Commit Graph

40697 Commits

Author SHA1 Message Date
Tony Torralba
e14294a2f7 Remove XSS sink since it's better handled in this query 2021-05-06 11:20:37 +02:00
Erik Krogh Kristensen
3815797dda add sanitizers from DOM and jQuery queries 2021-05-06 11:05:03 +02:00
Erik Krogh Kristensen
8ba5bddae8 add jQuery options objects as sources 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
5c37e6a435 add change note 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
7ef641e7b2 add qhelp 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
ee0140e704 share code between unsafe-shell and unsafe-html queries 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
23908f9ec2 remove flowpaths that has a returns without a matching call 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
6e754c70aa add test for js/html-constructed-from-input 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
e86a3b5e57 add js/html-constructed-from-input query 2021-05-06 11:04:49 +02:00
Arthur Baars
07c059cb2e Merge pull request #166 from github/type_tracking
Minimal implementation of shared type-tracking library
2021-05-06 10:59:45 +02:00
Tony Torralba
84504a88e4 Fix tests by adding AndroidManifest.xml 2021-05-06 10:55:56 +02:00
Erik Krogh Kristensen
a400a1e9d4 split the markdown steps into a separate class 2021-05-06 10:44:39 +02:00
Tony Torralba
76468559ba Add safe example for dom4j 2021-05-06 10:17:25 +02:00
Tony Torralba
926fedb7fb Update java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2021-05-06 09:18:50 +02:00
Tony Torralba
00a7576679 Rename XPath Injection test file 2021-05-06 09:18:50 +02:00
Tony Torralba
8af7f4a484 New sinks and test cases 2021-05-06 09:18:49 +02:00
Tony Torralba
ccb3ea4453 Fix XPath Injection tests classpath 2021-05-06 09:18:49 +02:00
Tony Torralba
509fc8a640 Add missing docs to stubs 2021-05-06 09:18:49 +02:00
Tony Torralba
26c3ff2cee Move from experimental to standard 2021-05-06 09:18:49 +02:00
Tony Torralba
215118c7ea Fixes in QLDocs and imports 2021-05-06 09:18:49 +02:00
Tony Torralba
720b5d6da3 Refactored sto use CSV sink model. Also, added more sinks 2021-05-06 09:18:49 +02:00
Tony Torralba
ab62bb66f4 Consider second parameter of Node.selectNodes 2021-05-06 09:18:49 +02:00
Tony Torralba
d72dd9b861 javax.xml.xpath.XPath is an interface 2021-05-06 09:18:49 +02:00
Tony Torralba
2bb2baf6f7 Support more methods that evaluate XPath expressions 2021-05-06 09:18:49 +02:00
Tony Torralba
3705970bfd Refactored XPath.qll to remove redundant classes and restrict visibility 2021-05-06 09:18:49 +02:00
Tony Torralba
d739a8cac2 Moved configuration from XPath.qll back to XPath Injection query 2021-05-06 09:18:48 +02:00
Tony Torralba
ee269fbc69 Added missing doc comments 2021-05-06 09:18:48 +02:00
Tony Torralba
fb3e56eac8 Fix imports and stubs so that tests pass 2021-05-06 09:18:48 +02:00
Tony Torralba
a62997463f Remove unused imports; use set literals in hasName 2021-05-06 09:18:48 +02:00
Tony Torralba
ed5619498c WIP: XPath Injection promotion 2021-05-06 09:18:48 +02:00
Tony Torralba
a706046a19 Reestructured test 2021-05-06 09:17:53 +02:00
Jonathan Leitschuh
67e9f06304 [Java] Fix Kryo FP & Kryo 5 Support
Closes #4992
2021-05-05 17:38:34 -04:00
ihsinme
976ccda135 Update DeclarationOfVariableWithUnnecessarilyWideScope.ql 2021-05-05 23:34:21 +03:00
ihsinme
b277082462 Update DeclarationOfVariableWithUnnecessarilyWideScope.qhelp 2021-05-05 23:28:04 +03:00
Evgenii Protsenko
330eaea467 C++: SqlPqxxTainted.ql style fixes 2021-05-05 21:48:14 +03:00
Evgenii Protsenko
955d97f6be C++: Init SqlPqxxTainted.ql 2021-05-05 21:25:36 +03:00
Nick Rolfe
a0084b7732 Simplify CFG tree classes for calls 2021-05-05 17:18:44 +01:00
Nick Rolfe
569063ca73 Make YieldCallTree post-order 2021-05-05 17:14:32 +01:00
Owen Mansel-Chan
daf73553f6 Sync shared dataflow libraries 2021-05-05 16:58:30 +01:00
Henry Mercer
a3c57c43c8 Code Scanning selectors: Include summary metrics 2021-05-05 16:38:39 +01:00
Henry Mercer
74c9994305 Code Scanning selectors: Add alert aliases 2021-05-05 16:36:39 +01:00
Shati Patel
059a5f35fa Merge pull request #5812 from mario-campos/patch-1
Add React Native to JavaScript frameworks docs
2021-05-05 16:03:41 +01:00
Tony Torralba
c138ed3e4d QLDocs 2021-05-05 16:51:15 +02:00
Tony Torralba
03ce8d689f Refactored to use CSV sink model 2021-05-05 16:34:30 +02:00
Nick Rolfe
3a3586f14b Restrict type to MethodCallCfgNode 2021-05-05 14:49:24 +01:00
Arthur Baars
73b5699f32 Merge pull request #174 from github/escape_file_keys
Escape keys for files and folders
2021-05-05 15:02:04 +02:00
Erik Krogh Kristensen
4ac21e9f3f make the .filter step more precise 2021-05-05 14:53:09 +02:00
Nick Rolfe
c37f390efc Reserve more capacity for escaped key 2021-05-05 13:21:16 +01:00
Rasmus Wriedt Larsen
d50f22504e Python: Fix .expected 2021-05-05 14:07:15 +02:00
Nick Rolfe
99ae17de03 Avoid copying key when it doesn't need escaping 2021-05-05 12:54:23 +01:00