87 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	77ba7b473d	Merge branch 'main' into topPack	2021-03-25 11:52:58 +01:00
Erik Krogh Kristensen	3b6b40489f	Merge branch 'main' into topPack	2021-03-25 09:58:15 +01:00
Erik Krogh Kristensen	c146b27c1a	Merge branch 'main' into shellTrue	2021-03-24 20:09:23 +01:00
Erik Krogh Kristensen	8949b9eb0a	add shell interpreted arrays as sinks for js/shell-command-constructed-from-input	2021-03-19 15:59:06 +01:00
Erik Krogh Kristensen	d489d63b8e	recognize object transformations in module.exports when looking for library inputs	2021-03-18 20:54:33 +01:00
Erik Krogh Kristensen	28ad667578	add model for async-execute	2021-03-18 19:40:46 +01:00
Erik Krogh Kristensen	67a5831ac0	update expected output	2021-03-18 13:59:44 +01:00
Erik Krogh Kristensen	010d580f8e	add model for multiparty	2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen	61b4ffec3d	add remote flow from the Formidable library	2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen	a03f4ed3cd	add remote flow source for busboy	2021-02-11 09:34:02 +01:00
Erik Krogh Kristensen	e2fbf8a68c	add files uploaded with multer as RemoteFlowSource	2021-02-11 09:33:15 +01:00
Erik Krogh Kristensen	2aa59a3f8b	support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input	2021-01-07 13:58:25 +01:00
Erik Krogh Kristensen	bfd8d1b1e9	Merge branch 'main' into revertSum	2021-01-06 23:04:08 +01:00
Erik Krogh Kristensen	f1cee70e82	add class-field flowstep to js/shell-command-constructed-from-input	2021-01-06 14:37:00 +01:00
Erik Krogh Kristensen	530a4aea35	Merge branch 'main' into shellSanitizer	2020-12-22 13:57:15 +01:00
CodeQL CI	2bb96369f1	Merge pull request #4868 from erik-krogh/boundShell ... Approved by esbena	2020-12-22 03:35:42 -08:00
Erik Krogh Kristensen	da9a4e5267	add test	2020-12-22 11:22:25 +01:00
Esben Sparre Andreasen	ab4f3ea259	JS: fixup for execa.shell and execa.shellSync models	2020-12-22 09:06:18 +01:00
Esben Sparre Andreasen	ba714a1214	JS: add execa.shell tests	2020-12-22 09:01:43 +01:00
Erik Krogh Kristensen	876ba7ef2d	add typeof sanitizer to js/shell-command-constructed-from-input	2020-12-21 14:16:55 +01:00
Erik Krogh Kristensen	fd0d5c9e46	add command parsing model for "commander"	2020-11-27 09:58:00 +00:00
Erik Krogh Kristensen	653ebf7668	add command parsing model for "dashdash"	2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen	269de49196	add model for "meow"	2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen	c5ac98d2e8	add command parsing model for command-line-args	2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen	f33cd8bc8e	add command parsing model for argparse	2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen	45067ee651	add command parsing model for "arg"	2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen	821b4be522	more accurately model command parsers that take process.argv as an argument	2020-11-27 09:56:50 +00:00
Max Schaefer	4100ab2919	JavaScript: Add another test to show that flow through functions still works.	2020-10-14 10:03:27 +01:00
Max Schaefer	1c04c07f07	JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction.	2020-10-14 10:03:04 +01:00
Max Schaefer	cd33d358aa	JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths. ... The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path.	2020-10-12 14:50:47 +01:00
Max Schaefer	dc7b447895	JavaScript: Make alert locations for command injection more precise.	2020-09-23 14:07:36 +01:00
Max Schaefer	439aadf0b6	JavaScript: Do even more type tracking in command injection.	2020-09-23 14:07:36 +01:00
Max Schaefer	ef18b39124	JavaScript: Fix use of type backtracker in IndirectCommandArgument.qll.	2020-09-23 14:07:36 +01:00
Max Schaefer	825fc2228b	JavaScript: Add two new command-injection tests.	2020-09-23 14:07:36 +01:00
Erik Krogh Kristensen	320879bc1e	recognize colon in command-prefixes	2020-09-07 13:12:38 +02:00
CodeQL CI	a4f8b19ae4	Merge pull request #3876 from erik-krogh/CWE078-Correctness ... Approved by esbena	2020-08-03 15:38:51 +01:00
Max Schaefer	91762ec274	JavaScript: Add partial model for opener. ... 3.5M weekly downloads. Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.	2020-07-27 11:42:32 +01:00
Max Schaefer	9aa26fa4bc	JavaScript: Add model for foreground-child. ... >1M weekly downloads, so seems worth doing.	2020-07-27 11:37:06 +01:00
Max Schaefer	2f842042ea	JavaScript: Model another execa function relevant for command injection.	2020-07-27 11:34:04 +01:00
Erik Krogh Kristensen	dc8042adeb	introduce conistency-checking for CWE-078	2020-07-06 12:47:56 +02:00
Erik Krogh Kristensen	8585312271	fix typo in js/shell-command-constructed-from-input	2020-07-06 10:33:49 +02:00
Erik Krogh Kristensen	2b2d691e45	don't treated a property from a tainted object as tainted when there exists a dominating write	2020-06-25 23:00:52 +02:00
Asger Feldthaus	b4f75ef414	Merge branch 'master' into js-team-sprint-merge2	2020-06-23 00:18:09 +01:00
Erik Krogh Kristensen	0ee3f4977c	add test of webpack-dev-server and monorepo import	2020-06-19 14:15:46 +02:00
Erik Krogh Kristensen	ef72c03ca9	use simpler taint-step for DestructingPattern	2020-06-11 23:16:46 +02:00
Erik Krogh Kristensen	b8a9ac39f4	add lValueFlowStep for rest-pattern nested inside a property-pattern (and removed old incorrect approach)	2020-06-09 18:16:00 +02:00
Erik Krogh Kristensen	b510e470b1	support rest-patterns inside property patterns	2020-06-09 13:28:56 +02:00
Erik Krogh Kristensen	b04d7015ae	fix test	2020-06-09 11:23:46 +02:00
Erik Krogh Kristensen	0f06f04e32	extend support for yargs for js/indirect-command-line-injection	2020-06-08 16:45:09 +02:00
Erik Krogh Kristensen	815671f5d0	add sanitizer guard for typeof undefined	2020-06-04 21:32:26 +02:00