Commit Graph

1982 Commits

Author SHA1 Message Date
Paul Hodgkinson
eacc322d4f Update Angular Renderer2 XSS sink details in change note 2025-01-23 16:39:18 +00:00
Paul Hodgkinson
1ada51130f Merge branch 'main' into angular-sources-sinks 2025-01-09 18:03:04 +00:00
aegilops
e7881a8c7f Fix typo 2025-01-09 17:11:06 +00:00
aegilops
62599b2a12 Formatted 2025-01-09 17:02:37 +00:00
aegilops
98b4c35844 Set doc string on getElementNode predicate 2025-01-09 17:00:01 +00:00
aegilops
4b57d5feb2 Added XSS sink for innerHTML/outerHTML using new Angular attribute def 2025-01-08 16:36:46 +00:00
aegilops
2dc9e7bab7 Moved def from AngularJSCore to Angular2 2025-01-08 16:36:10 +00:00
github-actions[bot]
fb20f6ca63 Post-release preparation for codeql-cli-2.20.1 2025-01-07 22:07:40 +00:00
github-actions[bot]
88b6f1e79a Release preparation for version 2.20.1 2025-01-07 20:50:36 +00:00
Dave Bartolomeo
72a53c4b23 Revert "Release preparation for version 2.20.1" 2025-01-07 13:32:23 -05:00
github-actions[bot]
fbf9f2fff8 Release preparation for version 2.20.1 2025-01-07 17:20:13 +00:00
Dave Bartolomeo
22e030584c Revert "Release preparation for version 2.20.1" 2025-01-07 12:14:27 -05:00
github-actions[bot]
a121c5a5d0 Release preparation for version 2.20.1 2025-01-06 18:20:22 +00:00
aegilops
4530118681 Comment out hardcoded definition of sink 2025-01-06 17:33:31 +00:00
aegilops
820fe6cd04 Formatting 2025-01-06 16:59:04 +00:00
aegilops
322c731ac3 Attempt at AttributeDefinition to generalise Angular Renderer2 support 2025-01-06 16:52:38 +00:00
aegilops
6fb201372b Update changelog note to remove new source 2025-01-06 16:51:59 +00:00
aegilops
e414b8c5be Remove @Input() decorated members as remote sources, in favour of a later Threat Model 2025-01-06 16:51:35 +00:00
aegilops
8dac00aa83 Change from getParameter() to getArgument() 2025-01-06 15:43:47 +00:00
aegilops
aba8be2902 Changelog for Angular source/sink update 2025-01-03 17:07:35 +00:00
aegilops
7128700003 Simplified AngularInputUse class 2025-01-03 17:02:55 +00:00
aegilops
4891c1e5fe Added QLdoc and simplified QL in source class 2025-01-03 16:50:47 +00:00
aegilops
4773917876 Formatting 2025-01-03 16:43:00 +00:00
Paul Hodgkinson
a23f4ee007 Merge branch 'main' into angular-sources-sinks 2025-01-03 16:38:48 +00:00
aegilops
0f64822356 New remote source - reading from an @Input() decorated class member 2025-01-03 16:34:15 +00:00
aegilops
09e4c78b0f New XSS sink - writing to innerHTML using the Angular Renderer2 API 2025-01-03 16:33:42 +00:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils
Move test utilities to the query pack.
2024-12-16 13:41:30 +01:00
Michael Nebel
0bfc1b6ea8 Also move the postprocessing queries to the library pack. 2024-12-12 15:03:03 +01:00
Michael Nebel
941b0abbf6 Move modules to the library packs. 2024-12-12 15:03:01 +01:00
Geoffrey White
44a0ad2942 Update data-flow -> data flow in all versions of ConceptsShared.qll. 2024-12-12 13:36:26 +00:00
Henry Mercer
92d614dbcd Add periods for consistency 2024-12-06 19:13:05 +00:00
github-actions[bot]
8c64648520 Release preparation for version 2.20.0 2024-12-06 19:10:28 +00:00
Henry Mercer
a6a4ad6400 Revert "Release preparation for version 2.20.0" 2024-12-06 19:00:27 +00:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
Henry Mercer
e0e82ad7ad Add periods for consistency 2024-12-04 16:05:15 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Napalys Klicius
08ef0dc1f2 Update javascript/ql/lib/change-notes/2024-11-28-regexp-unknown-flags.md
Co-authored-by: Asger F <asgerf@github.com>
2024-12-02 13:35:52 +01:00
Napalys Klicius
13afd6310b Update javascript/ql/lib/change-notes/2024-11-28-regexp-unknown-flags.md
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2024-11-29 08:26:04 +01:00
Napalys
d2de9a2238 Fixed change notes 2024-11-28 14:24:27 +01:00
Napalys Klicius
9ca0fe4cbf Update RegExp handling and add test case
Co-authored-by: erik-krogh <erik-krogh@github.com>
2024-11-28 14:13:40 +01:00
Napalys
fd773603e6 Added change notes 2024-11-28 12:04:09 +01:00
Napalys
9a1c1f4be3 JS: Added in RegExpCreationNode maybeGlobal predicate for more convenience. 2024-11-28 12:03:51 +01:00
Napalys
1d2e08a3b6 JS: now Reg Exp injection treats unknownFlags as sanitization, MetacharEscapeSanitizer 2024-11-28 11:26:58 +01:00
Napalys
e673348ed3 JS: now RegExp with unknown flags is not flagged as an issue within password Clear text storage of sensitive information 2024-11-28 11:26:56 +01:00
Napalys
a2c46749c6 JS: fixed issue where MaskingReplacer would work only with regexp literals but not objects 2024-11-28 11:26:55 +01:00
Napalys
c71778f1aa JS: xss does not flag anymore replace with RegExp unknown flags 2024-11-28 11:26:53 +01:00
Napalys
875478c1c6 JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall 2024-11-28 11:26:45 +01:00
Napalys
a0df33c3ac JS: UnsafeShellCommand Using unknown flags in the RegExp object is no longer flagged as bad sanitization to reduce false positives. 2024-11-28 11:26:43 +01:00
Napalys
23b18aeca9 JS: Now unknown flags are not flagged in taint paths 2024-11-28 11:26:41 +01:00