Asger F
2a194a53af
raw test output
2025-02-28 13:29:39 +01:00
Asger F
64d39da5f8
JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00
Asger F
87518ba60e
JS: Update tainted-sendFile.js
...
This file was added on main while this branch was in progress. Porting the whole file in one step.
2025-02-28 13:29:25 +01:00
Asger F
10a7294327
JS: Accept trivial test changes
...
This adds Alert annotations for alerts that seem intentional by the test
but has not been annotated with 'NOT OK', or the comment was in the wrong
place.
In a few cases I included 'Source' expectations to make it easier to see
what happened. Other 'Source' expectations will be added in bulk a later
commit.
2025-02-28 13:27:43 +01:00
Asger F
f5911c9e5a
JS: Accept raw test output
2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82
JS: Enable post-processing for all .qlref files
2025-02-28 13:27:33 +01:00
Asger F
426edd55f2
JS: Update output after line number change
...
Some OK-style comments had to be moved to the following line, shifting line numbers.
In selected range also included the comments themselves.
Lastly, the result sets were reordered by the CLI in some cases.
2025-02-28 13:27:31 +01:00
Asger F
9be041e27d
JS: Update OK-style comments to $-style
2025-02-28 13:27:28 +01:00
Asger F
7e5c24a8ec
JS: Remove uses of old inline expectation test library
2025-02-28 13:27:26 +01:00
Kevin Stubbings
d0ed0fdeb3
Add download to Express
2025-02-12 00:10:09 -08:00
Asger F
f8dc7eb25b
JS: Update output from tests that changed on main
2024-12-19 15:25:47 +01:00
Asger F
3acd4814de
Merge branch 'main' into js/shared-dataflow-merge-main
2024-12-19 10:14:38 +01:00
Michael Nebel
c3fe3e468c
Javascript: Update all test util paths to point to the new location.
2024-12-12 13:54:25 +01:00
Asger F
08d25c122d
JS: Deprecate more uses of ConsistencyConfiguration
2024-12-03 14:30:27 +01:00
Asger F
0ce1fe767d
JS: Deprecate ConsistencyChecking to avoid deprecation warnings
2024-12-03 14:30:23 +01:00
Napalys
875478c1c6
JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall
2024-11-28 11:26:45 +01:00
Napalys
aa557cf950
JS: Added tests for DotRemovingReplaceCall with RegExp Object.
2024-11-28 11:26:44 +01:00
Napalys
23b18aeca9
JS: Now unknown flags are not flagged in taint paths
2024-11-28 11:26:41 +01:00
Napalys
7db6f7c721
JS: Added test cases with new RegExp for Tainted paths, currently works only with literals
2024-11-28 11:26:39 +01:00
Asger F
8818fcc207
JS: Benign test output changes
2024-11-26 15:47:13 +01:00
Asger F
d52bc971b8
Merge branch 'main' into js/shared-dataflow-merge-main
2024-11-20 14:05:03 +01:00
Napalys
b239bfabf1
Added tests forIncompleteHostnameRegExp and normalizedPaths using matchAll
2024-11-05 09:22:26 +01:00
Asger F
a2dd47aeb2
JS: Update test output
...
These files conflicted and have been regenerated.
2024-08-22 14:27:15 +02:00
Asger F
c54f5858b1
Merge branch 'main' into js/shared-dataflow-merge-main
2024-08-22 13:22:05 +02:00
Asger F
7a7ab457a9
JS: Delete unneeded test code (and shift line numbers)
2024-08-16 14:38:54 +02:00
Asger F
9ee7599aeb
JS: Move AngularJSTemplateUrlSink to ClientSideUrlRedirection query
...
This is not perfect but at least we can be consistent about keeping URLs-that-lead-to-xss in the same query
2024-08-16 14:37:13 +02:00
Asger F
c3806a2210
JS: Messy test output updates
...
These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking
changes in the data flow library. I wanted the breaking-change updates to live in their own commits,
not just eaten by a merge resolution commit, so the test output became broken for a while.
The '#select' result set is unchanged in all of these, so they should be safe to accept.
2024-06-27 11:59:56 +02:00
Asger F
53efb5837b
JS: Update some tests with provenance columns
...
Only includes the changes that purely contain the new provenance columns
2024-06-26 13:51:44 +02:00
Asger F
5e7d1d5c2c
Merge branch 'main' into js/shared-dataflow-merged
2024-03-13 14:27:16 +01:00
Max Schaefer
dfffa1e237
Apply suggestions from code review
...
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com >
2023-11-21 10:07:11 +00:00
Max Schaefer
d147faba4e
Update qhelp for js/path-injection.
2023-11-20 11:58:00 +00:00
Asger F
7a1aead831
JS: Port ZipSlip
2023-10-13 13:15:04 +02:00
Asger F
65e9706c8e
JS: Port TaintedPath
2023-10-13 13:15:03 +02:00
Asger F
27085b1fd0
JS: Fix whitespace
2023-07-10 12:07:13 +02:00
Asger F
fe90146a16
JS: Add test for path.join with spread argument
2023-07-10 12:07:07 +02:00
Asger F
06bc0f6957
JS: Add test for fs/promises
2023-07-10 12:05:03 +02:00
erik-krogh
368f84785b
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
erik-krogh
aa56ca37ae
make the alert messages of taint-tracking queries more consistent
2022-09-05 14:04:52 +02:00
erik-krogh
7e0bd5bde4
update expected output of tests
2022-08-22 21:41:47 +02:00
Erik Krogh Kristensen
7cef4322e7
add model for chownr
2022-06-29 22:09:23 +02:00
Stephan Brandauer
fb66ccff39
handlebars taint step: conservatively assume unknown templates have no flow to helpers
2022-04-13 09:27:59 +02:00
Stephan Brandauer
9c3fcb6268
precise tracking of handlebars arguments
2022-03-28 17:26:43 +02:00
Stephan Brandauer
a28e9c5b6e
documentation for handlebars.js flow step
2022-03-24 13:08:52 +01:00
Stephan Brandauer
0bd9e9f298
add handlebars taint step
2022-03-24 11:46:16 +01:00
Erik Krogh Kristensen
b59c7911a3
update locations of expected output
2022-02-07 15:23:26 +01:00
Erik Krogh Kristensen
ca5f91e587
recognize more startswith sanitizers for path-injection queries
2022-02-07 14:19:13 +01:00
Erik Krogh Kristensen
edcb3ba902
add file sources from jszip to js/zip-slip
2022-02-04 14:39:49 +01:00
Stephan Brandauer
4ee290acd3
update test for 'node:' prefix
2022-01-25 14:25:44 +01:00
Stephan Brandauer
20ea825e4a
test for 'node:' prefix for importing node modules
2022-01-25 13:43:16 +01:00
Esben Sparre Andreasen
9ffc02944d
add file write model for express-fileupload mv
2021-12-10 15:05:34 +01:00
