Asger F
054558d7b5
JS: Include content properties in type-tracker properties
...
Reminder: we have two PropertyName classes because the one in Contents.qll can't depend on DataFlow::Node.
2024-12-03 09:58:54 +01:00
Asger F
8bca66493f
JS: Add test showing lack of inclusion in PropertyName
2024-12-03 09:57:02 +01:00
Asger F
9c6b6981e2
JS: Add test to restrict dependencies
2024-11-29 14:23:56 +01:00
Asger F
2f0c80a98b
JS: Include summary steps in type tracking
2024-11-29 14:23:55 +01:00
Asger F
440cbb7f0a
JS: Add inline-expectation test for type tracking
2024-11-29 14:23:54 +01:00
Asger F
6349903110
JS: Move FlowSummary/Summaries.qll into testUtilities
2024-11-29 14:23:52 +01:00
Asger F
805fd0b46e
JS: Refine speculative step definition
2024-11-26 15:56:56 +01:00
Asger F
8818fcc207
JS: Benign test output changes
2024-11-26 15:47:13 +01:00
Asger F
82d61e4194
Merge branch 'js/shared-dataflow-branch' into js/shared-dataflow-merge-main
2024-11-26 15:36:16 +01:00
Asger F
1ac7591faf
JS: Update missed flow in capture-flow.js
...
We previously caught this flow because of a heuristic in capture flow. We'll have to fix it properly later.
2024-11-21 12:57:34 +01:00
Asger F
84820adf3c
Add test for exception flow out of finally()
2024-11-21 11:01:03 +01:00
Asger F
948d21ca07
JS: Propagate exceptions from summarized callables by default
2024-11-21 10:24:31 +01:00
Asger F
dcdb2e5133
JS: Fix callback check so it works without parameters
2024-11-21 10:24:29 +01:00
Asger F
b7dd455aff
JS: Add test case
2024-11-21 09:21:36 +01:00
Asger F
d52bc971b8
Merge branch 'main' into js/shared-dataflow-merge-main
2024-11-20 14:05:03 +01:00
Asger F
80a5a5909e
JS: Use getUnderlyingValue() a few places in VariableCapture
2024-11-19 13:23:29 +01:00
Asger F
d2daec4c66
JS: Add tests explaining why the IIFE in f2 didn't work
2024-11-19 13:23:24 +01:00
Asger F
37676f41aa
JS: Remove jump steps from IIFE steps
2024-11-18 13:38:34 +01:00
Asger F
7f2eae0966
JS: Add test case for false flow through IIFEs
...
We generate local flow steps into and out of IIFEs, but these come jump steps automatically, resulting in FPs.
2024-11-18 13:34:35 +01:00
Asger F
7acc5689cf
JS: Port exception steps to a universal summary
2024-11-18 13:27:58 +01:00
Asger F
5ed362f7d6
JS: Add exception test case
2024-11-18 13:23:09 +01:00
Napalys
bed1f25b3f
JS: Fix: Now Array.prototype.with is properly flagged as taint step
2024-11-15 10:35:34 +01:00
Napalys
f04fd5cdcc
JS: Add: Test case for Array.protype.with taint step
2024-11-15 10:27:44 +01:00
Napalys Klicius
6fa3ff39a0
Merge branch 'main' into napalys/toSpliced-support
2024-11-14 16:56:32 +01:00
Napalys
b333f523df
JS: Fix: now one can determine regex via Array.prototype.toSpliced function call.
