Asger F
f073f3b791
JS: Rename file to foo.test.js
2024-11-26 13:44:00 +01:00
Asger F
65da9b41b5
JS: Add cross-file test in InsecureRandom
2024-11-26 13:43:24 +01:00
Asger F
b4bd8e701c
JS: Add test for file classification change
2024-11-26 12:33:39 +01:00
Asger F
930a7b6e28
JS: Update output changes to nodes/edges/subpaths
2024-11-21 13:33:39 +01:00
Asger F
7a77432024
JS: Update lost result in insecure-download
...
The VariableCapture library consumes one component of the access path limit, which means we lose this result
2024-11-21 13:33:10 +01:00
Asger F
1ac7591faf
JS: Update missed flow in capture-flow.js
...
We previously caught this flow because of a heuristic in capture flow. We'll have to fix it properly later.
2024-11-21 12:57:34 +01:00
Asger F
84820adf3c
Add test for exception flow out of finally()
2024-11-21 11:01:03 +01:00
Asger F
948d21ca07
JS: Propagate exceptions from summarized callables by default
2024-11-21 10:24:31 +01:00
Asger F
dcdb2e5133
JS: Fix callback check so it works without parameters
2024-11-21 10:24:29 +01:00
Asger F
b7dd455aff
JS: Add test case
2024-11-21 09:21:36 +01:00
Asger F
80a5a5909e
JS: Use getUnderlyingValue() a few places in VariableCapture
2024-11-19 13:23:29 +01:00
Asger F
d2daec4c66
JS: Add tests explaining why the IIFE in f2 didn't work
2024-11-19 13:23:24 +01:00
Asger F
37676f41aa
JS: Remove jump steps from IIFE steps
2024-11-18 13:38:34 +01:00
Asger F
7f2eae0966
JS: Add test case for false flow through IIFEs
...
We generate local flow steps into and out of IIFEs, but these come jump steps automatically, resulting in FPs.
2024-11-18 13:34:35 +01:00
Asger F
7acc5689cf
JS: Port exception steps to a universal summary
2024-11-18 13:27:58 +01:00
Asger F
5ed362f7d6
JS: Add exception test case
2024-11-18 13:23:09 +01:00
Asger F
52ba91a7f8
JS: Updates to nodes/edges in tests
...
Only changes to nodes/edges for various reasons, no actual result changes
2024-10-29 08:32:13 +01:00
Asger F
1243188825
JS: Update CleartextLogging with fixed FP
2024-10-29 08:32:11 +01:00
Asger F
18b39460f5
JS: Add regained results in UnsafeJQueryPlugin
...
These were marked as 'NOT OK' in the test file, but weren't previously flagged for some reason
2024-10-29 08:32:10 +01:00
Asger F
d3e70c1e97
JS: Add in-barrier to XSS query
...
This is a bit of a bandaid to cover issues with the push() method on next/router being
treated as an array push, which causes it to flow into other taint sources.
2024-10-29 08:32:08 +01:00
Asger F
1b85feb1fa
JS: Add imprecise post-update steps for when a captured var/this is not tracked precisely
...
With the capture library we sometimes bails out of handling certain functions for scalability reasons.
This means we have a notion of "captured but imprecisely-tracked" variables and 'this'. In these cases we go back to propagating flow from a post-update node to the local source.
2024-10-29 08:32:07 +01:00
Asger F
d557c7689c
JS: Update a test that now has more precise output
2024-10-29 08:32:06 +01:00
Asger F
ad52b71922
JS: Update immutable.js test to clarify why it stopped working
...
The Immutable model uses the 'd' and 'f' properties to model Map content, but the test doesn't actually mention those properties, so they were missing from the PropertyName class.
The flow was previously found spuriously by the regular Map model, which also adds flow through the get/set calls. This flow is however no longer found since it relied on a step from post-update back to getALocalSource which is no longer present.
2024-10-29 08:32:03 +01:00
Asger F
c0997c28cb
JS: Reveal issue with immutable.js test
...
Fixed in the next commit
2024-10-29 08:32:02 +01:00
Asger F
4473e6d977
JS: Update test with some post-update consistency checks gone
...
