codeql

mirror of https://github.com/github/codeql.git synced 2026-04-19 22:14:01 +02:00

Author	SHA1	Message	Date
Asger F	58c8b5fa2b	Merge pull request #18790 from asgerf/js/no-implicit-array-taint JS: Do not taint whole array when storing into ArrayElement	2025-02-19 13:23:31 +01:00
Asger F	d79f429978	JS: Update changes to nodes/edges/subpaths No changes in actual alerts	2025-02-17 10:36:05 +01:00
Asger F	25314b61db	JS: Update nodes/edges output	2025-02-14 10:26:21 +01:00
aegilops	76da479550	Updated tests	2025-01-24 16:52:11 +00:00
aegilops	522f3d1337	Merge	2025-01-23 17:00:56 +00:00
aegilops	b07e801c10	Add new test for new XSS sink, update `expected` to match	2025-01-09 18:02:45 +00:00
Asger F	f8dc7eb25b	JS: Update output from tests that changed on main	2024-12-19 15:25:47 +01:00
Asger F	3acd4814de	Merge branch 'main' into js/shared-dataflow-merge-main	2024-12-19 10:14:38 +01:00
Michael Nebel	c3fe3e468c	Javascript: Update all test util paths to point to the new location.	2024-12-12 13:54:25 +01:00
Asger F	08d25c122d	JS: Deprecate more uses of ConsistencyConfiguration	2024-12-03 14:30:27 +01:00
Asger F	0ce1fe767d	JS: Deprecate ConsistencyChecking to avoid deprecation warnings	2024-12-03 14:30:23 +01:00
Napalys	c71778f1aa	JS: xss does not flag anymore replace with RegExp unknown flags	2024-11-28 11:26:53 +01:00
Napalys	dbae553146	JS: add xss test cases with unknownflags for replace using RegExp	2024-11-28 11:26:52 +01:00
Asger F	930a7b6e28	JS: Update output changes to nodes/edges/subpaths	2024-11-21 13:33:39 +01:00
Asger F	d3e70c1e97	JS: Add in-barrier to XSS query This is a bit of a bandaid to cover issues with the push() method on next/router being treated as an array push, which causes it to flow into other taint sources.	2024-10-29 08:32:08 +01:00
Asger F	12e316b99d	JS: Update test output after merging in 'main' - Paths are now relative to the test case, not the qlpack - Paths going through an implicit reads have changed slightly	2024-10-08 10:11:15 +02:00
Asger F	e2e91ac7d9	Merge branch 'main' into js/shared-dataflow-merge-main	2024-10-08 09:28:26 +02:00
Asger F	6cbe04dcb7	JS: Consistently use the shared XSS barrier guards in the XSS queries Previously only reflected XSS used shared barrier guards.	2024-10-02 14:44:17 +02:00
Sid Gawri	e8c68fff7f	resolve id conflict with dom based xss test ql	2024-09-25 10:01:59 -04:00
Asger F	1df69ec1d2	JS: Actually don't propagate into array element 0 Preserving tainted-url-suffix into array element 0 seemed like a good idea, but didn't work out so well.	2024-09-12 13:42:36 +02:00
Asger F	cf90c83604	JS: Accept changes to nodes/edges results	2024-09-12 13:42:19 +02:00
Asger F	7790f68fe2	JS: Make the TaintedUrlSuffix library use optional steps/barriers	2024-09-12 13:35:36 +02:00
Asger F	0ddb1c87f5	JS: Test update indicating a problem with .split()	2024-09-10 13:14:37 +02:00
Asger F	4568967a76	JS: Do not use legacy taint steps in TaintedUrlSuffix Tainted URL suffix steps are added as configuration-specific additional steps, which means implicit reads may occur before any of these steps. These steps accidentally included the legacy taint steps which include a step from 'arguments' to all positional parameters. Combined with the implicit read, arguments could escape their array index and flow to any parameter while in the tainted-url flow state.	2024-08-29 13:48:30 +02:00
Asger F	65a36b0b3b	JS: Add regression test for argument position confusion	2024-08-29 13:42:28 +02:00
Asger F	2e2181be2c	JS: Update test output that only affects nodes/edges/subpaths	2024-08-27 11:35:33 +02:00
Asger F	a2dd47aeb2	JS: Update test output These files conflicted and have been regenerated.	2024-08-22 14:27:15 +02:00
Asger F	c54f5858b1	Merge branch 'main' into js/shared-dataflow-merge-main	2024-08-22 13:22:05 +02:00
Asger F	9ee7599aeb	JS: Move AngularJSTemplateUrlSink to ClientSideUrlRedirection query This is not perfect but at least we can be consistent about keeping URLs-that-lead-to-xss in the same query	2024-08-16 14:37:13 +02:00
Asger F	c3806a2210	JS: Messy test output updates These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking changes in the data flow library. I wanted the breaking-change updates to live in their own commits, not just eaten by a merge resolution commit, so the test output became broken for a while. The '#select' result set is unchanged in all of these, so they should be safe to accept.	2024-06-27 11:59:56 +02:00
Asger F	5e7d1d5c2c	Merge branch 'main' into js/shared-dataflow-merged	2024-03-13 14:27:16 +01:00
erik-krogh	a9f2b3fad6	promote `PropsTaintStep` to a `PreCallGraphStep`	2024-01-04 10:45:22 +01:00
Asger F	e091fdefa4	JS: Port DomBasedXss	2023-10-13 13:15:03 +02:00
tyage	933b55d37d	Track interfile useRouter	2023-04-28 15:49:26 +09:00
Asger F	b0d4b31103	JS: Trim whitespace in test	2023-04-17 08:23:04 +02:00
Asger F	c7f16cd224	JS: Add test	2023-04-17 08:23:03 +02:00
erik-krogh	b1957623c1	add browser history as XSS sink	2023-04-12 13:38:18 +02:00
tyage	320cb99dbf	Add replace method test	2023-04-08 18:31:48 +09:00
tyage	668e1accaa	Remove unnecessary whiteline	2023-04-08 18:24:31 +09:00
tyage	7f9b8557ac	Add Next.js router push as XSS sink	2023-04-08 18:18:34 +09:00
Asger F	92a681213d	JS: Step through jQuery callback return values	2023-03-27 11:17:27 +02:00
Asger F	bc2a772f3b	JS: Add test case showing false negative	2023-03-27 11:08:39 +02:00
Asger F	856b50735d	JS: Expand test case	2023-03-07 13:04:26 +01:00
tyage	54050bf1b6	update test result `XssWithAdditionalSources`	2022-10-27 10:23:37 +09:00
tyage	232893aafa	make query parameters in ServerSideProps and next/router as a RemoteFlowSource	2022-10-26 14:41:07 +09:00
tyage	1f4fc7fc2d	add params, query to test	2022-10-26 10:53:11 +09:00
tyage	06925681b0	add test for context.params	2022-10-26 10:53:11 +09:00
Asger F	67cef92f94	JS: Rewrite to use DataFlow::Node API and restrict context	2022-10-10 16:08:21 +02:00
tyage	ddc8f72ef7	accept test result Xss.qlref	2022-10-06 18:23:10 +09:00
tyage	192c1f3d89	make test json.stringify	2022-10-04 17:40:52 +09:00

1 2 3

121 Commits