erik-krogh
|
396da117bb
|
remove an FP in overly-large-range for [@-Z]
|
2024-01-25 14:15:06 +01:00 |
|
erik-krogh
|
1a8a70dc1b
|
mark the range [0-?] as good in the overly-large-range query
|
2024-01-17 13:11:57 +01:00 |
|
erik-krogh
|
a9f2b3fad6
|
promote PropsTaintStep to a PreCallGraphStep
|
2024-01-04 10:45:22 +01:00 |
|
Max Schaefer
|
dfffa1e237
|
Apply suggestions from code review
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
|
2023-11-21 10:07:11 +00:00 |
|
Max Schaefer
|
d147faba4e
|
Update qhelp for js/path-injection.
|
2023-11-20 11:58:00 +00:00 |
|
Rasmus Wriedt Larsen
|
43d9d2ceb7
|
Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
|
2023-11-08 14:29:24 +01:00 |
|
Max Schaefer
|
104700f6d3
|
Address review comment.
|
2023-10-27 10:19:28 +01:00 |
|
Max Schaefer
|
741735cc83
|
Port changes to JavaScript.
|
2023-10-26 14:47:24 +01:00 |
|
Max Schaefer
|
2c7291336d
|
Move test files into right directory.
|
2023-10-26 12:16:52 +01:00 |
|
Max Schaefer
|
bb146a1758
|
JavaScript: Add support for rateLimit export from express-rate-limit package.
|
2023-10-26 12:14:57 +01:00 |
|
Max Schaefer
|
e722e3288f
|
Merge pull request #13771 from github/max-schaefer/server-side-url-redirect-help
JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.
|
2023-09-13 13:20:48 +01:00 |
|
Max Schaefer
|
a9e81672f0
|
Make suggestion to replace example.com more explicit.
|
2023-09-12 16:54:05 +01:00 |
|
Max Schaefer
|
a02f373e79
|
Use better sanitiser.
|
2023-09-06 14:06:16 +01:00 |
|
Max Schaefer
|
87364137df
|
Use more sensible validator in example.
|
2023-08-21 15:14:01 +01:00 |
|
erik-krogh
|
0bce42410a
|
support arbitrary codepoints in NfaUtils.qll
|
2023-08-08 22:14:51 +02:00 |
|
erik-krogh
|
92db7b047c
|
escape unicode chars in the output for the ReDoS queries
|
2023-08-08 00:15:54 +02:00 |
|
Max Schaefer
|
7823ff968c
|
JavaScript: Improve query help for js/server-side-unvalidated-url-redirection.
|
2023-07-19 13:23:25 +01:00 |
|
Asger F
|
d57276ca35
|
Merge pull request #13719 from asgerf/js/barrier-inout
JS: Replace barrier edges with barrier nodes
|
2023-07-13 16:36:52 +02:00 |
|
Asger F
|
944a2ca825
|
JS: Replace ClearTextLogging::isSanitizerEdge with a node
|
2023-07-11 14:20:17 +02:00 |
|
Asger F
|
27085b1fd0
|
JS: Fix whitespace
|
2023-07-10 12:07:13 +02:00 |
|
Asger F
|
fe90146a16
|
JS: Add test for path.join with spread argument
|
2023-07-10 12:07:07 +02:00 |
|
Asger F
|
06bc0f6957
|
JS: Add test for fs/promises
|
2023-07-10 12:05:03 +02:00 |
|
Erik Krogh Kristensen
|
b2a60bf3d1
|
Merge pull request #13642 from erik-krogh/san-script
JS/RB: Fix FP in incomplete-multi-character-sanitization
|
2023-07-06 15:38:39 +02:00 |
|
erik-krogh
|
f9eee906cf
|
fix FP by requiring that the regular expression mention on of the chars important in the prefix
|
2023-07-01 20:30:09 +02:00 |
|
erik-krogh
|
bd400be6ec
|
add FP for incomplete-multi-char-sanitization
