hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 14:04:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
52,959 Commits 1,740 Branches 165 Tags
a8a6913512e84bc0c047faf06d46292e6c841d24
Commit Graph

63 Commits

Author SHA1 Message Date
Asger F
92a681213d JS: Step through jQuery callback return values 2023-03-27 11:17:27 +02:00
Asger F
bc2a772f3b JS: Add test case showing false negative 2023-03-27 11:08:39 +02:00
Asger F
856b50735d JS: Expand test case 2023-03-07 13:04:26 +01:00
tyage
54050bf1b6 update test result XssWithAdditionalSources 2022-10-27 10:23:37 +09:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
tyage
192c1f3d89 make test json.stringify 2022-10-04 17:40:52 +09:00
tyage
726cd2ca8a refactor test 2022-10-04 17:11:37 +09:00
tyage
2006ae8332 rename file 2022-10-04 17:05:15 +09:00
tyage
33d204913c add test for json stringify xss 2022-10-04 14:45:09 +09:00
Erik Krogh Kristensen
e387ebaedd add domNode.innerHTML += sink as a DOM sink 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
0e4954a68c add navigation.navigate as an XSS / URL sink 2022-06-29 14:56:20 +02:00
Erik Krogh Kristensen
7f592a6c64 merge Clipboard.qll and DragAndDrop.qll, and support InputEvent 2022-04-18 22:17:31 +02:00
Erik Krogh Kristensen
34abef8a6c Merge branch 'main' into dragAndDrop 2022-04-11 23:59:46 +02:00
bananabr
57fac949fd included ClipboardEvent and DragEvent as XSS sources 2022-04-11 16:37:00 -05:00
Erik Krogh Kristensen
aafa8ddc9f add support for domNode.onpaste for copy-paste events 2022-04-11 20:10:56 +02:00
Erik Krogh Kristensen
6713b2c671 add support for domNode.ondrop for drag-and-drop events 2022-04-11 20:06:12 +02:00
bananabr
0f1582f3f6 included JavaScript drag and drop API Xss sources 2022-04-09 22:33:30 -05:00
Asger Feldthaus
b85739cb7e JS: Update test output 2022-04-07 13:23:26 +02:00
Erik Krogh Kristensen
6cdc38748c update expected output 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
d8a5947a08 simplify TaintedUrlSuffix::source() to only consider window.location based sources 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
f083e87fa1 refactor the js/xss query to use three flowlabels and one configuration 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
87842bb8b7 add client-side-url sinks that may execute JavaScript as XSS sinks 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
b471fec149 split interpretsArgumentsAsURL out of interpretsArgumentsAsHTML, and use it to generalize AttributeUrlSink 2022-03-16 22:32:08 +01:00
Asger Feldthaus
7e947b2a65 JS: Use return value of trusted type policy callback as a sink 2021-12-14 13:28:46 +01:00
Erik Krogh Kristensen
12c24c07df improve the got model 2021-11-15 21:52:12 +01:00
Erik Krogh Kristensen
8569d261f7 add test 2021-09-13 20:43:31 +02:00
Asger Feldthaus
f1bcfa287b JS: Add more tests 2021-08-10 08:55:03 +02:00
Asger Feldthaus
00f4694616 JS: Recognize methods returning DOM objects 2021-08-04 16:25:56 +02:00
CodeQL CI
6c2c51a767 Merge pull request #6287 from erik-krogh/react-tooltip 
Approved by asgerf
 2021-07-16 02:10:36 -07:00
Erik Krogh Kristensen
ae2fc7171b add a taint step through the ansi-to-html library 2021-07-15 14:04:16 +02:00
Erik Krogh Kristensen
22dfe84ee8 add xss sink for react-tooltip 2021-07-14 20:03:50 +02:00
Esben Sparre Andreasen
85b9003af4 JS: add Mootools XSS sinks 2021-07-01 09:17:27 +02:00
Erik Krogh Kristensen
c736606695 add support for moment/dayjs/luxon instances returned by @date-io adapters 2021-06-22 10:42:24 +02:00
Erik Krogh Kristensen
227f61b954 add model for the luxon library 2021-06-21 23:29:12 +02:00
Erik Krogh Kristensen
cdf3cdcf71 add model for the formatByString and formatByNumber functions in @date-io 2021-06-21 23:29:01 +02:00
Erik Krogh Kristensen
2a4570eaaa add model for the dayjs library 2021-06-21 23:28:45 +02:00
Asger Feldthaus
e30fa89405 JS: Update more test expectations 2021-03-18 10:04:39 +00:00
Asger Feldthaus
97b8e35426 JS: Update test expectations 2021-03-16 15:09:01 +00:00
Asger Feldthaus
710cca5395 JS: Update expectations with new sources 2021-03-16 13:28:12 +00:00
Asger Feldthaus
2e57a7d3e9 JS: Add ClientSideRemoteFlowSource 2021-03-16 13:28:09 +00:00
CodeQL CI
40acb95105 Merge pull request #5397 from erik-krogh/globalSanitizer 
Approved by asgerf
 2021-03-16 05:37:32 -07:00
CodeQL CI
a9c292e265 Merge pull request #5391 from erik-krogh/additionalXss 
Approved by asgerf
 2021-03-15 04:50:54 -07:00
Erik Krogh Kristensen
1dcfc3840d add test 2021-03-12 16:25:33 +01:00
Asger Feldthaus
a2d1e88bb3 JS: Update more test expectations 2021-03-12 12:57:21 +00:00
Erik Krogh Kristensen
d7b0f628a1 add test 2021-03-12 00:03:20 +01:00
CodeQL CI
d7b9251b0d Merge pull request #5262 from max-schaefer/event-handler-receiver-is-dom-element 
Approved by asgerf
 2021-03-05 02:04:59 -08:00
Max Schaefer
2e252ba3e4 JavaScript: Learn that receivers of DOM event handlers are themselves DOM nodes. 2021-02-25 09:06:58 +00:00
Esben Sparre Andreasen
9678534f25 JS: add tests for some syntactic XSS vector obfuscations 2021-02-01 10:20:23 +01:00
Asger Feldthaus
3db6069372 JS: Add test for new sink 2021-01-18 10:55:34 +00:00
Asger Feldthaus
2752b4ba64 JS: Shift line numbers in test 2021-01-18 10:54:39 +00:00