Commit Graph

15 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
bace2994c3 add test for type-tracking req.params 2020-07-01 11:38:54 +02:00
Erik Krogh Kristensen
5bb308dc8f sanitize variables used in an HTML escaping switch-case 2020-05-28 12:37:41 +02:00
Asger Feldthaus
7393844699 JS: Update some queries that used data as source 2020-03-18 11:55:13 +00:00
Erik Krogh Kristensen
c14a485ca7 recognize more HttpResponseSink by restricting the hasNonHtmlHeader check 2020-03-02 10:10:34 +01:00
Erik Krogh Kristensen
162c19c348 changes based on review 2020-01-30 14:04:04 +01:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers.
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
2019-04-25 07:38:31 +01:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Max Schaefer
9221b62ded JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates. 2018-11-14 09:32:31 +00:00
Max Schaefer
c75d785684 JavaScript: Fix modelling of _.partial.
Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array;
cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial.
2018-10-31 06:31:59 -04:00
Asger F
269bbc9a1a JavaScript: add flow steps through partial function application 2018-09-25 10:16:40 +01:00
Esben Sparre Andreasen
bbdf6b0f1d JS: mark PrintfStyleCall as a taint step 2018-08-21 09:02:35 +02:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00