hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-14 11:34:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,740 Commits 1,738 Branches 164 Tags
dc8dc611967bcad660f5191f7b6bcbcbf26cebbf
Commit Graph

66 Commits

Author SHA1 Message Date
Asger F
821cc0e875 JS: Address PR review comments 
- Fix misplaced semicolons in test files (was inside comment, moved before it)
- Update QLdoc comments to reference new browser source kind names
- Update docs to list browser source kinds and fix outdated 'only remote' note

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-13 14:58:04 +01:00
Asger F
4a001f960f JS: Add tests in request forgery queries 2026-03-11 13:53:25 +01:00
Owen Mansel-Chan
99a4fe4828 Update expected test output column numbers 2026-03-04 15:02:53 +00:00
Owen Mansel-Chan
0eccd902c2 js: Inline expectation should have space after $ 
This was a regex-find-replace from `// \$(?! )` (using a negative lookahead) to `// $ `.
 2026-03-04 12:45:03 +00:00
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Napalys Klicius
3fbe348f99 Merge pull request #19784 from Napalys/js/express_middleware 
JS: Improve Express middleware taint tracking
 2025-06-20 15:36:26 +02:00
Napalys Klicius
060b98d36c JS: enchance middleware taint tracking via local source 2025-06-17 08:30:19 +02:00
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
67aac7abfa JS: add test cases for middleware property assignment tracking 2025-06-16 16:26:08 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
deb715a517 JS: Add test case with encodeURI for request forgery 2025-06-16 10:49:29 +02:00
Napalys Klicius
b9b62fa1c1 JS: Add URL from url package constructor taint step for request forgery detection 2025-05-30 18:32:02 +02:00
Napalys Klicius
19cc3e335f JS: Add test case for RequestForgery with url wrapped via package URL 2025-05-30 18:26:47 +02:00
Michael Nebel
2e0ce44fde Javascript: Update test files. 2025-04-23 15:41:41 +02:00
Napalys
678eccb417 Added searchParams.get as potential source for SSRF 2025-04-11 09:42:07 +02:00
Napalys
8674b61e5a Added SSRF test case with searchParams for NextRequest 2025-04-11 09:26:16 +02:00
Napalys
6e09a65da0 Added support for NextRequest middleware SSRF. 2025-04-11 08:43:36 +02:00
Napalys
734ad2d767 Removed legacy Consistency check as it is redundant now with inline test expectations. 2025-04-11 08:43:08 +02:00
Napalys
208487f236 Added middleware test 2025-04-11 08:39:47 +02:00
Napalys
63a3953b0c Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures. 2025-04-10 14:48:17 +02:00
Napalys
81cba7fa2f Added test cases with missing alerts for Request and NextRequest. 2025-04-10 14:43:48 +02:00
Asger F
1ad471cb32 JS: Track through spread/rest params in API graphs 2025-03-28 09:14:36 +01:00
Napalys
10498bbaa4 Added support for axios.interceptors.request. 2025-03-25 10:54:56 +01:00
Napalys
ea181e4173 Added test case for axios.interceptors.request 2025-03-25 10:54:17 +01:00
Napalys
056bf4fde7 Added test case with inheretence. 2025-03-20 13:08:56 +01:00
Napalys
cb18408502 Added data as model for ApolloServer. 2025-03-19 13:36:06 +01:00
Napalys
23fdc3534f Added test case @apollo/server with SSRF. 2025-03-19 13:34:27 +01:00
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
64d39da5f8 JS: Accept Sources/Sink tags 2025-02-28 13:29:30 +01:00
Asger F
4d7cbe6f60 JS: Accept to web socket-based SSRF alerts 2025-02-28 13:29:07 +01:00
Asger F
764eb98809 JS: Move two alerts and add query ID 2025-02-28 13:29:06 +01:00
Asger F
976096540f JS: Accept an alert 2025-02-28 13:29:05 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Michael Nebel
c3fe3e468c Javascript: Update all test util paths to point to the new location. 2024-12-12 13:54:25 +01:00
Asger F
08d25c122d JS: Deprecate more uses of ConsistencyConfiguration 2024-12-03 14:30:27 +01:00
Asger F
0ce1fe767d JS: Deprecate ConsistencyChecking to avoid deprecation warnings 2024-12-03 14:30:23 +01:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
92816b1c9a JS: Port ClientSideRequestForgery 2023-10-13 13:15:03 +02:00
Asger F
b2216627be JS: Port RequestForgery 2023-10-13 13:15:03 +02:00
erik-krogh
3cece50f78 add encodeURIComponent as a sanitizer for request-forgery 2023-01-23 13:53:53 +01:00
erik-krogh
be8ef1b324 add failing test 2023-01-23 13:52:36 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Asger Feldthaus
cf66d01e80 JS: Add consistency test 2022-02-16 13:35:01 +01:00
Asger Feldthaus
3103cfd925 JS: Rename to tests to clientSide.js and serverSide.js 2022-02-16 13:35:01 +01:00
Asger Feldthaus
3fbc3a4d70 JS: Add ClientSideRequestForgery to RequestForgery test 2022-02-16 13:35:01 +01:00
Erik Krogh Kristensen
99dd5330c2 add taint-step for URL construction in js/request-forgery 2021-04-08 11:10:33 +02:00
Erik Krogh Kristensen
c194598d37 recognize headers/url from the HTTP request to a server WebSocket. 2021-04-06 10:11:27 +02:00