Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JS: RegExp unknown flags support and enhanced compatibility with RegExp objects #18089

Open
wants to merge 35 commits into
base: main
Choose a base branch
from
Open

JS: RegExp unknown flags support and enhanced compatibility with RegExp objects #18089

wants to merge 35 commits into from

Commits on Nov 25, 2024

  1. JS: Added test case for CWE-178 RegExp with unknown flags

    @Napalys
    Napalys committed Nov 25, 2024
    Configuration menu
    Copy the full SHA
    178da21 View commit details
    Browse the repository at this point in the history

  2. JS: previously js/case-sensitive-middleware-path was not taking into … 

    …consideration unknown flags
    @Napalys
    Napalys committed Nov 25, 2024
    Configuration menu
    Copy the full SHA
    e38b63e View commit details
    Browse the repository at this point in the history

  3. Update javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql 

    Co-authored-by: Erik Krogh Kristensen <[email protected]>
    @Napalys @erik-krogh
    Napalys and erik-krogh committed Nov 25, 2024
    Configuration menu
    Copy the full SHA
    d6372ae View commit details
    Browse the repository at this point in the history

Commits on Nov 28, 2024

  1. JS: Added test case which is not flagged but should be abusing new Re… 

    …gExp with global flag
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    41f21d4 View commit details
    Browse the repository at this point in the history

  2. JS: Now BadHtmlSanitizers also flags new RegExp as potential issue

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    38be0e4 View commit details
    Browse the repository at this point in the history

  3. JS: Added test case for bad sanitizer with unknown flags, currently n… 

    …ot flagged.
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    89f3b6f View commit details
    Browse the repository at this point in the history

  4. JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged.

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    18c7b18 View commit details
    Browse the repository at this point in the history

  5. JS: Added test cases which cover new RegExp creation with replace on … 

    …protytpe pulluting
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    41fef0f View commit details
    Browse the repository at this point in the history

  6. JS: protyte poluting now treats unknownFlags as potentially good sani… 

    …tization.
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    faef9dd View commit details
    Browse the repository at this point in the history

  7. JS: Added test cases with new RegExp for Tainted paths, currently wor… 

    …ks only with literals
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    7db6f7c View commit details
    Browse the repository at this point in the history

  8. JS: Fixed docs description

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    eca7a88 View commit details
    Browse the repository at this point in the history

  9. JS: Now unknown flags are not flagged in taint paths

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    23b18ae View commit details
    Browse the repository at this point in the history

  10. JS: Added test cases for unsafe shell command sanitization with RegEx… 

    …pr Object, instead of literal
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    155f1fc View commit details
    Browse the repository at this point in the history

  11. JS: UnsafeShellCommand Using unknown flags in the RegExp object is no… 

    … longer flagged as bad sanitization to reduce false positives.
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    a0df33c View commit details
    Browse the repository at this point in the history

  12. JS: Added tests for DotRemovingReplaceCall with RegExp Object.

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    aa557cf View commit details
    Browse the repository at this point in the history

  13. JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    875478c View commit details
    Browse the repository at this point in the history

  14. JS: Added tests for ReDos with unknownFlags, everything seems to be good

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    9c2366a View commit details
    Browse the repository at this point in the history

  15. JS: Add test cases for RegExp object usage in replace within incomple… 

    …te sanitization
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    7631803 View commit details
    Browse the repository at this point in the history

  16. JS: incomplete sanitization now also works with RegExp objects

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    1ae1748 View commit details
    Browse the repository at this point in the history

  17. JS: imcomplete sanization now handles properly maybe global

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    98fd977 View commit details
    Browse the repository at this point in the history

  18. JS: add test cases with unknown flags for double escaping, works as e… 

    …xpected.
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    fe28657 View commit details
    Browse the repository at this point in the history

  19. JS: add xss test cases with unknownflags for replace using RegExp

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    dbae553 View commit details
    Browse the repository at this point in the history

  20. JS: xss does not flag anymore replace with RegExp unknown flags

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    c71778f View commit details
    Browse the repository at this point in the history

  21. JS: add test cases with RegExp object for MaskingReplacer, currently … 

    …gives wrong results
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    1ca57cf View commit details
    Browse the repository at this point in the history

  22. JS: fixed issue where MaskingReplacer would work only with regexp lit… 

    …erals but not objects
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    a2c4674 View commit details
    Browse the repository at this point in the history

  23. JS: now RegExp with unknown flags is not flagged as an issue within p… 

    …assword Clear text storage of sensitive information
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    e673348 View commit details
    Browse the repository at this point in the history

  24. JS: add test cases RegExp with unknown flags

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    62194f5 View commit details
    Browse the repository at this point in the history

  25. JS: now Reg Exp injection treats unknownFlags as sanitization, Metach… 

    …arEscapeSanitizer
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    1d2e08a View commit details
    Browse the repository at this point in the history

  26. JS: Added in RegExpCreationNode maybeGlobal predicate for more conven… 

    …ience.
    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    9a1c1f4 View commit details
    Browse the repository at this point in the history

  27. Added change notes

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    fd77360 View commit details
    Browse the repository at this point in the history

  28. Update RegExp handling and add test case 

    Co-authored-by: erik-krogh <[email protected]>
    @Napalys @erik-krogh
    Napalys and erik-krogh committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    9ca0fe4 View commit details
    Browse the repository at this point in the history

  29. Fixed change notes

    @Napalys
    Napalys committed Nov 28, 2024
    Configuration menu
    Copy the full SHA
    d2de9a2 View commit details
    Browse the repository at this point in the history

Commits on Nov 29, 2024

  1. Update javascript/ql/lib/change-notes/2024-11-28-regexp-unknown-flags.md 

    Co-authored-by: Erik Krogh Kristensen <[email protected]>
    @Napalys @erik-krogh
    Napalys and erik-krogh authored Nov 29, 2024
    Configuration menu
    Copy the full SHA
    13afd63 View commit details
    Browse the repository at this point in the history

  2. JS: fixed bad alert messages when it came to incomplete sanitization … 

    …for new RegExp objects
    @Napalys
    Napalys committed Nov 29, 2024
    Configuration menu
    Copy the full SHA
    3171f38 View commit details
    Browse the repository at this point in the history

  3. JS: follow proper code standards for get predicates 

    Co-authored-by: asgerf <[email protected]>
    @Napalys @asgerf
    Napalys and asgerf committed Nov 29, 2024
    Configuration menu
    Copy the full SHA
    9d4e737 View commit details
    Browse the repository at this point in the history