Asger F
2a194a53af
raw test output
2025-02-28 13:29:39 +01:00
Asger F
64d39da5f8
JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00
Asger F
576dbcb020
JS: Stop overriding entire module.exports object in test
...
Doing `module.exports = blah` prevents other exports from being seen as library inputs.
2025-02-28 13:28:09 +01:00
Asger F
e026b9e048
JS: Mark regressions due to lack of local field steps
2025-02-28 13:27:52 +01:00
Asger F
07a876b4e9
JS: Accept some alerts at the SystemCommandExecution location
2025-02-28 13:27:46 +01:00
Asger F
10a7294327
JS: Accept trivial test changes
...
This adds Alert annotations for alerts that seem intentional by the test
but has not been annotated with 'NOT OK', or the comment was in the wrong
place.
In a few cases I included 'Source' expectations to make it easier to see
what happened. Other 'Source' expectations will be added in bulk a later
commit.
2025-02-28 13:27:43 +01:00
Asger F
f5911c9e5a
JS: Accept raw test output
2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82
JS: Enable post-processing for all .qlref files
2025-02-28 13:27:33 +01:00
Asger F
9be041e27d
JS: Update OK-style comments to $-style
2025-02-28 13:27:28 +01:00
Asger F
d79f429978
JS: Update changes to nodes/edges/subpaths
...
No changes in actual alerts
2025-02-17 10:36:05 +01:00
Asger F
b2d62a080b
JS: Move a test failure explanation into the test suite
...
We have an issue for fixing the underlying problem
2025-01-09 09:57:44 +01:00
Asger F
f8dc7eb25b
JS: Update output from tests that changed on main
2024-12-19 15:25:47 +01:00
Asger F
3acd4814de
Merge branch 'main' into js/shared-dataflow-merge-main
2024-12-19 10:14:38 +01:00
Napalys
a0df33c3ac
JS: UnsafeShellCommand Using unknown flags in the RegExp object is no longer flagged as bad sanitization to reduce false positives.
2024-11-28 11:26:43 +01:00
Napalys
155f1fca85
JS: Added test cases for unsafe shell command sanitization with RegExpr Object, instead of literal
2024-11-28 11:26:42 +01:00
Asger F
52ba91a7f8
JS: Updates to nodes/edges in tests
...
Only changes to nodes/edges for various reasons, no actual result changes
2024-10-29 08:32:13 +01:00
Asger F
12e316b99d
JS: Update test output after merging in 'main'
...
- Paths are now relative to the test case, not the qlpack
- Paths going through an implicit reads have changed slightly
2024-10-08 10:11:15 +02:00
Asger F
2e2181be2c
JS: Update test output that only affects nodes/edges/subpaths
2024-08-27 11:35:33 +02:00
Asger F
bd3fccd1a8
JS: Update test output with provenance column
2024-06-25 10:30:56 +02:00
Asger F
ba9edb4e54
JS: Port UnsafeShellCommandConstruction
2023-10-13 13:15:06 +02:00
erik-krogh
943bdeca6d
make appliesTo recursive
2023-02-14 14:16:45 +01:00
erik-krogh
9549cac3e5
add an additional barrier guard that finds "=== true" versions of previous barrier guards
2023-02-14 14:15:23 +01:00
erik-krogh
68656274f4
dont recognize regexps that match dot as sanitizers
2023-02-13 17:36:51 +01:00
Erik Krogh Kristensen
fc66c905ff
Merge pull request #11859 from erik-krogh/moreShell
...
JS: slightly broaden the regular expression that recognizes bad string-concats used as shell commands
2023-01-23 22:26:17 +01:00
erik-krogh
23a847b1cf
track shell:true more in js/shell-command-constructed-from-input
2023-01-10 15:27:37 +01:00
erik-krogh
79e161e046
slightly broaden the regular expression that recognizes bad string-concats used as shell commands
2023-01-10 12:49:37 +01:00
Erik Krogh Kristensen
f67219965e
Merge pull request #11082 from erik-krogh/shellArr
...
JS: treat arrays that gets executed with shell:true as a sink for `js/shell-command-constructed-from-input`
2022-11-22 13:03:50 +01:00
erik-krogh
fc38bf0429
Merge branch 'main' into aliasFlow
2022-11-07 09:46:48 +01:00
erik-krogh
40032f295a
treat arrays that gets executed with shell:true as a sink for js/shell-command-constructed-from-input
2022-11-07 09:19:05 +01:00
erik-krogh
bc5b7455cf
add failing test
2022-11-07 09:14:52 +01:00
erik-krogh
946720f414
reorder the CWE-078 tests into subdirectories
2022-10-28 10:16:21 +02:00
