Asger F
66eb458134
JS: Handle match/matchAll and unknown regexps
2024-12-09 15:38:36 +01:00
Asger F
6e7c5a3707
JS: Slightly more general getRoot()
2024-12-09 15:05:45 +01:00
Asger F
be617cee4a
JS: More precise handling of .exec()
2024-12-09 15:03:51 +01:00
Asger F
703cad9e95
Expand test case
2024-12-09 15:00:56 +01:00
Asger F
8fe39bdd38
JS: Update query's own output after test changes
2024-12-09 14:59:27 +01:00
Asger F
71a6a47713
JS: Fix issue with new RegExp().exec()
2024-12-09 14:59:25 +01:00
Asger F
f6d0835c64
JS: Show problem with new RegExp().exec()
2024-12-09 14:59:24 +01:00
Asger F
ef833de60e
JS: Replace DocumentUrl with TaintedUrlSuffix
2024-12-09 14:59:23 +01:00
Asger F
712c69ebc8
JS: Fixup the test expectations
2024-12-09 14:59:19 +01:00
Asger F
f8ff504f5c
JS: Add ClientSideUrlRedirect test consistency
...
Update Consistency.ql again
2024-12-09 14:59:18 +01:00
Asger F
08d25c122d
JS: Deprecate more uses of ConsistencyConfiguration
2024-12-03 14:30:27 +01:00
Asger F
e6680dec8f
JS: Avoid use of LabeledSanitizerGuardNode in TaintedObject
...
Drive-by bugfix: Rename sanitizes -> blocksExpr.
This fixes a bug that caused the sanitizer guard not to work in df2.
The test output reflects the fact that the barrier guard works now.
2024-12-03 14:30:24 +01:00
Asger F
0ce1fe767d
JS: Deprecate ConsistencyChecking to avoid deprecation warnings
2024-12-03 14:30:23 +01:00
Asger F
834d35bc42
JS: Port experimental DecompressionBombs to ConfigSig
2024-12-03 14:30:21 +01:00
Asger F
8818fcc207
JS: Benign test output changes
2024-11-26 15:47:13 +01:00
Asger F
82d61e4194
Merge branch 'js/shared-dataflow-branch' into js/shared-dataflow-merge-main
2024-11-26 15:36:16 +01:00
Asger F
f073f3b791
JS: Rename file to foo.test.js
2024-11-26 13:44:00 +01:00
Asger F
65da9b41b5
JS: Add cross-file test in InsecureRandom
2024-11-26 13:43:24 +01:00
Asger F
b4bd8e701c
JS: Add test for file classification change
2024-11-26 12:33:39 +01:00
Asger F
930a7b6e28
JS: Update output changes to nodes/edges/subpaths
2024-11-21 13:33:39 +01:00
Asger F
7a77432024
JS: Update lost result in insecure-download
...
The VariableCapture library consumes one component of the access path limit, which means we lose this result
2024-11-21 13:33:10 +01:00
Asger F
d52bc971b8
Merge branch 'main' into js/shared-dataflow-merge-main
2024-11-20 14:05:03 +01:00
Napalys
70cf1a57bc
Now catches usage of RegExp. after matchAll usage.
2024-11-08 08:59:31 +01:00
Napalys
c2baf0bd6d
Added test where RegExp. is used after matchAll but it not flagged as potential issue
2024-11-08 08:56:12 +01:00
Napalys
dbd57e3870
Fixed issue where TaintTracking was not catching matchAll vulnerability
2024-11-07 13:40:10 +01:00
Napalys
a4fe728af2
Added matchAll test which is not marked as vulnurability by CodeQL
2024-11-07 13:35:09 +01:00
Napalys Klicius
7825a46085
Merge branch 'github:main' into napalys/matchAll-support
2024-11-05 09:31:30 +01:00
Napalys
b239bfabf1
Added tests forIncompleteHostnameRegExp and normalizedPaths using matchAll
2024-11-05 09:22:26 +01:00
Napalys
ccee34d6d3
Added support for matchAll in CWE-020 including new test cases
2024-11-05 08:51:24 +01:00
Rasmus Wriedt Larsen
c0ad9ba529
Merge branch 'main' into js-threat-models
2024-11-01 10:48:32 +01:00
Tom Hvitved
1259b7e8e7
JS: Post-processing query for inline test expectations
2024-10-29 13:35:38 +01:00
Asger F
52ba91a7f8
JS: Updates to nodes/edges in tests
...
Only changes to nodes/edges for various reasons, no actual result changes
2024-10-29 08:32:13 +01:00
Asger F
1243188825
JS: Update CleartextLogging with fixed FP
2024-10-29 08:32:11 +01:00
Asger F
18b39460f5
JS: Add regained results in UnsafeJQueryPlugin
...
These were marked as 'NOT OK' in the test file, but weren't previously flagged for some reason
2024-10-29 08:32:10 +01:00
Asger F
d3e70c1e97
JS: Add in-barrier to XSS query
...
This is a bit of a bandaid to cover issues with the push() method on next/router being
treated as an array push, which causes it to flow into other taint sources.
2024-10-29 08:32:08 +01:00
Rasmus Wriedt Larsen
1726287bf4
JS: Add e2e threat-model test
2024-10-25 15:03:44 +02:00
Asger F
12e316b99d
JS: Update test output after merging in 'main'
...
- Paths are now relative to the test case, not the qlpack
- Paths going through an implicit reads have changed slightly
2024-10-08 10:11:15 +02:00
Asger F
e2e91ac7d9
Merge branch 'main' into js/shared-dataflow-merge-main
2024-10-08 09:28:26 +02:00
Tom Hvitved
d0ca39fb03
JS: Update expected test output
2024-10-04 08:35:33 +02:00
Asger F
6cbe04dcb7
JS: Consistently use the shared XSS barrier guards in the XSS queries
...
Previously only reflected XSS used shared barrier guards.
2024-10-02 14:44:17 +02:00
Sid Gawri
e8c68fff7f
resolve id conflict with dom based xss test ql
2024-09-25 10:01:59 -04:00
Asger F
1cd00a118c
Merge branch 'main' into js/shared-dataflow-merge-main
2024-09-18 14:57:50 +02:00
Asger F
1df69ec1d2
JS: Actually don't propagate into array element 0
...
Preserving tainted-url-suffix into array element 0 seemed like a good idea, but didn't work out so well.
2024-09-12 13:42:36 +02:00
Asger F
cf90c83604
JS: Accept changes to nodes/edges results
2024-09-12 13:42:19 +02:00
Asger F
7790f68fe2
JS: Make the TaintedUrlSuffix library use optional steps/barriers
2024-09-12 13:35:36 +02:00
Asger F
0ddb1c87f5
JS: Test update indicating a problem with .split()
2024-09-10 13:14:37 +02:00
Alvaro Muñoz
5d1da861a2
fix: Use YamlScalar for booleans
2024-09-06 23:21:41 +02:00
Alvaro Muñoz
d9e8792d33
[javascript] Query to detect GITHUB_TOKEN leaked in artifacts
2024-09-06 22:55:58 +02:00
Asger F
4568967a76
JS: Do not use legacy taint steps in TaintedUrlSuffix
...
Tainted URL suffix steps are added as configuration-specific additional
steps, which means implicit reads may occur before any of these steps.
These steps accidentally included the legacy taint steps which include
a step from 'arguments' to all positional parameters. Combined with the
implicit read, arguments could escape their array index and flow to
any parameter while in the tainted-url flow state.
2024-08-29 13:48:30 +02:00
Asger F
65a36b0b3b
JS: Add regression test for argument position confusion
2024-08-29 13:42:28 +02:00