codeql

mirror of https://github.com/github/codeql.git synced 2026-02-23 02:13:41 +01:00

Author	SHA1	Message	Date
Napalys	3171f38cdd	JS: fixed bad alert messages when it came to incomplete sanitization for new RegExp objects	2024-11-29 11:14:45 +01:00
Napalys	fe28657c7d	JS: add test cases with unknown flags for double escaping, works as expected.	2024-11-28 11:26:51 +01:00
Napalys	98fd97799c	JS: imcomplete sanization now handles properly maybe global	2024-11-28 11:26:50 +01:00
Napalys	1ae174849f	JS: incomplete sanitization now also works with RegExp objects	2024-11-28 11:26:48 +01:00
Napalys	76318035ff	JS: Add test cases for RegExp object usage in replace within incomplete sanitization	2024-11-28 11:26:47 +01:00
Napalys	18c7b18f82	JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged.	2024-11-28 11:26:36 +01:00
Napalys	89f3b6f8d3	JS: Added test case for bad sanitizer with unknown flags, currently not flagged.	2024-11-28 11:26:35 +01:00
Napalys	38be0e4c0a	JS: Now BadHtmlSanitizers also flags new RegExp as potential issue	2024-11-28 11:26:34 +01:00
Napalys	41f21d429b	JS: Added test case which is not flagged but should be abusing new RegExp with global flag	2024-11-28 11:26:33 +01:00
erik-krogh	f9eee906cf	fix FP by requiring that the regular expression mention on of the chars important in the prefix	2023-07-01 20:30:09 +02:00
erik-krogh	bd400be6ec	add FP for incomplete-multi-char-sanitization	2023-07-01 20:28:31 +02:00
erik-krogh	38ca68febb	recognize "-->" as a bad tag filter	2023-01-10 18:09:56 +01:00
erik-krogh	15416a9c86	fix getCanonicalCharClass in NfaUtils	2022-11-01 21:35:07 +01:00
erik-krogh	78e35e2f29	add failing test	2022-11-01 21:33:19 +01:00
Nick Rolfe	ed74e0aad1	JS/Python/Ruby: s/a HTML/an HTML/	2022-09-30 10:37:52 +01:00
Harry Maclean	f1a546c4d6	Rename IncompleteMultiCharacterSanitization[Query]	2022-08-17 16:03:49 +12:00
Erik Krogh Kristensen	99ed4a1a89	add a bad-tag-filter query for Python and JavaScript	2021-09-21 15:04:03 +02:00
Erik Krogh Kristensen	4cc2ac9d35	exclude char classes that match everything	2021-08-18 08:59:17 +00:00
Erik Krogh Kristensen	9c2d83e82b	add tests	2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen	6d06550f7d	update expected output	2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen	3640bbd466	add test for IncompleteHtmlAttributeSanitization	2021-03-16 13:25:27 +01:00
Erik Krogh Kristensen	ca435763b0	separate message for double and single quotes	2021-02-01 23:54:12 +01:00
Erik Krogh Kristensen	3f1e81533c	support html attribute concatenations with single quotes	2021-01-29 10:37:37 +01:00
Esben Sparre Andreasen	847687974f	JS: only select non-nullable terms in the broken sanitizer	2021-01-12 08:50:19 +01:00
Esben Sparre Andreasen	40cfbab335	JS: address review feedback	2021-01-12 08:49:08 +01:00
Esben Sparre Andreasen	580a24e982	JS: rewrite js/incomplete-multi-character-sanitization	2021-01-11 11:26:45 +01:00
Esben Sparre Andreasen	2d2468463b	JS: initial version of IncompleteMultiCharacterSanitization.ql	2020-06-09 08:59:59 +02:00
Esben Sparre Andreasen	344f0c36b0	JS: update expected output	2020-05-06 11:18:14 +02:00
Esben Sparre Andreasen	304b013f88	JS: query and tests for unsafe HTML expansion	2020-05-05 10:32:16 +02:00
Esben Sparre Andreasen	89613dbd23	JS: add query for incomplete HTML attribute sanitization	2020-04-24 09:17:46 +02:00
Max Schaefer	0edb70f373	JavaScript: Deal with escape-unescape-escape (and similar) chains.	2019-11-22 09:24:34 +00:00
Max Schaefer	cb54618a5d	JavaScript: Deal with (un-)escaping on captured variables.	2019-11-22 09:24:34 +00:00
Max Schaefer	61aa075e8d	JavaScript: Fix regexes for escaping schemes.	2019-11-22 09:24:34 +00:00
Max Schaefer	4f899a9b0d	JavaScript: Recognize string escaping using `.replace` with a callback.	2019-11-22 09:24:34 +00:00
Max Schaefer	5565be14fc	JavaScript: Teach `IncompleteSanitization` to flag incomplete path sanitizers.	2019-11-19 15:06:16 +00:00
Max Schaefer	155cea7b5b	Revert "JavaScript: Improve double-escaping query"	2019-11-12 22:54:12 +00:00
Max Schaefer	bb0771b36c	JavaScript: Deal with escape-unescape-escape (and similar) chains.	2019-10-30 14:49:01 +00:00
Max Schaefer	8c133ff61d	JavaScript: Deal with (un-)escaping on captured variables.	2019-10-30 14:46:50 +00:00
Max Schaefer	a8214ce7ee	JavaScript: Fix regexes for escaping schemes.	2019-10-30 14:15:59 +00:00
Max Schaefer	5349e0f881	JavaScript: Recognise wrapped chains of replacements.	2019-10-30 13:14:38 +00:00
Max Schaefer	02d16b1dc9	JavaScript: Recognise wrapped string replacement functions.	2019-10-30 13:01:17 +00:00
Max Schaefer	aaeca32519	JavaScript: Recognize string escaping using `.replace` with a callback.	2019-10-30 12:45:32 +00:00
Max Schaefer	bd1c99d8a4	JavaScript: Recognise `JSON.stringify` and `JSON.parse` as escaper/unescaper.	2019-10-30 12:38:05 +00:00
Esben Sparre Andreasen	a9665f53b8	JS: whitelist quote stripping for js/incomplete-sanitization	2019-09-05 09:47:49 +01:00
Esben Sparre Andreasen	ac0913c878	JS: add newline removal whitelist for js/incomplete-sanitization	2019-04-23 08:38:23 +02:00
Esben Sparre Andreasen	bdbd00e046	JS: add newline removal tests for js/incomplete-sanitization	2019-04-23 08:37:39 +02:00
Esben Sparre Andreasen	c80ee3df01	Mergeback: rc/1.20 into Semmle/master	2019-04-16 08:46:15 +02:00
Esben Sparre Andreasen	fd429ce639	JS: whitelist delimiter unwrapping for js/incomplete-sanitization	2019-04-12 08:38:44 +02:00
Esben Sparre Andreasen	a0ed362310	JS: add test case for js/incomplete-sanitization	2019-04-12 08:37:47 +02:00
Esben Sparre Andreasen	364ba1b4ac	JS: use RegExpLiteral as a SourceNode	2019-04-01 09:19:25 +02:00

1 2

56 Commits