Max Schaefer
|
ab583b7994
|
JavaScript: Add query IncompleteUrlSchemeCheck.ql.
|
2019-11-13 10:27:18 +00:00 |
|
Max Schaefer
|
155cea7b5b
|
Revert "JavaScript: Improve double-escaping query"
|
2019-11-12 22:54:12 +00:00 |
|
semmle-qlci
|
3a7f9a588d
|
Merge pull request #2267 from max-schaefer/js/qltest-extractor-options
Approved by asger-semmle
|
2019-11-07 11:36:45 +00:00 |
|
Max Schaefer
|
8fdf6298b9
|
JavaScript: Remove --platform node extractor options.
|
2019-11-06 13:01:28 +00:00 |
|
Max Schaefer
|
3e92d0ffb5
|
JavaScript: Remove redundant --experimental extractor options.
|
2019-11-05 15:59:24 +00:00 |
|
semmle-qlci
|
eb6e8866fa
|
Merge pull request #2247 from max-schaefer/odasa-8149
Approved by asger-semmle, esbena
|
2019-11-05 09:40:54 +00:00 |
|
Max Schaefer
|
8aae1f443f
|
JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments.
|
2019-10-31 12:13:55 +00:00 |
|
semmle-qlci
|
2a3980222b
|
Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes
Approved by asger-semmle
|
2019-10-31 10:47:30 +00:00 |
|
Max Schaefer
|
bb0771b36c
|
JavaScript: Deal with escape-unescape-escape (and similar) chains.
|
2019-10-30 14:49:01 +00:00 |
|
Max Schaefer
|
8c133ff61d
|
JavaScript: Deal with (un-)escaping on captured variables.
|
2019-10-30 14:46:50 +00:00 |
|
Max Schaefer
|
a8214ce7ee
|
JavaScript: Fix regexes for escaping schemes.
|
2019-10-30 14:15:59 +00:00 |
|
Max Schaefer
|
5349e0f881
|
JavaScript: Recognise wrapped chains of replacements.
|
2019-10-30 13:14:38 +00:00 |
|
Max Schaefer
|
02d16b1dc9
|
JavaScript: Recognise wrapped string replacement functions.
|
2019-10-30 13:01:17 +00:00 |
|
Max Schaefer
|
aaeca32519
|
JavaScript: Recognize string escaping using .replace with a callback.
|
2019-10-30 12:45:32 +00:00 |
|
Max Schaefer
|
bd1c99d8a4
|
JavaScript: Recognise JSON.stringify and JSON.parse as escaper/unescaper.
|
2019-10-30 12:38:05 +00:00 |
|
semmle-qlci
|
a778efe71e
|
Merge pull request #2216 from asger-semmle/xss-encodeURIComponent
Approved by max-schaefer
|
2019-10-30 11:49:31 +00:00 |
|
Max Schaefer
|
b42026a90a
|
JavaScript: Update expected output.
|
2019-10-29 15:36:24 +00:00 |
|
Max Schaefer
|
dc1d1c2f22
|
JavaScript: Update expected output.
|
2019-10-29 15:30:06 +00:00 |
|
Max Schaefer
|
6964945c74
|
JavaScript: Restrict edges to only contain nodes.
|
2019-10-29 15:03:52 +00:00 |
|
Asger F
|
94dd9a1c04
|
JS: Block XSS flow through encodeURIComponent
|
2019-10-28 17:12:40 +00:00 |
|
semmle-qlci
|
33374ee089
|
Merge pull request #2202 from asger-semmle/express-sendfile
Approved by esbena
|
2019-10-28 09:24:34 +00:00 |
|
Max Schaefer
|
b333c6a214
|
Merge pull request #2106 from asger-semmle/call-graph-3
JS: Call graph changes
|
2019-10-28 09:24:10 +00:00 |
|
Asger F
|
5636d42c13
|
JS: Update test
|
2019-10-25 09:57:10 +01:00 |
|
Esben Sparre Andreasen
|
5a983cb535
|
JS: add query js/shell-command-injection-from-environment
|
2019-10-21 23:31:55 +02:00 |
|
Asger F
|
8aa34e6a54
|
JS: Add XSS test case for new PostMessageEventHandler cases
|
2019-10-21 11:32:22 +01:00 |
|
Esben Sparre Andreasen
|
e1d7434be4
|
JS: add query js/useless-regexp-character-escape
|
2019-10-16 00:15:54 +02:00 |
|
Max Schaefer
|
d4fca84898
|
JavaScript: Improve XSS sanitizer detection.
