Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JS: Extends CredentialsNode class mostly related to JWT authentication packages #14666

Merged
merged 32 commits into from
Aug 8, 2024
Merged

JS: Extends CredentialsNode class mostly related to JWT authentication packages #14666

merged 32 commits into from
Aug 8, 2024

Commits on Aug 29, 2023

  1. V1

    @am0o0
    am0o0 committed Aug 29, 2023
    Configuration menu
    Copy the full SHA
    65b9774 View commit details
    Browse the repository at this point in the history

  2. add test cases

    @am0o0
    am0o0 committed Aug 29, 2023
    Configuration menu
    Copy the full SHA
    4f04dc8 View commit details
    Browse the repository at this point in the history

  3. fix qhelps

    @am0o0
    am0o0 committed Aug 29, 2023
    Configuration menu
    Copy the full SHA
    3f64cc8 View commit details
    Browse the repository at this point in the history

Commits on Aug 30, 2023

  1. change Source to ConstantString, it seems that we have some duplicate… 

    … results now, ConstantString is suggested as a better alternative for finding constant sources
    @am0o0
    am0o0 committed Aug 30, 2023
    Configuration menu
    Copy the full SHA
    7a577dd View commit details
    Browse the repository at this point in the history

Commits on Oct 17, 2023

  1. add sanitizers to hardcoded query

    @am0o0
    am0o0 committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    7891e64 View commit details
    Browse the repository at this point in the history

Commits on Oct 19, 2023

  1. remove noverification query

    @am0o0
    am0o0 committed Oct 19, 2023
    Configuration menu
    Copy the full SHA
    8e0f52c View commit details
    Browse the repository at this point in the history

Commits on Nov 2, 2023

  1. move new secret key sinks to existing CredentialsNode class, 

    add new additional global taint and dataflow steps
update tests of CWE-798
add a new sanitizer for `semmle.javascript.security.dataflow.HardcodedCredentialsQuery`
    @am0o0
    am0o0 committed Nov 2, 2023
    Configuration menu
    Copy the full SHA
    e1d42fa View commit details
    Browse the repository at this point in the history

  2. remove my Hardcoded secret key query in favor of CWE-798:HardcodedCre… 

    …dentials
    @am0o0
    am0o0 committed Nov 2, 2023
    Configuration menu
    Copy the full SHA
    01fb29e View commit details
    Browse the repository at this point in the history

Commits on May 13, 2024

  1. stash

    @am0o0
    am0o0 committed May 13, 2024
    Configuration menu
    Copy the full SHA
    bdee99a View commit details
    Browse the repository at this point in the history

Commits on May 25, 2024

  1. fix conflict

    @am0o0
    am0o0 committed May 25, 2024
    Configuration menu
    Copy the full SHA
    1860af0 View commit details
    Browse the repository at this point in the history

  2. Revert "stash" 

    This reverts commit bdee99a.
    @am0o0
    am0o0 committed May 25, 2024
    Configuration menu
    Copy the full SHA
    c299b56 View commit details
    Browse the repository at this point in the history

  3. update tests

    @am0o0
    am0o0 committed May 25, 2024
    Configuration menu
    Copy the full SHA
    20c087c View commit details
    Browse the repository at this point in the history

  4. fix conflict

    @am0o0
    am0o0 committed May 25, 2024
    Configuration menu
    Copy the full SHA
    4e365e2 View commit details
    Browse the repository at this point in the history

  5. Merge branch 'main' into amammad-js-hardcodedJWTKey

    @am0o0
    am0o0 authored May 25, 2024
    Configuration menu
    Copy the full SHA
    2226f51 View commit details
    Browse the repository at this point in the history

  6. update tests

    @am0o0
    am0o0 committed May 25, 2024
    Configuration menu
    Copy the full SHA
    d775135 View commit details
    Browse the repository at this point in the history

  7. stash: add debug query

    @am0o0
    am0o0 committed May 25, 2024
    Configuration menu
    Copy the full SHA
    5d98ec3 View commit details
    Browse the repository at this point in the history

  8. fix a document

    @am0o0
    am0o0 committed May 25, 2024
    Configuration menu
    Copy the full SHA
    c2f96a1 View commit details
    Browse the repository at this point in the history

Commits on May 27, 2024

  1. remove the debug query

    @am0o0
    am0o0 committed May 27, 2024
    Configuration menu
    Copy the full SHA
    71dfdfa View commit details
    Browse the repository at this point in the history

Commits on Jun 6, 2024

  1. Or to or in docs

    @am0o0
    am0o0 committed Jun 6, 2024
    Configuration menu
    Copy the full SHA
    61a11c6 View commit details
    Browse the repository at this point in the history

  2. remove sanitnzer and add a where condition instead 

    use a simpler where condition(the former sanitizer) for overcoming performance problems
    @am0o0
    am0o0 committed Jun 6, 2024
    Configuration menu
    Copy the full SHA
    ee05ec0 View commit details
    Browse the repository at this point in the history

  3. add tests for new where condition, update expected test results

    @am0o0
    am0o0 committed Jun 6, 2024
    Configuration menu
    Copy the full SHA
    e4ffdb8 View commit details
    Browse the repository at this point in the history

Commits on Jun 7, 2024

  1. use isTestFile from ClassifyFiles module file instead previous where … 

    …condition, update tests accordingly
    @am0o0
    am0o0 committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    5a69bbf View commit details
    Browse the repository at this point in the history

Commits on Jul 1, 2024

  1. move jose SharedTaintStep to a local taint step, add more additional … 

    …steps with test cases, update test cases and expected test results
    @am0o0
    am0o0 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    65fdb8c View commit details
    Browse the repository at this point in the history

  2. implement TextEncoderStep taint step with globalVarRef predicate

    @am0o0
    am0o0 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    60aa711 View commit details
    Browse the repository at this point in the history

  3. move the TextEncoder and Buffer jose.base64url taint steps to a local… 

    … query taint step
    @am0o0
    am0o0 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    fa8c457 View commit details
    Browse the repository at this point in the history

  4. add new default cred kind

    @am0o0
    am0o0 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    6ecd8b7 View commit details
    Browse the repository at this point in the history

  5. update test cases of __tests__/ dir 

    since we want to check if a jwt related sink is in this dir or not
    @am0o0
    am0o0 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    5a18775 View commit details
    Browse the repository at this point in the history

  6. Update hardcodedCredentials query file to only exclude 'jwt key' kind… 

    … from with the isTestFile predicate.

According to expected test results, with a new query, the jwt sinks of __test__/ dir have been exluded from query results.
    @am0o0
    am0o0 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    b360c8a View commit details
    Browse the repository at this point in the history

Commits on Aug 1, 2024

  1. apply changes from @erik-krogh

    @am0o0
    am0o0 committed Aug 1, 2024
    Configuration menu
    Copy the full SHA
    354fcbe View commit details
    Browse the repository at this point in the history

Commits on Aug 5, 2024

  1. apply autoformat to HardcodedCredentialsCustomizations.qll

    @am0o0
    am0o0 committed Aug 5, 2024
    Configuration menu
    Copy the full SHA
    fce183c View commit details
    Browse the repository at this point in the history

  2. apply autoformating for HardcodedCredentials.ql

    @am0o0
    am0o0 committed Aug 5, 2024
    Configuration menu
    Copy the full SHA
    e4deb7d View commit details
    Browse the repository at this point in the history

Commits on Aug 7, 2024

  1. remove a part of code related to debugging :)

    @am0o0
    am0o0 committed Aug 7, 2024
    Configuration menu
    Copy the full SHA
    b64cb4d View commit details
    Browse the repository at this point in the history