Napalys
3171f38cdd
JS: fixed bad alert messages when it came to incomplete sanitization for new RegExp objects
2024-11-29 11:14:45 +01:00
Napalys
98fd97799c
JS: imcomplete sanization now handles properly maybe global
2024-11-28 11:26:50 +01:00
Napalys
1ae174849f
JS: incomplete sanitization now also works with RegExp objects
2024-11-28 11:26:48 +01:00
Max Schaefer
5565be14fc
JavaScript: Teach IncompleteSanitization to flag incomplete path sanitizers.
2019-11-19 15:06:16 +00:00
Esben Sparre Andreasen
ac0913c878
JS: add newline removal whitelist for js/incomplete-sanitization
2019-04-23 08:38:23 +02:00
Esben Sparre Andreasen
bdbd00e046
JS: add newline removal tests for js/incomplete-sanitization
2019-04-23 08:37:39 +02:00
Esben Sparre Andreasen
c80ee3df01
Mergeback: rc/1.20 into Semmle/master
2019-04-16 08:46:15 +02:00
Esben Sparre Andreasen
fd429ce639
JS: whitelist delimiter unwrapping for js/incomplete-sanitization
2019-04-12 08:38:44 +02:00
Esben Sparre Andreasen
a0ed362310
JS: add test case for js/incomplete-sanitization
2019-04-12 08:37:47 +02:00
Esben Sparre Andreasen
364ba1b4ac
JS: use RegExpLiteral as a SourceNode
2019-04-01 09:19:25 +02:00
Max Schaefer
3e26bc6446
JavaScript: Improve alert location and message for IncompleteSanitization.
...
We now highlight the `replace` call (instead of the regular expression), and the alert message for the case of missing backslash escapes clarifies that it is talking about failure to escape backslashes in the input, not in the replacement text.
2019-02-08 09:13:40 +00:00
Esben Sparre Andreasen
a1d92bfa50
JS: generalize js/incomplete-sanitization to handle ConstantString
2018-12-11 13:39:15 +01:00
Max Schaefer
10166be535
JavaScript: Add new query DoubleEscaping.
2018-11-30 09:39:00 +00:00
