hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,893 Commits 1,671 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

2691 Commits

Author SHA1 Message Date
Asger F
97f5559e64 JS: Recognise form input from NgForm 2025-01-17 10:22:20 +01:00
Asger F
1ec3a62242 JS: Add test with NgForm.value 2025-01-17 10:20:59 +01:00
Asger F
d4daa21318 JS: Add DOM event sources in Angular2 model 2025-01-17 10:20:22 +01:00
Asger F
b8ba50a9ac JS: Add Angular test case in XssThroughDom 2025-01-17 10:12:42 +01:00
Asger F
1964b347c7 Merge branch 'main' into js/test-suite 2025-01-16 13:19:07 +01:00
Asger F
bc34a045d3 JS: Triage discrepancies and update test 2025-01-10 14:18:31 +01:00
Asger F
18ab066e79 JS: Remove OK comments that don't provide further explanation 2025-01-10 14:18:30 +01:00
Asger F
c2b65b1f85 JS: Port IncompleteUrlSubstringSanitization test 2025-01-10 14:18:29 +01:00
Asger F
6b4be13a8e JS: Move annotations to the correct line 2025-01-10 14:18:28 +01:00
Asger F
95e20a045b JS: Port IncompleteUrlSchemeCheck test 2025-01-10 14:18:26 +01:00
Asger F
563471dd52 JS: Triage discrepancies and update test 2025-01-10 14:18:25 +01:00
Asger F
48f7a58d01 JS: Update IncompleteHostnameRegExp test to match reality 2025-01-10 14:18:24 +01:00
Asger F
a83508a828 JS: Port IncompleteHostNameRegExt test 2025-01-10 14:18:23 +01:00
aegilops
b07e801c10 Add new test for new XSS sink, update expected to match 2025-01-09 18:02:45 +00:00
Asger F
b2d62a080b JS: Move a test failure explanation into the test suite 
We have an issue for fixing the underlying problem
 2025-01-09 09:57:44 +01:00
Asger F
942ba189f7 JS: Minor test output change in nodes/edges 
I suspect this is due to some fixes in the DeduplicatePathGraph module
 2024-12-19 15:25:49 +01:00
Asger F
f8dc7eb25b JS: Update output from tests that changed on main 2024-12-19 15:25:47 +01:00
Asger F
33e8bd5032 JS: Update testUtilities import 2024-12-19 15:25:39 +01:00
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Michael Nebel
c3fe3e468c Javascript: Update all test util paths to point to the new location. 2024-12-12 13:54:25 +01:00
Asger F
66eb458134 JS: Handle match/matchAll and unknown regexps 2024-12-09 15:38:36 +01:00
Asger F
6e7c5a3707 JS: Slightly more general getRoot() 2024-12-09 15:05:45 +01:00
Asger F
be617cee4a JS: More precise handling of .exec() 2024-12-09 15:03:51 +01:00
Asger F
703cad9e95 Expand test case 2024-12-09 15:00:56 +01:00
Asger F
8fe39bdd38 JS: Update query's own output after test changes 2024-12-09 14:59:27 +01:00
Asger F
71a6a47713 JS: Fix issue with new RegExp().exec() 2024-12-09 14:59:25 +01:00
Asger F
f6d0835c64 JS: Show problem with new RegExp().exec() 2024-12-09 14:59:24 +01:00
Asger F
ef833de60e JS: Replace DocumentUrl with TaintedUrlSuffix 2024-12-09 14:59:23 +01:00
Asger F
712c69ebc8 JS: Fixup the test expectations 2024-12-09 14:59:19 +01:00
Asger F
f8ff504f5c JS: Add ClientSideUrlRedirect test consistency 
Update Consistency.ql again
 2024-12-09 14:59:18 +01:00
Asger F
08d25c122d JS: Deprecate more uses of ConsistencyConfiguration 2024-12-03 14:30:27 +01:00
Asger F
e6680dec8f JS: Avoid use of LabeledSanitizerGuardNode in TaintedObject 
Drive-by bugfix: Rename sanitizes -> blocksExpr.
This fixes a bug that caused the sanitizer guard not to work in df2.

The test output reflects the fact that the barrier guard works now.
 2024-12-03 14:30:24 +01:00
Asger F
0ce1fe767d JS: Deprecate ConsistencyChecking to avoid deprecation warnings 2024-12-03 14:30:23 +01:00
Asger F
834d35bc42 JS: Port experimental DecompressionBombs to ConfigSig 2024-12-03 14:30:21 +01:00
Napalys
3171f38cdd JS: fixed bad alert messages when it came to incomplete sanitization for new RegExp objects 2024-11-29 11:14:45 +01:00
Napalys Klicius
9ca0fe4cbf Update RegExp handling and add test case 
Co-authored-by: erik-krogh <erik-krogh@github.com>
 2024-11-28 14:13:40 +01:00
Napalys
1d2e08a3b6 JS: now Reg Exp injection treats unknownFlags as sanitization, MetacharEscapeSanitizer 2024-11-28 11:26:58 +01:00
Napalys
62194f5337 JS: add test cases RegExp with unknown flags 2024-11-28 11:26:57 +01:00
Napalys
e673348ed3 JS: now RegExp with unknown flags is not flagged as an issue within password Clear text storage of sensitive information 2024-11-28 11:26:56 +01:00
Napalys
a2c46749c6 JS: fixed issue where MaskingReplacer would work only with regexp literals but not objects 2024-11-28 11:26:55 +01:00
Napalys
1ca57cfb9d JS: add test cases with RegExp object for MaskingReplacer, currently gives wrong results 2024-11-28 11:26:54 +01:00
Napalys
c71778f1aa JS: xss does not flag anymore replace with RegExp unknown flags 2024-11-28 11:26:53 +01:00
Napalys
dbae553146 JS: add xss test cases with unknownflags for replace using RegExp 2024-11-28 11:26:52 +01:00
Napalys
fe28657c7d JS: add test cases with unknown flags for double escaping, works as expected. 2024-11-28 11:26:51 +01:00
Napalys
98fd97799c JS: imcomplete sanization now handles properly maybe global 2024-11-28 11:26:50 +01:00
Napalys
1ae174849f JS: incomplete sanitization now also works with RegExp objects 2024-11-28 11:26:48 +01:00
Napalys
76318035ff JS: Add test cases for RegExp object usage in replace within incomplete sanitization 2024-11-28 11:26:47 +01:00
Napalys
9c2366a660 JS: Added tests for ReDos with unknownFlags, everything seems to be good 2024-11-28 11:26:46 +01:00
Napalys
875478c1c6 JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall 2024-11-28 11:26:45 +01:00
Napalys
aa557cf950 JS: Added tests for DotRemovingReplaceCall with RegExp Object. 2024-11-28 11:26:44 +01:00