|
2023-07-01 20:28:31 +02:00 |
|
jorgectf
|
2ac334bf15
|
Adapt Webix modeling to support HTML use-cases
|
2023-06-28 15:26:30 +02:00 |
|
jorgectf
|
1e663b8889
|
Update HeuristicSourceCodeInjection.expected
|
2023-06-26 13:32:20 +02:00 |
|
Jorge
|
08b9a5e2b2
|
Add missing ;
|
2023-06-23 23:10:06 +02:00 |
|
Jorge
|
3c980db93a
|
Format webix.js
|
2023-06-23 18:08:01 +02:00 |
|
Kevin Stubbings
|
3605269e13
|
Add webix copy function
|
2023-06-22 22:16:28 -07:00 |
|
jorgectf
|
6947e99c15
|
Add models for webix
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
|
2023-06-22 01:07:33 +02:00 |
|
erik-krogh
|
3fd9f26b52
|
use consistent indentation in mongoose.js
|
2023-06-12 16:40:42 +02:00 |
|
erik-krogh
|
cd6f738f72
|
add mongoose.Types.ObjectId.isValid as a sanitizer-guard for NoSQL injection
|
2023-06-12 16:38:11 +02:00 |
|
Asger F
|
76a8e9827e
|
Merge pull request #13283 from asgerf/js/restrict-regex-search-function
JS: Be more conservative about flagging "search" call arguments as regex
|
2023-06-08 10:50:51 +02:00 |
|
Erik Krogh Kristensen
|
b78cd48954
|
Merge pull request #13329 from erik-krogh/sqlhelp
JS: improve the sql-injection help page
|
2023-06-06 08:44:44 +02:00 |
|
erik-krogh
|
b343dcaadd
|
put string/object in the alert-message for sql-injection
|
2023-05-31 08:06:04 +02:00 |
|
Asger F
|
9df9ca2916
|
JS: Update test and expectations for MissingRegExpAnchor
|
2023-05-26 14:07:34 +02:00 |
|
Asger F
|
40daa9c906
|
JS: Update RegExpInjection test and expectations
|
2023-05-26 14:05:36 +02:00 |
|
erik-krogh
|
f7419c9250
|
add expected output
|
2023-05-23 09:56:06 +02:00 |
|
erik-krogh
|
f85b3e13c2
|
update expected output
|
2023-05-23 09:56:06 +02:00 |
|
erik-krogh
|
3293a55e8f
|
require arguments to be shell interpreted to be flagged by indirect-command-injection
|
2023-05-17 11:07:45 +02:00 |
|
Asger F
|
20e8ee8423
|
Merge pull request #12748 from JarLob/yi
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
|
2023-05-15 11:03:00 +02:00 |
|
Asger F
|
c376eeb133
|
Merge pull request #12978 from asgerf/js/github-actions-sources
JS: Add sources and sinks related to GitHub Actions
|
2023-05-10 09:55:24 +02:00 |
|
Asger F
|
1a9956354e
|
JS: Restrict getInput to indirect command injection query
|
2023-05-03 16:10:03 +02:00 |
|
Kasper Svendsen
|
67950c8e6b
|
JS: Make implicit this receivers explicit
|
2023-05-03 15:31:00 +02:00 |
|
Asger F
|
b9ad4177f9
|
JS: List safe environment variables in IndirectCommandInjection
|
2023-05-03 10:48:14 +02:00 |
|
Asger F
|
08785a4063
|
JS: Add sources from actions/core
|
2023-05-01 11:42:17 +02:00 |
|
Asger F
|
cb95dbfa14
|
JS: Add tests
|
2023-05-01 11:42:17 +02:00 |
|
Asger F
|
e9f1e99526
|
Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization
JS: Update model of js-yaml
|
2023-05-01 09:57:20 +02:00 |
|
tyage
|
933b55d37d
|
Track interfile useRouter
|
2023-04-28 15:49:26 +09:00 |
|