Asger F 4568967a76
JS: Do not use legacy taint steps in TaintedUrlSuffix ...
Tainted URL suffix steps are added as configuration-specific additional
steps, which means implicit reads may occur before any of these steps.
These steps accidentally included the legacy taint steps which include
a step from 'arguments' to all positional parameters. Combined with the
implicit read, arguments could escape their array index and flow to
any parameter while in the tainted-url flow state.
2024-08-29 13:48:30 +02:00
2024-08-27 11:35:33 +02:00
2024-08-22 14:27:15 +02:00
2024-06-26 13:51:44 +02:00
2024-08-27 11:35:33 +02:00
2024-08-29 13:48:30 +02:00
2024-08-27 11:35:33 +02:00
2024-08-27 11:35:33 +02:00
2024-06-26 13:51:44 +02:00
2024-06-26 13:51:44 +02:00
2023-10-13 13:15:05 +02:00
2022-10-07 11:22:22 +02:00
2024-06-26 13:51:44 +02:00
2024-06-25 10:30:56 +02:00
2024-06-26 13:51:44 +02:00
2023-03-30 14:15:25 +02:00
2022-01-19 10:05:39 +01:00
2024-08-27 11:35:33 +02:00
2022-10-26 11:51:56 +02:00
2024-08-13 14:45:03 +02:00
2024-06-25 10:30:56 +02:00
2024-06-26 13:51:44 +02:00
2024-06-26 13:51:44 +02:00
2022-01-28 12:21:33 +01:00
2022-10-07 11:22:22 +02:00
2022-10-11 13:41:51 +02:00
2024-06-26 13:51:44 +02:00
2022-10-07 11:22:22 +02:00
2024-08-27 11:35:33 +02:00
2018-08-02 17:53:23 +01:00
2023-10-13 13:15:05 +02:00
2024-06-26 13:51:44 +02:00
2023-10-07 12:02:39 +02:00
2022-05-31 08:38:03 +02:00
2024-08-27 11:35:33 +02:00
2024-06-26 13:51:44 +02:00
2022-10-07 11:22:22 +02:00
2024-06-26 13:51:44 +02:00
2024-06-26 13:51:44 +02:00
2024-06-26 11:31:57 +01:00
2024-08-27 11:35:33 +02:00
2024-06-26 13:51:44 +02:00
2024-06-26 13:51:44 +02:00
2024-06-26 13:51:44 +02:00
2024-08-22 14:27:15 +02:00
2024-06-26 13:51:44 +02:00
2024-06-25 10:30:56 +02:00
2024-07-11 11:44:01 +01:00
2024-06-26 13:51:44 +02:00
2024-06-26 13:51:44 +02:00
2022-01-19 10:48:45 +01:00
2024-06-26 13:51:44 +02:00
2024-08-27 11:35:33 +02:00
2023-10-13 13:15:05 +02:00
2024-06-26 13:51:44 +02:00
2021-10-26 13:46:59 +02:00
2022-10-07 11:22:22 +02:00
4568967a76