codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
Asger F	2a194a53af	raw test output	2025-02-28 13:29:39 +01:00
Asger F	64d39da5f8	JS: Accept Sources/Sink tags	2025-02-28 13:29:30 +01:00
Asger F	87518ba60e	JS: Update tainted-sendFile.js This file was added on main while this branch was in progress. Porting the whole file in one step.	2025-02-28 13:29:25 +01:00
Asger F	10a7294327	JS: Accept trivial test changes This adds Alert annotations for alerts that seem intentional by the test but has not been annotated with 'NOT OK', or the comment was in the wrong place. In a few cases I included 'Source' expectations to make it easier to see what happened. Other 'Source' expectations will be added in bulk a later commit.	2025-02-28 13:27:43 +01:00
Asger F	f5911c9e5a	JS: Accept raw test output	2025-02-28 13:27:38 +01:00
Asger F	d0ce53ed82	JS: Enable post-processing for all .qlref files	2025-02-28 13:27:33 +01:00
Asger F	426edd55f2	JS: Update output after line number change Some OK-style comments had to be moved to the following line, shifting line numbers. In selected range also included the comments themselves. Lastly, the result sets were reordered by the CLI in some cases.	2025-02-28 13:27:31 +01:00
Asger F	9be041e27d	JS: Update OK-style comments to $-style	2025-02-28 13:27:28 +01:00
Asger F	7e5c24a8ec	JS: Remove uses of old inline expectation test library	2025-02-28 13:27:26 +01:00
Kevin Stubbings	d0ed0fdeb3	Add download to Express	2025-02-12 00:10:09 -08:00
Asger F	f8dc7eb25b	JS: Update output from tests that changed on main	2024-12-19 15:25:47 +01:00
Asger F	3acd4814de	Merge branch 'main' into js/shared-dataflow-merge-main	2024-12-19 10:14:38 +01:00
Michael Nebel	c3fe3e468c	Javascript: Update all test util paths to point to the new location.	2024-12-12 13:54:25 +01:00
Asger F	08d25c122d	JS: Deprecate more uses of ConsistencyConfiguration	2024-12-03 14:30:27 +01:00
Asger F	0ce1fe767d	JS: Deprecate ConsistencyChecking to avoid deprecation warnings	2024-12-03 14:30:23 +01:00
Napalys	875478c1c6	JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall	2024-11-28 11:26:45 +01:00
Napalys	aa557cf950	JS: Added tests for DotRemovingReplaceCall with RegExp Object.	2024-11-28 11:26:44 +01:00
Napalys	23b18aeca9	JS: Now unknown flags are not flagged in taint paths	2024-11-28 11:26:41 +01:00
Napalys	7db6f7c721	JS: Added test cases with new RegExp for Tainted paths, currently works only with literals	2024-11-28 11:26:39 +01:00
Asger F	8818fcc207	JS: Benign test output changes	2024-11-26 15:47:13 +01:00
Asger F	d52bc971b8	Merge branch 'main' into js/shared-dataflow-merge-main	2024-11-20 14:05:03 +01:00
Napalys	b239bfabf1	Added tests forIncompleteHostnameRegExp and normalizedPaths using matchAll	2024-11-05 09:22:26 +01:00
Asger F	a2dd47aeb2	JS: Update test output These files conflicted and have been regenerated.	2024-08-22 14:27:15 +02:00
Asger F	c54f5858b1	Merge branch 'main' into js/shared-dataflow-merge-main	2024-08-22 13:22:05 +02:00
Asger F	7a7ab457a9	JS: Delete unneeded test code (and shift line numbers)	2024-08-16 14:38:54 +02:00
Asger F	9ee7599aeb	JS: Move AngularJSTemplateUrlSink to ClientSideUrlRedirection query This is not perfect but at least we can be consistent about keeping URLs-that-lead-to-xss in the same query	2024-08-16 14:37:13 +02:00
Asger F	c3806a2210	JS: Messy test output updates These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking changes in the data flow library. I wanted the breaking-change updates to live in their own commits, not just eaten by a merge resolution commit, so the test output became broken for a while. The '#select' result set is unchanged in all of these, so they should be safe to accept.	2024-06-27 11:59:56 +02:00
Asger F	5e7d1d5c2c	Merge branch 'main' into js/shared-dataflow-merged	2024-03-13 14:27:16 +01:00
Max Schaefer	dfffa1e237	Apply suggestions from code review Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2023-11-21 10:07:11 +00:00
Max Schaefer	d147faba4e	Update qhelp for js/path-injection.	2023-11-20 11:58:00 +00:00
Asger F	65e9706c8e	JS: Port TaintedPath	2023-10-13 13:15:03 +02:00
Asger F	27085b1fd0	JS: Fix whitespace	2023-07-10 12:07:13 +02:00
Asger F	fe90146a16	JS: Add test for path.join with spread argument	2023-07-10 12:07:07 +02:00
Asger F	06bc0f6957	JS: Add test for fs/promises	2023-07-10 12:05:03 +02:00
erik-krogh	368f84785b	fix some more style-guide violations in the alert-messages	2022-10-07 11:22:22 +02:00
erik-krogh	aa56ca37ae	make the alert messages of taint-tracking queries more consistent	2022-09-05 14:04:52 +02:00
erik-krogh	7e0bd5bde4	update expected output of tests	2022-08-22 21:41:47 +02:00
Erik Krogh Kristensen	7cef4322e7	add model for chownr	2022-06-29 22:09:23 +02:00
Stephan Brandauer	fb66ccff39	handlebars taint step: conservatively assume unknown templates have no flow to helpers	2022-04-13 09:27:59 +02:00
Stephan Brandauer	9c3fcb6268	precise tracking of handlebars arguments	2022-03-28 17:26:43 +02:00
Stephan Brandauer	a28e9c5b6e	documentation for handlebars.js flow step	2022-03-24 13:08:52 +01:00
Stephan Brandauer	0bd9e9f298	add handlebars taint step	2022-03-24 11:46:16 +01:00
Stephan Brandauer	4ee290acd3	update test for 'node:' prefix	2022-01-25 14:25:44 +01:00
Stephan Brandauer	20ea825e4a	test for 'node:' prefix for importing node modules	2022-01-25 13:43:16 +01:00
Esben Sparre Andreasen	9ffc02944d	add file write model for express-fileupload mv	2021-12-10 15:05:34 +01:00
Asger Feldthaus	f14f9449ee	JS: Use getAMatchedString instead of getConstantString	2021-11-08 15:35:35 +01:00
Asger Feldthaus	b3e64f1669	JS: Add test	2021-11-08 15:32:43 +01:00
Asger Feldthaus	5f4c1dd19b	JS: Support regexp-based path traversal check	2021-11-02 14:12:05 +01:00
Asger Feldthaus	83edcf515b	JS: Add test for regexp-based sanitizer	2021-11-02 14:12:04 +01:00
Erik Krogh Kristensen	32ac8778bd	add the cwd option to shell executions as a sink to js/path-injection	2021-08-23 07:32:05 +02:00

1 2 3

125 Commits