Erik Krogh Kristensen
bace2994c3
add test for type-tracking req.params
2020-07-01 11:38:54 +02:00
Erik Krogh Kristensen
5bb308dc8f
sanitize variables used in an HTML escaping switch-case
2020-05-28 12:37:41 +02:00
Asger Feldthaus
7393844699
JS: Update some queries that used data as source
2020-03-18 11:55:13 +00:00
Erik Krogh Kristensen
c14a485ca7
recognize more HttpResponseSink by restricting the hasNonHtmlHeader check
2020-03-02 10:10:34 +01:00
Erik Krogh Kristensen
162c19c348
changes based on review
2020-01-30 14:04:04 +01:00
Max Schaefer
b42026a90a
JavaScript: Update expected output.
2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22
JavaScript: Update expected output.
2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74
JavaScript: Restrict edges to only contain nodes.
2019-10-29 15:03:52 +00:00
Max Schaefer
a8470a984a
JavaScript: Generalise ConstantComparison sanitisers.
...
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.
Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
2019-04-25 07:38:31 +01:00
Asger F
50a77ea843
JS: update test expectations
2019-03-06 08:41:03 +00:00
Max Schaefer
9221b62ded
JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates.
2018-11-14 09:32:31 +00:00
Max Schaefer
c75d785684
JavaScript: Fix modelling of _.partial.
...
Like `Function.prototype.bind` (but unlike `ramda.partial`) it takes the curried arguments as rest arguments, not as an array;
cf. https://lodash.com/docs/4.17.10#partial and https://underscorejs.org/#partial .
2018-10-31 06:31:59 -04:00
Asger F
269bbc9a1a
JavaScript: add flow steps through partial function application
2018-09-25 10:16:40 +01:00
Esben Sparre Andreasen
bbdf6b0f1d
JS: mark PrintfStyleCall as a taint step
2018-08-21 09:02:35 +02:00
Pavel Avgustinov
b55526aa58
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
