diff --git a/javascript/frameworks/cap/ext/qlpack.yml b/javascript/frameworks/cap/ext/qlpack.yml index 769785a0b..ff49ec94f 100644 --- a/javascript/frameworks/cap/ext/qlpack.yml +++ b/javascript/frameworks/cap/ext/qlpack.yml @@ -3,4 +3,4 @@ library: true name: advanced-security/javascript-sap-cap-models version: 2.25.0 extensionTargets: - codeql/javascript-all: "^2.6.22" + codeql/javascript-all: "^2.6.24" diff --git a/javascript/frameworks/cap/lib/qlpack.yml b/javascript/frameworks/cap/lib/qlpack.yml index 3311e0ec9..3187abc4e 100644 --- a/javascript/frameworks/cap/lib/qlpack.yml +++ b/javascript/frameworks/cap/lib/qlpack.yml @@ -5,4 +5,4 @@ version: 2.25.0 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.6.22" + codeql/javascript-all: "^2.6.24" diff --git a/javascript/frameworks/cap/src/qlpack.yml b/javascript/frameworks/cap/src/qlpack.yml index 6e6410368..280e21c5e 100644 --- a/javascript/frameworks/cap/src/qlpack.yml +++ b/javascript/frameworks/cap/src/qlpack.yml @@ -5,6 +5,6 @@ version: 2.25.0 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.6.22" - advanced-security/javascript-sap-cap-all: "2.24.3" + codeql/javascript-all: "^2.6.24" + advanced-security/javascript-sap-cap-all: "2.25.0" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/cap/test/qlpack.yml b/javascript/frameworks/cap/test/qlpack.yml index 887036fbc..1d07dae06 100644 --- a/javascript/frameworks/cap/test/qlpack.yml +++ b/javascript/frameworks/cap/test/qlpack.yml @@ -3,7 +3,7 @@ name: advanced-security/javascript-sap-cap-queries-tests version: 2.25.0 extractor: javascript dependencies: - codeql/javascript-all: "^2.6.22" - advanced-security/javascript-sap-cap-queries: "2.24.3" - advanced-security/javascript-sap-cap-models: "2.24.3" - advanced-security/javascript-sap-cap-all: "2.24.3" + codeql/javascript-all: "^2.6.24" + advanced-security/javascript-sap-cap-queries: "2.25.0" + advanced-security/javascript-sap-cap-models: "2.25.0" + advanced-security/javascript-sap-cap-all: "2.25.0" diff --git a/javascript/frameworks/ui5-webcomponents/test/qlpack.yml b/javascript/frameworks/ui5-webcomponents/test/qlpack.yml index 827098f9b..c63e68011 100644 --- a/javascript/frameworks/ui5-webcomponents/test/qlpack.yml +++ b/javascript/frameworks/ui5-webcomponents/test/qlpack.yml @@ -2,5 +2,5 @@ name: advanced-security/javascript-sap-ui5-webcomponents-for-react-test version: 2.25.0 extractor: javascript dependencies: - codeql/javascript-all: "^2.6.22" - advanced-security/javascript-sap-ui5-all: "2.24.3" + codeql/javascript-all: "^2.6.24" + advanced-security/javascript-sap-ui5-all: "2.25.0" diff --git a/javascript/frameworks/ui5/ext/qlpack.yml b/javascript/frameworks/ui5/ext/qlpack.yml index 9a2048812..e001e7e45 100644 --- a/javascript/frameworks/ui5/ext/qlpack.yml +++ b/javascript/frameworks/ui5/ext/qlpack.yml @@ -3,6 +3,6 @@ library: true name: advanced-security/javascript-sap-ui5-models version: 2.25.0 extensionTargets: - codeql/javascript-all: "^2.6.22" + codeql/javascript-all: "^2.6.24" dataExtensions: - "*.model.yml" diff --git a/javascript/frameworks/ui5/ext/ui5.model.yml b/javascript/frameworks/ui5/ext/ui5.model.yml index a17302ede..86f718fdd 100644 --- a/javascript/frameworks/ui5/ext/ui5.model.yml +++ b/javascript/frameworks/ui5/ext/ui5.model.yml @@ -118,8 +118,8 @@ extensions: - ["UI5CodeEditor", "Member[value]", "remote"] - ["UI5CodeEditor", "Member[getCurrentValue].ReturnValue", "remote"] - ["global", "Member[jQuery].Member[sap].Member[syncHead,syncGet,syncGetText,syncPost,syncPostText].ReturnValue", "remote"] - - ["UI5URIParameters", "Member[get].ReturnValue", "remote"] - - ["UI5URIParameters", "Member[getAll].ReturnValue", "remote"] + - ["UI5URIParameters", "Member[get].ReturnValue", "browser-url-query"] + - ["UI5URIParameters", "Member[getAll].ReturnValue", "browser-url-query"] - addsTo: