19 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	32ac8778bd	add the cwd option to shell executions as a sink to js/path-injection	2021-08-23 07:32:05 +02:00
Erik Krogh Kristensen	f462c9bb76	add taint through the parseqs library	2021-07-14 17:22:35 +02:00
Erik Krogh Kristensen	bec1818fc7	add taint through the normalize-url library	2021-07-14 17:15:14 +02:00
Erik Krogh Kristensen	193ddfc771	add taint through the qs library	2021-07-14 16:56:51 +02:00
Erik Krogh Kristensen	c7c46ea3d6	update test comments to be consistent	2020-06-04 10:55:09 +02:00
Erik Krogh Kristensen	550c578c3c	use MemberShipTest in TaintedPath	2020-06-04 10:51:08 +02:00
Erik Krogh Kristensen	d513e6c5b5	update comments in TaintedPath tests	2020-06-04 10:40:14 +02:00
Erik Krogh Kristensen	e46cde17a1	add a "../" removing taint-step for js/path-injection	2020-04-03 09:42:05 +02:00
Erik Krogh Kristensen	f03c67266a	add taint step for replace call that only removes dots	2020-03-03 12:58:06 +01:00
Erik Krogh Kristensen	95819c8731	use RegExpTerm to generalize predicate	2020-03-03 12:34:18 +01:00
Erik Krogh Kristensen	622a2fcfdc	use regexp term instead of char class	2020-03-03 12:24:13 +01:00
Erik Krogh Kristensen	53d1cd33f6	support sanitizers that remove all forward slashes	2020-03-02 21:34:40 +01:00
Erik Krogh Kristensen	03e295ef11	Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74	2020-02-20 12:19:32 +01:00
Erik Krogh Kristensen	5375604109	calling pop or shift on a SplitPath returns a PosixPath	2020-02-17 13:15:46 +01:00
Erik Krogh Kristensen	46cbeb0bc6	add more steps to the SplitPath label	2020-02-17 12:58:27 +01:00
Erik Krogh Kristensen	0f511c92b4	Merge remote-tracking branch 'upstream/master' into FalsySanitizer	2020-02-10 09:54:58 +01:00
Esben Sparre Andreasen	736ccb98c2	JS: model the send library for js/path-injection	2020-02-07 12:45:32 +01:00
Erik Krogh Kristensen	1f7dda7fbc	add dataflow barrier for if(xrandr)	2020-02-06 12:55:44 +01:00
Jason Reed	23d37c7167	JS: Unbreak TaintedPath	2019-02-28 15:45:26 -05:00