Napalys
fe28657c7d
JS: add test cases with unknown flags for double escaping, works as expected.
2024-11-28 11:26:51 +01:00
Napalys
98fd97799c
JS: imcomplete sanization now handles properly maybe global
2024-11-28 11:26:50 +01:00
Napalys
1ae174849f
JS: incomplete sanitization now also works with RegExp objects
2024-11-28 11:26:48 +01:00
Napalys
76318035ff
JS: Add test cases for RegExp object usage in replace within incomplete sanitization
2024-11-28 11:26:47 +01:00
Napalys
9c2366a660
JS: Added tests for ReDos with unknownFlags, everything seems to be good
2024-11-28 11:26:46 +01:00
Napalys
875478c1c6
JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall
2024-11-28 11:26:45 +01:00
Napalys
aa557cf950
JS: Added tests for DotRemovingReplaceCall with RegExp Object.
2024-11-28 11:26:44 +01:00
Napalys
a0df33c3ac
JS: UnsafeShellCommand Using unknown flags in the RegExp object is no longer flagged as bad sanitization to reduce false positives.
2024-11-28 11:26:43 +01:00
Napalys
155f1fca85
JS: Added test cases for unsafe shell command sanitization with RegExpr Object, instead of literal
2024-11-28 11:26:42 +01:00
Napalys
23b18aeca9
JS: Now unknown flags are not flagged in taint paths
2024-11-28 11:26:41 +01:00
Napalys
7db6f7c721
JS: Added test cases with new RegExp for Tainted paths, currently works only with literals
2024-11-28 11:26:39 +01:00
Napalys
faef9dd877
JS: protyte poluting now treats unknownFlags as potentially good sanitization.
2024-11-28 11:26:38 +01:00
Napalys
41fef0f2b3
JS: Added test cases which cover new RegExp creation with replace on protytpe pulluting
2024-11-28 11:26:37 +01:00
Napalys
18c7b18f82
JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged.
2024-11-28 11:26:36 +01:00
Napalys
89f3b6f8d3
JS: Added test case for bad sanitizer with unknown flags, currently not flagged.
2024-11-28 11:26:35 +01:00
Napalys
38be0e4c0a
JS: Now BadHtmlSanitizers also flags new RegExp as potential issue
2024-11-28 11:26:34 +01:00
Napalys
41f21d429b
JS: Added test case which is not flagged but should be abusing new RegExp with global flag
2024-11-28 11:26:33 +01:00
Napalys Klicius
d6372aebc7
Update javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
...
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com >
2024-11-25 12:12:12 +01:00
Napalys
e38b63ebcd
JS: previously js/case-sensitive-middleware-path was not taking into consideration unknown flags
2024-11-25 11:56:06 +01:00
Napalys
178da21fb8
JS: Added test case for CWE-178 RegExp with unknown flags
2024-11-25 11:53:00 +01:00
Napalys
a28fc8e772
JS: Add: Use of returnless function support for findLast and findLastIndex
2024-11-15 14:44:25 +01:00
Napalys
7250099f6c
JS: Add: Test cases use of returnless function in findLast and findLastIndex
2024-11-15 14:42:11 +01:00
Napalys
70cf1a57bc
Now catches usage of RegExp. after matchAll usage.
2024-11-08 08:59:31 +01:00
Napalys
c2baf0bd6d
Added test where RegExp. is used after matchAll but it not flagged as potential issue
2024-11-08 08:56:12 +01:00
Napalys
dbd57e3870
Fixed issue where TaintTracking was not catching matchAll vulnerability
2024-11-07 13:40:10 +01:00
Napalys
a4fe728af2
Added matchAll test which is not marked as vulnurability by CodeQL
2024-11-07 13:35:09 +01:00
Napalys Klicius
7825a46085
Merge branch 'github:main' into napalys/matchAll-support
2024-11-05 09:31:30 +01:00
Napalys
b239bfabf1
Added tests forIncompleteHostnameRegExp and normalizedPaths using matchAll
2024-11-05 09:22:26 +01:00
Napalys
ccee34d6d3
Added support for matchAll in CWE-020 including new test cases
2024-11-05 08:51:24 +01:00
Rasmus Wriedt Larsen
c0ad9ba529
Merge branch 'main' into js-threat-models
2024-11-01 10:48:32 +01:00
Tom Hvitved
1259b7e8e7
JS: Post-processing query for inline test expectations
2024-10-29 13:35:38 +01:00
Rasmus Wriedt Larsen
1726287bf4
JS: Add e2e threat-model test
2024-10-25 15:03:44 +02:00
Tom Hvitved
d0ca39fb03
JS: Update expected test output
2024-10-04 08:35:33 +02:00
Sid Gawri
e8c68fff7f
resolve id conflict with dom based xss test ql
2024-09-25 10:01:59 -04:00
Alvaro Muñoz
5d1da861a2
fix: Use YamlScalar for booleans
2024-09-06 23:21:41 +02:00
Alvaro Muñoz
d9e8792d33
[javascript] Query to detect GITHUB_TOKEN leaked in artifacts
2024-09-06 22:55:58 +02:00
Asger F
09aca6b47e
Merge pull request #17212 from mbaluda/main
...
Add support for importing NPM modules in XSJS sources
2024-08-22 10:54:33 +02:00
Asger F
7a7ab457a9
JS: Delete unneeded test code (and shift line numbers)
2024-08-16 14:38:54 +02:00
Asger F
9ee7599aeb
JS: Move AngularJSTemplateUrlSink to ClientSideUrlRedirection query
...
This is not perfect but at least we can be consistent about keeping URLs-that-lead-to-xss in the same query
2024-08-16 14:37:13 +02:00
Asger F
699d3a0a0a
JS: Update a RegExp injection test
...
RegExpInjection does not use client-side sources, but one of its tests was using postMessage events
as the taint source. Updating the test to use a different taint source.
2024-08-16 14:20:34 +02:00
Mauro Baluda
be0a60a7f6
Add support for importing NPM modules in XSJS sources
2024-08-13 14:45:03 +02:00
Erik Krogh Kristensen
41506fbfef
Merge pull request #14666 from am0o0/amammad-js-hardcodedJWTKey
...
JS: Extends CredentialsNode class mostly related to JWT authentication packages
2024-08-08 10:20:45 +02:00
am0o0
354fcbe7fe
apply changes from @erik-krogh
2024-08-01 20:14:36 +02:00
Paul Hodgkinson
c9af53f050
Merge branch 'main' into aegilops/polyfill-io-compromised-script
2024-07-12 12:53:44 +01:00
aegilops
d71be8aeaf
Moved from experimental into default queries
2024-07-11 11:44:01 +01:00
aegilops
86afd54a9b
Moved new query to 'experimental'
...
Moved lists of domains to data extensions, including adding those to the overall qlpack.yml
Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io
2024-07-09 16:38:01 +01:00
aegilops
e2b37f97b0
Added dot to end of test message
2024-07-01 17:41:26 +01:00
aegilops
a1b0703690
Added detection for specific Polyfill.io CDN compromise - edited existing library and added new query and tests
2024-07-01 16:21:34 +01:00
am0o0
b360c8adb8
Update hardcodedCredentials query file to only exclude 'jwt key' kind from with the isTestFile predicate.
...
According to expected test results, with a new query, the jwt sinks of __test__/ dir have been exluded from query results.
2024-07-01 15:00:08 +02:00
am0o0
5a1877547f
update test cases of __tests__/ dir
...
since we want to check if a jwt related sink is in this dir or not
2024-07-01 14:50:07 +02:00