pack: codeql/javascript-all diff --git a/javascript/frameworks/ui5/lib/qlpack.yml b/javascript/frameworks/ui5/lib/qlpack.yml index eff748639..246f9ec38 100644 --- a/javascript/frameworks/ui5/lib/qlpack.yml +++ b/javascript/frameworks/ui5/lib/qlpack.yml @@ -5,4 +5,4 @@ version: 2.25.0 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.6.22" + codeql/javascript-all: "^2.6.24" diff --git a/javascript/frameworks/ui5/src/qlpack.yml b/javascript/frameworks/ui5/src/qlpack.yml index 6bc658436..c1ce6e64a 100644 --- a/javascript/frameworks/ui5/src/qlpack.yml +++ b/javascript/frameworks/ui5/src/qlpack.yml @@ -5,6 +5,6 @@ version: 2.25.0 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.6.22" - advanced-security/javascript-sap-ui5-all: "2.24.3" + codeql/javascript-all: "^2.6.24" + advanced-security/javascript-sap-ui5-all: "2.25.0" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/ui5/test/models/source/sourceTest.expected b/javascript/frameworks/ui5/test/models/source/sourceTest.expected index c3539750e..331d5c81d 100644 --- a/javascript/frameworks/ui5/test/models/source/sourceTest.expected +++ b/javascript/frameworks/ui5/test/models/source/sourceTest.expected @@ -54,7 +54,7 @@ | source.js:92:17:92:25 | obj.value | Remote flow source of type: Source node (remote) [from data-extension] | | source.js:94:17:94:30 | obj.getValue() | Remote flow source of type: Remote flow | | source.js:94:17:94:30 | obj.getValue() | Remote flow source of type: Source node (remote) [from data-extension] | -| source.js:96:17:96:51 | jQuery. ... ).get() | Remote flow source of type: Remote flow | +| source.js:96:17:96:51 | jQuery. ... ).get() | Remote flow source of type: Source node (browser-url-query) [from data-extension] | | source.js:96:17:96:51 | jQuery. ... ).get() | Remote flow source of type: Source node (remote) [from data-extension] | | source.js:98:17:98:37 | jQuery. ... cHead() | Remote flow source of type: Remote flow | | source.js:98:17:98:37 | jQuery. ... cHead() | Remote flow source of type: Source node (remote) [from data-extension] | @@ -66,15 +66,15 @@ | source.js:104:17:104:37 | jQuery. ... cPost() | Remote flow source of type: Source node (remote) [from data-extension] | | source.js:106:17:106:41 | jQuery. ... tText() | Remote flow source of type: Remote flow | | source.js:106:17:106:41 | jQuery. ... tText() | Remote flow source of type: Source node (remote) [from data-extension] | -| source.js:108:17:108:52 | UriPara ... ).get() | Remote flow source of type: Remote flow | +| source.js:108:17:108:52 | UriPara ... ).get() | Remote flow source of type: Source node (browser-url-query) [from data-extension] | | source.js:108:17:108:52 | UriPara ... ).get() | Remote flow source of type: Source node (remote) [from data-extension] | -| source.js:109:17:109:55 | UriPara ... etAll() | Remote flow source of type: Remote flow | +| source.js:109:17:109:55 | UriPara ... etAll() | Remote flow source of type: Source node (browser-url-query) [from data-extension] | | source.js:109:17:109:55 | UriPara ... etAll() | Remote flow source of type: Source node (remote) [from data-extension] | -| source.js:112:17:112:25 | obj.get() | Remote flow source of type: Remote flow | +| source.js:112:17:112:25 | obj.get() | Remote flow source of type: Source node (browser-url-query) [from data-extension] | | source.js:112:17:112:25 | obj.get() | Remote flow source of type: Source node (remote) [from data-extension] | -| source.js:113:17:113:28 | obj.getAll() | Remote flow source of type: Remote flow | +| source.js:113:17:113:28 | obj.getAll() | Remote flow source of type: Source node (browser-url-query) [from data-extension] | | source.js:113:17:113:28 | obj.getAll() | Remote flow source of type: Source node (remote) [from data-extension] | -| source.js:115:17:115:28 | obj.getAll() | Remote flow source of type: Remote flow | +| source.js:115:17:115:28 | obj.getAll() | Remote flow source of type: Source node (browser-url-query) [from data-extension] | | source.js:115:17:115:28 | obj.getAll() | Remote flow source of type: Source node (remote) [from data-extension] | -| source.js:117:17:117:25 | obj.get() | Remote flow source of type: Remote flow | +| source.js:117:17:117:25 | obj.get() | Remote flow source of type: Source node (browser-url-query) [from data-extension] | | source.js:117:17:117:25 | obj.get() | Remote flow source of type: Source node (remote) [from data-extension] | diff --git a/javascript/frameworks/ui5/test/qlpack.yml b/javascript/frameworks/ui5/test/qlpack.yml index 1d7b7b1ea..302e77ecd 100644 --- a/javascript/frameworks/ui5/test/qlpack.yml +++ b/javascript/frameworks/ui5/test/qlpack.yml @@ -2,11 +2,11 @@ name: advanced-security/javascript-sap-ui5-queries-tests version: 2.25.0 extractor: javascript dependencies: - codeql/javascript-all: "^2.6.22" + codeql/javascript-all: "^2.6.24" # We use this dependency to run the standard Log Injection query to ensure that # no overlap occurs with the SAP UI5 queries. We therefore allow any version # greater than or equal to 1.2.0, as major breaking changes are not a concern. codeql/javascript-queries: ">1.2.0" - advanced-security/javascript-sap-ui5-queries: "2.24.3" - advanced-security/javascript-sap-ui5-models: "2.24.3" - advanced-security/javascript-sap-ui5-all: "2.24.3" + advanced-security/javascript-sap-ui5-queries: "2.25.0" + advanced-security/javascript-sap-ui5-models: "2.25.0" + advanced-security/javascript-sap-ui5-all: "2.25.0" diff --git a/javascript/frameworks/ui5/test/queries/RequestForgery/ClientSideRequestForgery.expected b/javascript/frameworks/ui5/test/queries/RequestForgery/ClientSideRequestForgery.expected new file mode 100644 index 000000000..1143df044 --- /dev/null +++ b/javascript/frameworks/ui5/test/queries/RequestForgery/ClientSideRequestForgery.expected @@ -0,0 +1,8 @@ +edges +| test.js:1:11:1:50 | jQuery. ... ("url") | test.js:2:34:2:36 | url | provenance | | +nodes +| test.js:1:11:1:50 | jQuery. ... ("url") | semmle.label | jQuery. ... ("url") | +| test.js:2:34:2:36 | url | semmle.label | url | +subpaths +#select +| test.js:2:1:2:20 | new XMLHttpRequest() | test.js:1:11:1:50 | jQuery. ... ("url") | test.js:2:34:2:36 | url | The $@ of this request depends on a $@. | test.js:2:34:2:36 | url | URL | test.js:1:11:1:50 | jQuery. ... ("url") | user-provided value | diff --git a/javascript/frameworks/ui5/test/queries/RequestForgery/ClientSideRequestForgery.qlref b/javascript/frameworks/ui5/test/queries/RequestForgery/ClientSideRequestForgery.qlref new file mode 100644 index 000000000..1557850e8 --- /dev/null +++ b/javascript/frameworks/ui5/test/queries/RequestForgery/ClientSideRequestForgery.qlref @@ -0,0 +1 @@ +Security/CWE-918/ClientSideRequestForgery.ql diff --git a/javascript/frameworks/ui5/test/queries/RequestForgery/RequestForgery.expected b/javascript/frameworks/ui5/test/queries/RequestForgery/RequestForgery.expected new file mode 100644 index 000000000..e217064d1 --- /dev/null +++ b/javascript/frameworks/ui5/test/queries/RequestForgery/RequestForgery.expected @@ -0,0 +1,4 @@ +edges +nodes +subpaths +#select diff --git a/javascript/frameworks/ui5/test/queries/RequestForgery/RequestForgery.qlref b/javascript/frameworks/ui5/test/queries/RequestForgery/RequestForgery.qlref