hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,673 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

78 Commits

Author SHA1 Message Date
tyage
54050bf1b6 update test result XssWithAdditionalSources 2022-10-27 10:23:37 +09:00
tyage
232893aafa make query parameters in ServerSideProps and next/router 
as a RemoteFlowSource
 2022-10-26 14:41:07 +09:00
tyage
1f4fc7fc2d add params, query to test 2022-10-26 10:53:11 +09:00
tyage
06925681b0 add test for context.params 2022-10-26 10:53:11 +09:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
tyage
ddc8f72ef7 accept test result Xss.qlref 2022-10-06 18:23:10 +09:00
tyage
192c1f3d89 make test json.stringify 2022-10-04 17:40:52 +09:00
tyage
726cd2ca8a refactor test 2022-10-04 17:11:37 +09:00
tyage
2006ae8332 rename file 2022-10-04 17:05:15 +09:00
tyage
33d204913c add test for json stringify xss 2022-10-04 14:45:09 +09:00
Erik Krogh Kristensen
e387ebaedd add domNode.innerHTML += sink as a DOM sink 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
0e4954a68c add navigation.navigate as an XSS / URL sink 2022-06-29 14:56:20 +02:00
Erik Krogh Kristensen
53b26eba17 Merge pull request #8724 from erik-krogh/postMessage 
JS: promote the `js/missing-origin-verification` query
 2022-05-09 12:28:58 +02:00
Erik Krogh Kristensen
7f592a6c64 merge Clipboard.qll and DragAndDrop.qll, and support InputEvent 2022-04-18 22:17:31 +02:00
Erik Krogh Kristensen
2d6d304d7c add InclusionTest to PostMessageEventSanitizer 2022-04-12 14:12:36 +02:00
Erik Krogh Kristensen
34abef8a6c Merge branch 'main' into dragAndDrop 2022-04-11 23:59:46 +02:00
bananabr
57fac949fd included ClipboardEvent and DragEvent as XSS sources 2022-04-11 16:37:00 -05:00
Erik Krogh Kristensen
aafa8ddc9f add support for domNode.onpaste for copy-paste events 2022-04-11 20:10:56 +02:00
Erik Krogh Kristensen
6713b2c671 add support for domNode.ondrop for drag-and-drop events 2022-04-11 20:06:12 +02:00
bananabr
0f1582f3f6 included JavaScript drag and drop API Xss sources 2022-04-09 22:33:30 -05:00
Asger Feldthaus
b85739cb7e JS: Update test output 2022-04-07 13:23:26 +02:00
Asger Feldthaus
4eda6f643f JS: Recognize subclasses of HTMLElement in domValueRef 2022-04-07 09:57:31 +02:00
Erik Krogh Kristensen
6cdc38748c update expected output 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
d8a5947a08 simplify TaintedUrlSuffix::source() to only consider window.location based sources 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
f083e87fa1 refactor the js/xss query to use three flowlabels and one configuration 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
87842bb8b7 add client-side-url sinks that may execute JavaScript as XSS sinks 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
b471fec149 split interpretsArgumentsAsURL out of interpretsArgumentsAsHTML, and use it to generalize AttributeUrlSink 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
fc79242674 add tests 2022-03-16 22:32:08 +01:00
Asger Feldthaus
7e947b2a65 JS: Use return value of trusted type policy callback as a sink 2021-12-14 13:28:46 +01:00
Erik Krogh Kristensen
12c24c07df improve the got model 2021-11-15 21:52:12 +01:00
Erik Krogh Kristensen
8569d261f7 add test 2021-09-13 20:43:31 +02:00
Asger Feldthaus
cb0075f15a JS: Remove use of deprecated API 2021-08-12 09:30:43 +02:00
Asger Feldthaus
f1bcfa287b JS: Add more tests 2021-08-10 08:55:03 +02:00
Asger Feldthaus
00f4694616 JS: Recognize methods returning DOM objects 2021-08-04 16:25:56 +02:00
CodeQL CI
6c2c51a767 Merge pull request #6287 from erik-krogh/react-tooltip 
Approved by asgerf
 2021-07-16 02:10:36 -07:00
Erik Krogh Kristensen
ae2fc7171b add a taint step through the ansi-to-html library 2021-07-15 14:04:16 +02:00
Erik Krogh Kristensen
22dfe84ee8 add xss sink for react-tooltip 2021-07-14 20:03:50 +02:00
Esben Sparre Andreasen
85b9003af4 JS: add Mootools XSS sinks 2021-07-01 09:17:27 +02:00
Erik Krogh Kristensen
c736606695 add support for moment/dayjs/luxon instances returned by @date-io adapters 2021-06-22 10:42:24 +02:00
Erik Krogh Kristensen
227f61b954 add model for the luxon library 2021-06-21 23:29:12 +02:00
Erik Krogh Kristensen
cdf3cdcf71 add model for the formatByString and formatByNumber functions in @date-io 2021-06-21 23:29:01 +02:00
Erik Krogh Kristensen
2a4570eaaa add model for the dayjs library 2021-06-21 23:28:45 +02:00
Asger Feldthaus
e30fa89405 JS: Update more test expectations 2021-03-18 10:04:39 +00:00
Asger Feldthaus
9cfbb90591 JS: Add test case for insufficient replace-sanitizer 2021-03-17 15:20:40 +00:00
Asger Feldthaus
97b8e35426 JS: Update test expectations 2021-03-16 15:09:01 +00:00
Asger Feldthaus
710cca5395 JS: Update expectations with new sources 2021-03-16 13:28:12 +00:00
Asger Feldthaus
2e57a7d3e9 JS: Add ClientSideRemoteFlowSource 2021-03-16 13:28:09 +00:00
CodeQL CI
40acb95105 Merge pull request #5397 from erik-krogh/globalSanitizer 
Approved by asgerf
 2021-03-16 05:37:32 -07:00
CodeQL CI
a9c292e265 Merge pull request #5391 from erik-krogh/additionalXss 
Approved by asgerf
 2021-03-15 04:50:54 -07:00
Erik Krogh Kristensen
1dcfc3840d add test 2021-03-12 16:25:33 +01:00