2691 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	591fcda862	various improvements to the js/missing-origin-verification query	2022-04-12 14:20:41 +02:00
Erik Krogh Kristensen	2d6d304d7c	add InclusionTest to PostMessageEventSanitizer	2022-04-12 14:12:36 +02:00
Erik Krogh Kristensen	e2badab251	update expected output after test reorganization	2022-04-12 10:39:28 +02:00
Erik Krogh Kristensen	ec9c308d06	reorganize the tests in CWE-020	2022-04-12 10:39:28 +02:00
Erik Krogh Kristensen	34abef8a6c	Merge branch 'main' into dragAndDrop	2022-04-11 23:59:46 +02:00
bananabr	57fac949fd	included ClipboardEvent and DragEvent as XSS sources	2022-04-11 16:37:00 -05:00
Erik Krogh Kristensen	aafa8ddc9f	add support for domNode.onpaste for copy-paste events	2022-04-11 20:10:56 +02:00
Erik Krogh Kristensen	6713b2c671	add support for domNode.ondrop for drag-and-drop events	2022-04-11 20:06:12 +02:00
bananabr	0f1582f3f6	included JavaScript drag and drop API Xss sources	2022-04-09 22:33:30 -05:00
Asger Feldthaus	b85739cb7e	JS: Update test output	2022-04-07 13:23:26 +02:00
Asger Feldthaus	4eda6f643f	JS: Recognize subclasses of HTMLElement in domValueRef	2022-04-07 09:57:31 +02:00
Erik Krogh Kristensen	0435cee57f	add a taint-step through URL.createObjectURL for js/xss-through-dom	2022-04-06 12:18:47 +02:00
Erik Krogh Kristensen	b11d48e749	add files in the DOM as a source for js/xss-through-dom	2022-04-06 12:09:07 +02:00
Stephan Brandauer	9c3fcb6268	precise tracking of handlebars arguments	2022-03-28 17:26:43 +02:00
Erik Krogh Kristensen	cf94c93b1a	Merge pull request #8481 from erik-krogh/schemeChain ... JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check	2022-03-25 11:13:10 +01:00
Stephan Brandauer	a28e9c5b6e	documentation for handlebars.js flow step	2022-03-24 13:08:52 +01:00
Stephan Brandauer	0bd9e9f298	add handlebars taint step	2022-03-24 11:46:16 +01:00
Erik Krogh Kristensen	c8385a1e80	js/xss-through-dom: filter away reads of .src that end in a URL sink	2022-03-21 16:48:59 +01:00
Arthur Baars	431b60506e	Merge remote-tracking branch 'upstream/main' into incomplete-hostname	2022-03-18 13:05:34 +01:00
Erik Krogh Kristensen	693c77f3df	add test for string replacement chains of URL schemes	2022-03-18 11:05:59 +01:00
Erik Krogh Kristensen	6cdc38748c	update expected output	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	d8a5947a08	simplify TaintedUrlSuffix::source() to only consider window.location based sources	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	f083e87fa1	refactor the js/xss query to use three flowlabels and one configuration	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	87842bb8b7	add client-side-url sinks that may execute JavaScript as XSS sinks	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	b471fec149	split interpretsArgumentsAsURL out of interpretsArgumentsAsHTML, and use it to generalize AttributeUrlSink	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	fc79242674	add tests	2022-03-16 22:32:08 +01:00
Arthur Baars	ab93b3784b	Merge remote-tracking branch 'upstream/main' into incomplete-hostname	2022-03-16 12:31:12 +01:00
Erik Krogh Kristensen	195ce9c58a	add some API-nodes to js/disabling-certificate-validation	2022-03-14 21:33:13 +01:00
Erik Krogh Kristensen	cebd24156c	support that the base is not a method-call in getAChainedMethodCall	2022-03-09 11:12:04 +01:00
Arthur Baars	bb348116ab	JavaScript: update expected output	2022-03-07 16:10:08 +01:00
Erik Krogh Kristensen	4fba5e4dfb	step through parentheses in barrier functions	2022-02-25 17:47:12 +01:00
Erik Krogh Kristensen	ad3399733b	recognize more module exports from the factory pattern	2022-02-23 21:29:45 +01:00
Erik Krogh Kristensen	e13b2df86f	Merge pull request #8185 from erik-krogh/amdImp ... JS: recognize modules imported by AMD imports as library inputs	2022-02-23 20:21:45 +01:00
Stephan Brandauer	a664e02d04	Merge pull request #8014 from kaeluka/js/functionality-from-untrusted-source ... JS: Functionality from untrusted sources query (CWE-830)	2022-02-23 12:45:31 +01:00
Erik Krogh Kristensen	203212657e	recognize modules imported by AMD imports as library inputs	2022-02-23 10:39:45 +01:00
Stephan Brandauer	c17d8b145a	Merge pull request #8054 from asgerf/js/split-request-forgery ... JS: split request forgery query into server-side and client-side variants	2022-02-23 10:27:16 +01:00
Esben Sparre Andreasen	58e0d54744	Merge pull request #8168 from github/esbena/hapi-reflected-xss ... JS: model hapi handler returns as reflected-xss sinks	2022-02-23 08:53:15 +01:00
Esben Sparre Andreasen	2c527f7b35	model hapi handler returns as reflected-xss sinks	2022-02-22 14:12:01 +01:00
Erik Krogh Kristensen	517e17d422	support more property writes in js/prototype-pollution-utility, and generalize ObjectDefinePropertyAsPropWrite	2022-02-22 13:23:34 +01:00
Stephan Brandauer	2278e7f6e6	CWE 830 polish error messages	2022-02-22 11:41:54 +01:00
Stephan Brandauer	82330391c3	CWE-830 add support for setting attributes via setAttribute method	2022-02-22 11:41:54 +01:00
Stephan Brandauer	d80cd1aeb5	CWE 830 test where both branches in a ternary are unsafe	2022-02-22 11:41:53 +01:00
Stephan Brandauer	2934aa1a3a	rewrite docs, improve error messages, etc	2022-02-22 11:41:53 +01:00
Stephan Brandauer	d2335b65d5	stylistic improvements after review	2022-02-22 11:41:53 +01:00
Stephan Brandauer	9aec4437e2	polish qhelp for CWE-830 and add test file	2022-02-22 11:41:53 +01:00
Stephan Brandauer	fd77e27ed9	replace taint tracking by type tracking and merge remaining queries for CWE-830	2022-02-22 11:41:53 +01:00
Stephan Brandauer	8cafa6d562	improve error message in CWE-830	2022-02-22 11:41:53 +01:00
Stephan Brandauer	780fa97869	always require integrity checking for certain CDNs	2022-02-22 11:41:53 +01:00
Stephan Brandauer	83764df4f5	rename tests for CW-830 to clarify responsibilities	2022-02-22 11:41:52 +01:00
Stephan Brandauer	8d397fea09	JS: query to find dynamic creations of DOM elements that use untrusted sources	2022-02-22 11:41:52 +01:00