We now use local data flow to detect more regexp-based sanitizers.
|
2019-09-23 17:07:06 +01:00 |
|
semmle-qlci
|
825a3d2917
|
Merge pull request #1954 from asger-semmle/type-tracking-through-captured-vars
Approved by xiemaisi
|
2019-09-23 12:10:30 +01:00 |
|
semmle-qlci
|
e2c941c577
|
Merge pull request #1916 from erik-krogh/taintedLength
Approved by asger-semmle, xiemaisi
|
2019-09-23 11:47:48 +01:00 |
|
Asger F
|
1ce0a48996
|
JS: Update tests
|
2019-09-20 15:41:36 +01:00 |
|
semmle-qlci
|
6f2e485ace
|
Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible
Approved by esben-semmle
|
2019-09-19 12:45:45 +01:00 |
|
Max Schaefer
|
3970ead7ab
|
JavaScript: Add support for rate-limiter-flexible package.
|
2019-09-18 12:25:33 +01:00 |
|
Esben Sparre Andreasen
|
ac6554b7da
|
Merge branch 'master' into js/improve-getAResponseDataNode
|
2019-09-17 13:18:41 +02:00 |
|
Esben Sparre Andreasen
|
a5645e168a
|
JS: exclude keys from whitelist
|
2019-09-16 10:13:18 +02:00 |
|
Esben Sparre Andreasen
|
0e2d2f8662
|
JS: whitelist some hardcoded dummy-passwords in two queries
|
2019-09-16 10:11:43 +02:00 |
|
Esben Sparre Andreasen
|
aa3f4a7048
|
JS: change passwords in tests
|
2019-09-16 10:09:59 +02:00 |
|
Erik Krogh Kristensen
|
9dc9adda64
|
fix capitalization in test case
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
|
2019-09-13 14:54:18 +01:00 |
|
Erik Krogh Kristensen
|
3fb64abb09
|
fix consistency and spelling in the documentation
suggestions from the documentation team
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
|
2019-09-13 14:52:11 +01:00 |
|
Erik Krogh Kristensen
|
c4f27ed4cc
|
rename TaintedLength to LoopBoundInjection
|
2019-09-13 11:12:01 +01:00 |
|
Erik Krogh Kristensen
|
5b2b60f132
|
change DOS to DoS, and other small documentation fixes
Co-Authored-By: Max Schaefer <max@semmle.com>
|
2019-09-13 10:26:01 +01:00 |
|
Erik Krogh Kristensen
|
119b1ffb80
|
changes based on review from max
|
2019-09-12 16:30:42 +01:00 |
|
Erik Krogh Kristensen
|
3d359bc8dc
|
Merge remote-tracking branch 'upstream/master' into taintedLength
|
2019-09-12 15:24:36 +01:00 |
|
Erik Krogh Kristensen
|
30f1bcf5bc
|
updated query ID and expected output
|
2019-09-12 15:24:33 +01:00 |
|
Erik Krogh Kristensen
|
bec522f0df
|
small changes based on review feedback
|
2019-09-11 11:26:59 +01:00 |
|
semmle-qlci
|
16c95d8c5e
|
Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting
Approved by xiemaisi
|
2019-09-11 09:16:57 +01:00 |
|
Esben Sparre Andreasen
|
f3de75ae07
|
JS: update a js/code-injection test
|
2019-09-11 09:45:54 +02:00 |
|
Esben Sparre Andreasen
|
f7bfc472c1
|
JS: treat server responses as untrusted for command injections
|
2019-09-11 09:38:18 +02:00 |
|
Erik Krogh Kristensen
|
97fc10e669
|
Add query for detecting potential DOS form a tainted .length property
|
2019-09-10 14:59:48 +01:00 |
|
semmle-qlci
|
df1bf4a95b
|
Merge pull request #1907 from asger-semmle/mongoose-types
Approved by xiemaisi
|
2019-09-10 12:05:57 +01:00 |
|
Max Schaefer
|
bdba647bf5
|
Merge pull request #1893 from erik-semmle/addXLinkHref
JS: add xlink:href as xss target when using setAttribute
|
2019-09-09 15:56:47 +01:00 |
|