh/spreadFunction ... JS: recognize calls to `Function` when spread arguments are used	2022-09-08 09:25:10 +02:00
erik-krogh	0407198dd2	add a markdown step through the mermaid library	2022-09-08 09:23:45 +02:00
erik-krogh	6447234428	recognize calls to Function where spread arguments are used	2022-09-07 22:55:51 +02:00
erik-krogh	e829387cdb	add failing test for call the Function with a spread argument	2022-09-07 22:54:21 +02:00
Asger F	6806bc1da4	JS: Expand test case	2022-09-07 14:18:01 +02:00
Asger F	d31b59e61d	JS: Call super in isBarrier() override	2022-09-07 13:40:30 +02:00
Asger F	3184ddb38a	JS: Fix test case	2022-09-07 13:39:51 +02:00
erik-krogh	24f2e3cc07	update alert-messages of the sensitive data queries to match #10314	2022-09-06 12:25:36 +02:00
Erik Krogh Kristensen	e387ebaedd	add domNode.innerHTML += sink as a DOM sink	2022-09-05 16:11:55 +02:00
erik-krogh	aa56ca37ae	make the alert messages of taint-tracking queries more consistent	2022-09-05 14:04:52 +02:00
erik-krogh	52b9ff81c5	Merge branch 'main' into dynCall	2022-08-29 15:30:01 +02:00
Erik Krogh Kristensen	06afe9c0f4	Merge pull request #9816 from erik-krogh/msgConsis ... Make alert messages consistent across languages	2022-08-25 15:20:01 +02:00
Erik Krogh Kristensen	ba1ad00d2a	Merge pull request #10062 from erik-krogh/redosPrefix ... JS: use the shared regular expression libraries in `js/case-sensitive-middleware-path`	2022-08-25 12:57:16 +02:00
erik-krogh	1c0f2251e2	Merge branch 'main' into msgConsis	2022-08-24 14:38:57 +02:00
erik-krogh	f1799ae3d2	print the endpointExample in the alert-messsage, and only report one working example	2022-08-24 13:09:48 +02:00
erik-krogh	a50234adb0	apply suggestion from review	2022-08-23 15:41:37 +02:00
erik-krogh	1a7d3ee831	update expected output after changing queries	2022-08-23 12:35:32 +02:00
erik-krogh	a57981ea69	apply suggestions from review	2022-08-23 10:18:14 +02:00
erik-krogh	7e0bd5bde4	update expected output of tests	2022-08-22 21:41:47 +02:00
erik-krogh	2f11f3760e	simplify getALibraryInputParameter by adding more general dataflow for the arguments object	2022-08-22 08:32:43 +02:00
Erik Krogh Kristensen	d86b7f6c54	recognize an access to the arguments object as library-input	2022-08-22 08:29:24 +02:00
erik-krogh	0aebc90b61	don't lowercase the endpointExample, and correctly handle root states	2022-08-21 18:38:47 +02:00
erik-krogh	d052b1e3c9	also support regular expressions without repetitions	2022-08-19 19:21:44 +02:00
erik-krogh	26fcf6b25b	apply suggestions from review	2022-08-18 15:00:57 +02:00
erik-krogh	de3e1c39e4	use the shared regular expression libraries in js/case-sensitive-middleware-path	2022-08-18 10:07:55 +02:00
Harry Maclean	70ec70940a	Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization	2022-08-18 10:02:39 +12:00
Erik Krogh Kristensen	bd4947fdbd	Merge pull request #10046 from erik-krogh/protoFunc ... JS: generalize `BarrierGuardFunction`to work on function that have multiple parameters	2022-08-17 14:50:54 +02:00
Harry Maclean	f1a546c4d6	Rename IncompleteMultiCharacterSanitization[Query]	2022-08-17 16:03:49 +12:00
Erik Krogh Kristensen	f106e064fa	Merge pull request #9422 from erik-krogh/refacReDoS ... Refactorizations of the ReDoS libraries	2022-08-16 09:32:08 +02:00
erik-krogh	3355a7a046	generalize BarrierGuardFunctionto work on function that have multiple parameters	2022-08-16 09:13:15 +02:00
Erik Krogh Kristensen	0adb588fe8	Merge pull request #9712 from erik-krogh/badRange ... JS/RB/PY/Java: add suspicious range query	2022-08-15 13:55:44 +02:00
erik-krogh	4cbfbfe170	add call-edge for dynamic dispatch to unknown property from an object literal	2022-08-11 12:29:50 +02:00
Erik Krogh Kristensen	da4da229b1	move tests to new test location	2022-08-09 16:25:00 +02:00
Erik Krogh Kristensen	49276b1f38	Merge branch 'main' into refacReDoS	2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen	add9e9dac4	Merge pull request #9548 from erik-krogh/exports ... JS: support the "exports" property in a package.json	2022-08-09 12:16:12 +02:00
Asger F	855d4c2ea1	Merge pull request #9718 from asgerf/js/case-sensitive-middleware ... JS: Add 'case sensitive middleware' query	2022-07-14 10:47:58 +02:00
Asger F	18c5a8c8da	Merge branch 'main' into js/case-sensitive-middleware	2022-07-14 09:38:35 +02:00
Erik Krogh Kristensen	fd10947ca0	use small steps in TypeBackTracker correctly	2022-07-13 10:29:57 +02:00
Erik Krogh Kristensen	ff25451699	rename query to overly-large-range, and rewrite the @description	2022-07-12 16:02:46 +02:00
Erik Krogh Kristensen	7dd095c0d2	Merge pull request #9756 from erik-krogh/greyMatter ... JS: add model for the gray-matter library to js/code-injection	2022-07-01 12:19:12 +02:00