new file mode 100644 index 000000000..fcb4e41da --- /dev/null +++ b/javascript/frameworks/ui5/test/queries/RequestForgery/RequestForgery.qlref @@ -0,0 +1 @@ +Security/CWE-918/RequestForgery.ql diff --git a/javascript/frameworks/ui5/test/queries/RequestForgery/test.js b/javascript/frameworks/ui5/test/queries/RequestForgery/test.js new file mode 100644 index 000000000..c9f7633ce --- /dev/null +++ b/javascript/frameworks/ui5/test/queries/RequestForgery/test.js @@ -0,0 +1,2 @@ +var url = jQuery.sap.getUriParameters().get("url"); +new XMLHttpRequest().open("GET", url, false); \ No newline at end of file diff --git a/javascript/frameworks/xsjs/ext/qlpack.yml b/javascript/frameworks/xsjs/ext/qlpack.yml index 4899b1227..536f3c345 100644 --- a/javascript/frameworks/xsjs/ext/qlpack.yml +++ b/javascript/frameworks/xsjs/ext/qlpack.yml @@ -3,6 +3,6 @@ library: true name: advanced-security/javascript-sap-xsjs-models version: 2.25.0 extensionTargets: - codeql/javascript-all: "^2.6.22" + codeql/javascript-all: "^2.6.24" dataExtensions: - "*.model.yml" diff --git a/javascript/frameworks/xsjs/lib/qlpack.yml b/javascript/frameworks/xsjs/lib/qlpack.yml index d8132eeb1..306572420 100644 --- a/javascript/frameworks/xsjs/lib/qlpack.yml +++ b/javascript/frameworks/xsjs/lib/qlpack.yml @@ -5,4 +5,4 @@ version: 2.25.0 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.6.22" + codeql/javascript-all: "^2.6.24" diff --git a/javascript/frameworks/xsjs/src/qlpack.yml b/javascript/frameworks/xsjs/src/qlpack.yml index 85894d4ac..25c432ec8 100644 --- a/javascript/frameworks/xsjs/src/qlpack.yml +++ b/javascript/frameworks/xsjs/src/qlpack.yml @@ -5,6 +5,6 @@ version: 2.25.0 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.6.22" - advanced-security/javascript-sap-xsjs-all: "2.24.3" + codeql/javascript-all: "^2.6.24" + advanced-security/javascript-sap-xsjs-all: "2.25.0" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/xsjs/test/qlpack.yml b/javascript/frameworks/xsjs/test/qlpack.yml index ad542d678..5f4ea503d 100644 --- a/javascript/frameworks/xsjs/test/qlpack.yml +++ b/javascript/frameworks/xsjs/test/qlpack.yml @@ -3,7 +3,7 @@ name: advanced-security/javascript-sap-xsjs-tests version: 2.25.0 extractor: javascript dependencies: - codeql/javascript-all: "^2.6.22" - advanced-security/javascript-sap-xsjs-queries: "2.24.3" - advanced-security/javascript-sap-xsjs-all: "2.24.3" - advanced-security/javascript-sap-xsjs-models: "2.24.3" + codeql/javascript-all: "^2.6.24" + advanced-security/javascript-sap-xsjs-queries: "2.25.0" + advanced-security/javascript-sap-xsjs-all: "2.25.0" + advanced-security/javascript-sap-xsjs-models: "2.25.0" diff --git a/javascript/heuristic-models/ext/qlpack.yml b/javascript/heuristic-models/ext/qlpack.yml index 79fd31568..af8ee4234 100644 --- a/javascript/heuristic-models/ext/qlpack.yml +++ b/javascript/heuristic-models/ext/qlpack.yml @@ -4,6 +4,6 @@ warnOnImplicitThis: false name: advanced-security/javascript-heuristic-models version: 2.25.0 extensionTargets: - codeql/javascript-all: "^2.6.22" + codeql/javascript-all: "^2.6.24" dataExtensions: - "*.model.yml" diff --git a/javascript/heuristic-models/tests/qlpack.yml b/javascript/heuristic-models/tests/qlpack.yml index 94aa58914..80a0edc01 100644 --- a/javascript/heuristic-models/tests/qlpack.yml +++ b/javascript/heuristic-models/tests/qlpack.yml @@ -4,5 +4,5 @@ name: advanced-security/javascript-heuristic-models-tests version: 2.25.0 extractor: javascript dependencies: - "codeql/javascript-all": "^2.6.22" - "advanced-security/javascript-heuristic-models": "2.24.3" + "codeql/javascript-all": "^2.6.24" + "advanced-security/javascript-heuristic-models": "2.25.0"