codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
Asger F	2a194a53af	raw test output	2025-02-28 13:29:39 +01:00
Asger F	64d39da5f8	JS: Accept Sources/Sink tags	2025-02-28 13:29:30 +01:00
Asger F	4d7cbe6f60	JS: Accept to web socket-based SSRF alerts	2025-02-28 13:29:07 +01:00
Asger F	764eb98809	JS: Move two alerts and add query ID	2025-02-28 13:29:06 +01:00
Asger F	976096540f	JS: Accept an alert	2025-02-28 13:29:05 +01:00
Asger F	f5911c9e5a	JS: Accept raw test output	2025-02-28 13:27:38 +01:00
Asger F	d0ce53ed82	JS: Enable post-processing for all .qlref files	2025-02-28 13:27:33 +01:00
Asger F	9be041e27d	JS: Update OK-style comments to $-style	2025-02-28 13:27:28 +01:00
Asger F	3acd4814de	Merge branch 'main' into js/shared-dataflow-merge-main	2024-12-19 10:14:38 +01:00
Michael Nebel	c3fe3e468c	Javascript: Update all test util paths to point to the new location.	2024-12-12 13:54:25 +01:00
Asger F	08d25c122d	JS: Deprecate more uses of ConsistencyConfiguration	2024-12-03 14:30:27 +01:00
Asger F	0ce1fe767d	JS: Deprecate ConsistencyChecking to avoid deprecation warnings	2024-12-03 14:30:23 +01:00
Asger F	53efb5837b	JS: Update some tests with provenance columns Only includes the changes that purely contain the new provenance columns	2024-06-26 13:51:44 +02:00
Asger F	92816b1c9a	JS: Port ClientSideRequestForgery	2023-10-13 13:15:03 +02:00
Asger F	b2216627be	JS: Port RequestForgery	2023-10-13 13:15:03 +02:00
erik-krogh	3cece50f78	add encodeURIComponent as a sanitizer for request-forgery	2023-01-23 13:53:53 +01:00
erik-krogh	be8ef1b324	add failing test	2023-01-23 13:52:36 +01:00
erik-krogh	368f84785b	fix some more style-guide violations in the alert-messages	2022-10-07 11:22:22 +02:00
Asger Feldthaus	cf66d01e80	JS: Add consistency test	2022-02-16 13:35:01 +01:00
Asger Feldthaus	3103cfd925	JS: Rename to tests to clientSide.js and serverSide.js	2022-02-16 13:35:01 +01:00
Asger Feldthaus	3fbc3a4d70	JS: Add ClientSideRequestForgery to RequestForgery test	2022-02-16 13:35:01 +01:00
Erik Krogh Kristensen	99dd5330c2	add taint-step for URL construction in js/request-forgery	2021-04-08 11:10:33 +02:00
Erik Krogh Kristensen	c194598d37	recognize headers/url from the HTTP request to a server WebSocket.	2021-04-06 10:11:27 +02:00
Erik Krogh Kristensen	84e9229386	Merge branch 'main' into koa	2021-03-19 16:56:15 +01:00
Erik Krogh Kristensen	58617c5c59	recognize client websockets as ClientRequests	2021-03-18 19:08:39 +01:00
Erik Krogh Kristensen	3995ff322d	add models for `koa-route` and `koa-router`	2021-03-17 19:17:20 +01:00
Asger Feldthaus	2e57a7d3e9	JS: Add ClientSideRemoteFlowSource	2021-03-16 13:28:09 +00:00
Erik Krogh Kristensen	e6e4a485c8	add JSDOM.fromUrl() as a request forgery sink	2020-11-02 17:05:56 +01:00
Erik Krogh Kristensen	ec38df69b3	update consistency comments for CWE-918	2020-07-08 10:24:55 +02:00
Erik Krogh Kristensen	6110f85748	refactor chrome-remote-interface to use type-tracking promise steps	2020-03-10 12:27:21 +01:00
Erik Krogh Kristensen	3ddfd7ba73	add extra promise test for `chrome-remote-interface`	2020-03-10 12:24:16 +01:00
Erik Krogh Kristensen	897bb4d801	add test for chrome-remote-interface	2020-02-13 15:12:45 +01:00
Max Schaefer	b42026a90a	JavaScript: Update expected output.	2019-10-29 15:36:24 +00:00
Asger F	3bc7371fd6	JS: be less conservative about incomplete nodes in prefix sanitizers	2019-04-03 15:20:03 +01:00
Asger F	f6e0ccfcf0	JS: model URI and XHR methods from closure library	2019-02-08 15:18:27 +00:00
Asger F	fd2e9f1fcb	JS: shift line numbers in RequestForgery test	2019-02-08 15:13:33 +00:00
Esben Sparre Andreasen	c6b4e29b93	JS: add "host" as a sink for `js/request-forgery`	2018-12-17 10:32:30 +01:00
Max Schaefer	9221b62ded	JavaScript: Update expectd test output for security path queries to include `nodes` and `edges` query predicates.	2018-11-14 09:32:31 +00:00
Esben Sparre Andreasen	f5a6af54e6	JS: add security query: js/request-forgery	2018-09-04 09:25:42 +02:00

39 Commits