2024-11-14 15:35:03 +01:00
Napalys
2b0def1ed3
JS: Add: Test case for checking if regex via using toSpliced
2024-11-14 15:31:38 +01:00
Napalys
52330e834c
JS: Add: Test case for checking if regex via using splice
2024-11-14 15:29:05 +01:00
Napalys
84234d59b9
JS: Fix: Ensure toSpliced with spread operator is flagged
2024-11-13 17:21:34 +01:00
Napalys
8512cb44ff
JS: Add: Test cases for toSpliced with spread operator
2024-11-13 17:18:09 +01:00
Napalys
cf90430ec0
JS: Add: Missing test case for splice spread operator
2024-11-13 17:07:17 +01:00
Napalys
2df3d1b251
JS: Fix: Ensure toSpliced is flagged by taint tracking in test suite ( ed44358143)
2024-11-13 15:58:20 +01:00
Napalys
ed44358143
Added toSpliced test cases for mutation arrays
2024-11-13 15:51:00 +01:00
Napalys
df4b596180
Added toSpliced as part ArraySliceStep and ArraySpliceStep, fixed tests from 2d9bc43506
2024-11-13 13:47:34 +01:00
Napalys
2d9bc43506
Added tests for arrays toSpliced with pop
2024-11-13 12:58:24 +01:00
Napalys
b4c84d3d3c
Added taint step for toSpliced, handles test from a65f80ef76
2024-11-13 12:41:41 +01:00
Napalys
a65f80ef76
Added basic taint tracking test for Array.prototype.toSpliced()
2024-11-13 12:28:14 +01:00
Napalys
7427a24ca1
Added test case for Array.prototype.toReversed, which is currently not flagged as a taint sink.
2024-11-12 12:02:37 +01:00
Napalys
3215967cbc
Added toReserved test case
2024-11-12 12:02:20 +01:00
Napalys
3f0a54c2e8
Added support for Array.prototype.toSorted function
2024-11-12 12:02:04 +01:00
Napalys
def8d75cb8
Added test case for Array.prototype.toSorted, which is currently not flagged as a taint sink.
2024-11-12 12:01:51 +01:00
Napalys Klicius
6266dab518
Merge pull request #17951 from Napalys/napalys/reverse-support
...
JS: Added support for reverse function
2024-11-12 10:09:18 +01:00
Napalys
81bc7cd19f
Refactored SortTaintStep to ArrayInPlaceManipulationTaintStep to support both sort and reverse functions. Fixed newly added test case. from 8026a99db7
2024-11-11 08:32:03 +01:00
Napalys
1c298f0231
Added test case for Array.prototype.reverse, which is currently not flagged as a potential sink.
2024-11-11 08:32:02 +01:00
Rasmus Wriedt Larsen
c0ad9ba529
Merge branch 'main' into js-threat-models
2024-11-01 10:48:32 +01:00
Rasmus Wriedt Larsen
61e60de969
JS: Model readline as a stdin threat-model source
...
Technically not always true, but my assumption is that +90% of the time
that's what it will be used for, so while we could be more precise by
adding a taint-step from the `input` part of the construction, I'm not
sure it's worth it in this case.
Furthermore, doing so would break with the current way we model
threat-model sources, and how sources are generally modeled in JS... so
for a very pretty setup it would require changing all the other `file`
threat-model sources to start at the constructors such as
`fs.createReadStream()` and have taint-propagation steps towards the
actual use (like we do in Python)...
I couldn't see an easy path forwards for doing this while keeping the
Concepts integration, so I opted for the simpler solution here.
2024-10-31 14:29:30 +01:00
Rasmus Wriedt Larsen
eca8bf5a35
JS: Do simple modeling of process.stdin as threat-model source
2024-10-31 14:26:45 +01:00
Rasmus Wriedt Larsen
34b86c39c1
JS: Model fs.promises.readFile as file source
...
You could argue that proper modeling be done in the same way as
`NodeJSFileSystemAccessRead` is done for the callback based `fs` API (in
NodeJSLib.qll). However, that work is straying from the core goals I'm
working towards right now, so I'll argue that "perfect is the enemy of
good", and leave this as is for now.
2024-10-31 14:09:38 +01:00
Rasmus Wriedt Larsen
971f53870e
JS: Include fs externs
...
Makes a difference due to the modeling of NodeJSFileSystemAccessRead depending on these, see
412e841d69/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll (L479-L488)
File copied from 7cef4322e7/javascript/externs/nodejs/fs.js
2024-10-31 13:51:22 +01:00
Rasmus Wriedt Larsen
b47fa77dc6
JS: Add tests for stdin threat-model sources
2024-10-31 12:59:21 +01:00
Rasmus Wriedt Larsen
2b6c27eb60
JS: Add initial file threat-model support
...
However, as indicated by the `MISSING` annotations, we could do better.
2024-10-29 15:14:39 +01:00