hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,153 Commits 1,741 Branches 165 Tags
ca08097b56e1874e39cc1f012c8ab9c41bcdc2e9
Commit Graph

81 Commits

Author SHA1 Message Date
Asger F
2acd616e6f JS: Review comments 2019-12-06 11:53:06 +00:00
Asger F
a6e75259d6 JS: More fine-grained regexp-based sanitizer guards 2019-12-06 11:49:59 +00:00
Erik Krogh Kristensen
ea9d6189de update expected test outpu 2019-12-02 12:52:39 +01:00
Erik Krogh Kristensen
c6c1ebe81a Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-12-02 08:41:49 +01:00
Erik Krogh Kristensen
d212394058 update expected output 2019-11-27 15:21:47 +01:00
Erik Krogh Kristensen
34e44e89fd Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-27 15:19:06 +01:00
Erik Krogh Kristensen
9351cd44e4 Merge remote-tracking branch 'githubsemmle/master' into HEAD 2019-11-27 13:45:59 +01:00
Erik Krogh Kristensen
42fbcbf007 update expected test output 2019-11-27 11:14:04 +01:00
Asger F
605c8834c6 JS: Avoid redundant window.name sources 2019-11-27 06:15:12 +00:00
Erik Krogh Kristensen
7b262fa9cf update expected output 2019-11-26 14:39:09 +01:00
Erik Krogh Kristensen
5a0cabb039 Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-26 14:37:40 +01:00
Erik Krogh Kristensen
4a94c49d37 changes based on review feedback 2019-11-26 13:40:48 +01:00
Erik Krogh Kristensen
f284b3a2bb Merge remote-tracking branch 'upstream/master' into exceptionXss 2019-11-26 10:54:04 +01:00
Erik Krogh Kristensen
c7235bb372 add sources and sinks for typeahead.js 2019-11-25 10:46:54 +01:00
Erik Krogh Kristensen
7d825af9a3 Added an XSS sink for Handlebars.SafeString 2019-11-22 15:56:21 +01:00
Erik Krogh Kristensen
f40d79271d cleanup module imports and update expected outputs 2019-11-22 13:55:47 +01:00
Erik Krogh Kristensen
94e9c0203d add test for exceptional taint-flow 2019-11-21 17:16:13 +01:00
Erik Krogh Kristensen
1ba777a45d remove deep taint of objects 2019-11-19 15:50:50 +01:00
Erik Krogh Kristensen
9fa7393d56 add support for try-statements with no catch block 2019-11-19 13:37:35 +01:00
Erik Krogh Kristensen
91674f681b refactoring to remove duplicated code and simplify the ExceptionXss query 2019-11-19 08:54:51 +01:00
Erik Krogh Kristensen
1b81526691 Merge remote-tracking branch 'upstream/master' into exceptionXss 2019-11-17 09:29:54 +01:00
Erik Krogh Kristensen
4073dfaf24 remove redundant code 2019-11-15 16:17:18 +01:00
Erik Krogh Kristensen
d36312cf9f update expected output 2019-11-15 16:08:13 +01:00
Erik Krogh Kristensen
3edd65f9ab changed the exceptional taint-steps to step through each call-site 2019-11-15 16:05:15 +01:00
Erik Krogh Kristensen
e95cceef1d import all the shared XSS sources and sinks 2019-11-15 15:41:53 +01:00
Erik Krogh Kristensen
65a018ceed use flow labels to avoid dual configurations 2019-11-15 14:37:46 +01:00
Erik Krogh Kristensen
8d2ae136b0 move String.prototype.match taint step to a general AdditionalTaintStep 2019-11-15 12:52:54 +01:00
Erik Krogh Kristensen
7137a64b7d Added query for detecting XSS that happens through an exception 2019-11-14 17:04:00 +01:00
Esben Sparre Andreasen
cc768345d0 JS: add security tests for malicious torrents 2019-11-14 13:54:19 +01:00
semmle-qlci
2a3980222b Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes 
Approved by asger-semmle
 2019-10-31 10:47:30 +00:00
semmle-qlci
a778efe71e Merge pull request #2216 from asger-semmle/xss-encodeURIComponent 
Approved by max-schaefer
 2019-10-30 11:49:31 +00:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Asger F
94dd9a1c04 JS: Block XSS flow through encodeURIComponent 2019-10-28 17:12:40 +00:00
Asger F
8aa34e6a54 JS: Add XSS test case for new PostMessageEventHandler cases 2019-10-21 11:32:22 +01:00
Max Schaefer
d4fca84898 JavaScript: Improve XSS sanitizer detection. 
We now use local data flow to detect more regexp-based sanitizers.
 2019-09-23 17:07:06 +01:00
Erik Krogh Kristensen
2729566bbf add setAttributeNS('xlink', 'href',..) example in XSS test 2019-09-09 09:41:08 +01:00
Erik Krogh Kristensen
c780956f0d add setAttributeNS method in the XSS test 2019-09-06 21:56:29 +01:00
Erik Krogh Kristensen
ccdc821c5d add xlink:href as xss target when using setAttribute 2019-09-06 14:43:47 +01:00
Max Schaefer
b6220998d1 JavaScript: Restrict setAttribute sink to potentially dangerous attribute names. 2019-08-30 11:57:29 +01:00
Max Schaefer
78ce290de3 JavaScript: Fix DomMethodCallExpr.interpretsArgumentsAsHTML. 2019-08-28 11:22:03 +01:00
Max Schaefer
8b3e647ae9 JavaScript: Do not taint for-in loop variable. 2019-07-23 10:52:55 +01:00
Asger F
57dac1d0d5 JS: Update test output to reflect new edge relation 2019-06-25 16:41:29 +01:00
Esben Sparre Andreasen
59b7b0757a JS: make Express' res/req extend Node's res/req 2019-06-12 12:45:01 +02:00
Asger F
9046fd15f7 JS: Update expected output of XSS query (benign) 2019-05-23 08:56:01 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Esben Sparre Andreasen
4ce7ec1661 JS: add XSS vector for Vue's v-html 2019-02-25 12:17:56 +01:00
Max Schaefer
2fce626c3a JavaScript: Add Range.prototype.createContextualFragment as an XSS sink. 2019-02-12 16:32:30 +00:00