116 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	ff5b873557	Merge pull request #8773 from erik-krogh/exhaustion ... JS: promote `js/resource-exhaustion` out of experimental	2022-04-20 19:33:42 +02:00
Erik Krogh Kristensen	10130eef6d	Merge pull request #8678 from erik-krogh/fileSource ... JS: Add files as a source for `js/xss-through-dom`	2022-04-20 09:18:38 +02:00
Stephan Brandauer	2fb3147b7b	Merge pull request #8430 from kaeluka/js/CVE-2022-24718 ... JS: Add taint step for handlebars model	2022-04-19 15:57:58 +01:00
Erik Krogh Kristensen	4b6d8e6865	add missing qldoc	2022-04-19 10:56:58 +02:00
Erik Krogh Kristensen	4c97f68a3d	remove postmessage events as source for js/resource-exhaustion	2022-04-13 23:14:42 +02:00
Erik Krogh Kristensen	51a0b6d501	remove client-side remote-flow from js/resource-exhaustion	2022-04-13 23:05:59 +02:00
Erik Krogh Kristensen	41bdd8f4da	minor fixes	2022-04-13 10:11:07 +02:00
Erik Krogh Kristensen	b13e7c055b	move the sanitizer-guard to the Query.qll file	2022-04-13 09:58:33 +02:00
Erik Krogh Kristensen	96e4633dfe	remove more code that did nothing	2022-04-13 09:57:32 +02:00
Erik Krogh Kristensen	d35604ed82	remove the length sanitizer from loop-bound-injection - it did nothing	2022-04-13 09:43:21 +02:00
Erik Krogh Kristensen	8e47a9b242	add sanitizer step for .length in js/resource-exhaustion	2022-04-13 09:30:09 +02:00
Erik Krogh Kristensen	ebf9ba7250	remove the type-overloaded new Buffer() as a sink	2022-04-12 16:29:58 +02:00
Erik Krogh Kristensen	e2b7f7d05d	reintroduce the number sinks	2022-04-12 16:26:10 +02:00
Erik Krogh Kristensen	0435cee57f	add a taint-step through URL.createObjectURL for js/xss-through-dom	2022-04-06 12:18:47 +02:00
Erik Krogh Kristensen	b11d48e749	add files in the DOM as a source for js/xss-through-dom	2022-04-06 12:09:07 +02:00
Stephan Brandauer	0bd9e9f298	add handlebars taint step	2022-03-24 11:46:16 +01:00
Asger Feldthaus	6bef5a70b3	JS: Add dedicated API graph label for receiver, instead of parameter -1	2022-03-23 10:42:51 +01:00
Erik Krogh Kristensen	8ae04e04d4	Merge pull request #8509 from erik-krogh/fpXss ... JS: filter away reads of .src that end in a URL sink for js/xss-through-dom	2022-03-22 14:51:17 +01:00
Erik Krogh Kristensen	099d91ba6f	update qldoc	2022-03-22 10:27:21 +01:00
Harry Maclean	c2d4bc50c9	Add missing file doc comment	2022-03-22 11:10:09 +13:00
Harry Maclean	91a7e9405c	Share HttpToFileAccessQuery between JS and Ruby ... There's so little in this query that it may not be worth sharing, but it's an interesting exercise in figuring out how we do it nicely.	2022-03-22 11:10:08 +13:00
Erik Krogh Kristensen	c8385a1e80	js/xss-through-dom: filter away reads of .src that end in a URL sink	2022-03-21 16:48:59 +01:00
Harry Maclean	0cfe37dff4	Share TaintedFormatString between Ruby and JS	2022-03-21 12:51:46 +13:00
Erik Krogh Kristensen	aa8b7c8679	update reference to deprecated class name	2022-03-16 22:32:54 +01:00
Erik Krogh Kristensen	b3de5d94a6	move PrefixStringSanitizer to the Query.qll file, and have it extend LabeledSanitizerGuardNode	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	562dce57e8	rename isXSSSink to isXssSink	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	f083e87fa1	refactor the js/xss query to use three flowlabels and one configuration	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	87842bb8b7	add client-side-url sinks that may execute JavaScript as XSS sinks	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	b471fec149	split interpretsArgumentsAsURL out of interpretsArgumentsAsHTML, and use it to generalize AttributeUrlSink	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	67e6a4c716	add a isXSSSink predicate to the client-side-url-redirection sinks	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	559f03ebbc	remove unnecessary module qualifier	2022-03-16 22:32:07 +01:00
Erik Krogh Kristensen	2d9d383c55	remove unused import	2022-03-16 22:32:07 +01:00
Erik Krogh Kristensen	c7509c4dd3	Merge branch 'main' into deadCode	2022-03-15 09:19:14 +01:00
Erik Krogh Kristensen	2250ebc5e2	remove leftover comments	2022-03-14 13:04:22 +01:00
Erik Krogh Kristensen	3bf5e06d53	delete all dead code	2022-03-14 13:03:31 +01:00
Erik Krogh Kristensen	7d6700a943	Merge branch 'main' into depMore	2022-03-14 11:49:18 +01:00
Erik Krogh Kristensen	c0a63beec1	deprecate unused document predicates in DOM.qll	2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen	9cf0a94e4d	use some Sanitizer classes that were unused in the query code	2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen	1e365611fc	fix all other implicit-this warnings introduced by the acronym patch	2022-03-11 13:22:07 +01:00
Erik Krogh Kristensen	69353bb014	patch upper-case acronyms to be PascalCase	2022-03-11 11:10:33 +01:00
Erik Krogh Kristensen	a86f0afb3c	delete all deprecations that are over 14 months old	2022-03-09 18:28:07 +01:00
Erik Krogh Kristensen	4734f1916e	Merge pull request #7598 from erik-krogh/fieldOnlyUsedInCharPred ... QL: field only used in charPred	2022-03-08 11:25:57 +01:00
Stephan Brandauer	c17d8b145a	Merge pull request #8054 from asgerf/js/split-request-forgery ... JS: split request forgery query into server-side and client-side variants	2022-02-23 10:27:16 +01:00
Asger Feldthaus	8194c041cc	JS: Merge sources to one class	2022-02-21 16:26:02 +01:00
Asger F	00ed72ed83	Apply suggestions from code review ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-02-21 16:24:50 +01:00
Erik Krogh Kristensen	1407b49a8f	fix some instances of ql/pred-doc-style for JS	2022-02-21 15:02:21 +01:00
Asger Feldthaus	260638c68b	JS: Add ClientSideRequestForgery and split request-forgery results between the two	2022-02-16 13:35:01 +01:00
Erik Krogh Kristensen	a1c5724be7	fix most ql-for-ql warnings in JS	2022-02-11 17:57:37 +01:00
Erik Krogh Kristensen	3791b159fb	Merge pull request #7892 from erik-krogh/nanSan ... JS: Add a `isNaN` sanitizer, and use it in queries that already had a typeof check	2022-02-11 10:13:06 +01:00
CodeQL CI	1a91a79b5b	Merge pull request #5841 from erik-krogh/libCode ... Approved by esbena, ethanpalm	2022-02-10 11:36:45 +00:00