For a constructor call, the return value acts as the post-update node for the 'this' argument. The fact that constructor calls are sometimes PostUpdateNodes causes some of these harmless alerts.
The warnings have disappeared in some cases because we no longer target getALocalSource() so the target is no longer the constructor call.
2024-10-29 08:32:01 +01:00
Asger F
cb874945bf
Test updates from introduction of implicit 'this'
2024-10-29 08:31:59 +01:00
Asger F
bd94fe1574
JS: Explain false positive in test case
2024-10-29 08:31:58 +01:00
Asger F
16b08b74eb
JS: Add test showing potential for FPs when handling refinement guards
2024-10-29 08:31:55 +01:00
Asger F
e784813c3b
JS: Make barrier guards work with use-use flow
2024-10-22 12:46:19 +02:00
Asger F
81af9a1658
Fix missing flow through super calls
2024-10-22 12:46:17 +02:00
Asger F
12370e9210
JS: Use VariableOrThis in variable capture as well
2024-10-22 12:46:16 +02:00
Asger F
0ebe8bdd91
JS: Add test for missing capture flow for 'this'
2024-10-22 12:46:15 +02:00
Asger F
d31499d727
JS: introduce implicit this uses in general
2024-10-22 12:46:14 +02:00
Asger F
8dc0505f84
JS: Add test for missing flow into 'this' in field initializers
2024-10-22 12:46:13 +02:00
Asger F
c3c003b275
JS: Fix post-update flow into 'this'
2024-10-22 12:46:11 +02:00
Asger F
9fc99d6f9d
JS: Fix store into object literals that have a post-update node
2024-10-22 12:46:11 +02:00
Asger F
d626e79ed3
JS: Add two test cases for missing flow
2024-10-22 12:46:10 +02:00
Asger F
78e961cef3
JS: Add use-use flow
2024-10-22 12:46:01 +02:00
Asger F
81e74d8bb5
JS: Add test case for spurious flow from lack of use-use
2024-10-22 12:46:00 +02:00
Asger F
12e316b99d
JS: Update test output after merging in 'main'
...
- Paths are now relative to the test case, not the qlpack
- Paths going through an implicit reads have changed slightly
2024-10-08 10:11:15 +02:00
Asger F
e2e91ac7d9
Merge branch 'main' into js/shared-dataflow-merge-main
2024-10-08 09:28:26 +02:00
Tom Hvitved
d0ca39fb03
JS: Update expected test output
2024-10-04 08:35:33 +02:00
Asger F
5d2ce172eb
JS: Update a test to handle AdditionalSanitizerGuardNode
2024-10-02 14:44:42 +02:00
Asger F
6cbe04dcb7
JS: Consistently use the shared XSS barrier guards in the XSS queries
...
Previously only reflected XSS used shared barrier guards.
2024-10-02 14:44:17 +02:00
Sid Gawri
e8c68fff7f
resolve id conflict with dom based xss test ql
2024-09-25 10:01:59 -04:00
Asger F
1cd00a118c
Merge branch 'main' into js/shared-dataflow-merge-main
2024-09-18 14:57:50 +02:00
Asger F
1df69ec1d2
JS: Actually don't propagate into array element 0
...
Preserving tainted-url-suffix into array element 0 seemed like a good idea, but didn't work out so well.
2024-09-12 13:42:36 +02:00
Asger F
0e4e0f4fdd
JS: Preverse tainted-url-suffix when stepping into prefix
...
A URL of form https://example.com?evil#bar will contain '?evil' after splitting out the '#' suffix, and vice versa.
2024-09-12 13:42:28 +02:00
Asger F
74ab346348
JS: Do not include taint steps in TaintedUrlSuffix::step
...
TaintedUrlSuffix is currently only used in TaintTracking configs meaning it is already propagated
by taint steps. The inclusion of these taint steps here however meant that implicit reads could appear prior to any of these steps.
This was is problematic for PropRead steps as an expression like x[0] could spuriously read from array element 1 via the path:
x [element 1]
x [empty access path] (after implicit read)
x[0] (taint step through PropRead)
2024-09-12 13:42:25 +02:00
Asger F
2712bf821a
JS: Fix a bug in isSafeClientSideUrlProperty
2024-09-12 13:42:23 +02:00