XSJS queries and CodeQL update #129

mbaluda · 2024-07-21T09:57:52Z

Merge XSJS queries from advanced-security/codeql-sap-async-xsjs
Restrict XSJS queries to .xsjs files
Update CodeQL to v2.18.0
Update README.md files

javascript/frameworks/XSJS/test/queries/XSJSZipSlip/XSJSZipSlip.xsjs

+
+  for (var entryPath in zipArchive) {
+    var targetFilePath = require("path").join(targetFolderName, entryPath)
+    require("fs").createWriteStream(targetFilePath).write(zip[entryPath]);


javascript/frameworks/XSJS/test/queries/XSJSUrlRedirect/XSJSUrlRedirect.xsjs

+function test1(requestParameters) {
+  let someParameterValue = requestParameters.get("someParameter");
+  $.response.status = $.net.http.OK;
+  $.response.headers.set("location", someParameterValue);


javascript/frameworks/XSJS/test/queries/XSJSSqlInjection/XSJSSqlInjection.xsjs

+  let query = "INSERT INTO " + someParameterValue1 + ".ENTITY (COL1) VALUES (" + someParameterValue2 + ")";
+
+  let dbConnection = $.db.getConnection();
+  let preparedStatement = dbConnection.prepareStatement(query);


javascript/frameworks/XSJS/test/queries/XSJSReflectedXss/XSJSReflectedXss.xsjs

+function test1(requestParameters) {
+  let someParameterValue1 = requestParameters.get("someParameter1");
+  $.response.contentType = "text/html";
+  $.response.setBody(requestParameterHandler(someParameterValue1));


jeongsoolee09 · 2024-07-22T22:28:03Z

@mbaluda Thanks a lot! Can you change the toplevel folder name (javascript/frameworks/XSJS) to lowercase (javascript/frameworks/xsjs) to match the name of other framework folders?

javascript/frameworks/xsjs/test/queries/XSJSZipSlip/XSJSZipSlip.xsjs

+
+  for (var entryPath in zipArchive) {
+    var targetFilePath = require("path").join(targetFolderName, entryPath)
+    require("fs").createWriteStream(targetFilePath).write(zip[entryPath]);


javascript/frameworks/xsjs/test/queries/XSJSUrlRedirect/XSJSUrlRedirect.xsjs

+function test1(requestParameters) {
+  let someParameterValue = requestParameters.get("someParameter");
+  $.response.status = $.net.http.OK;
+  $.response.headers.set("location", someParameterValue);


javascript/frameworks/xsjs/test/queries/XSJSSqlInjection/XSJSSqlInjection.xsjs

+  let query = "INSERT INTO " + someParameterValue1 + ".ENTITY (COL1) VALUES (" + someParameterValue2 + ")";
+
+  let dbConnection = $.db.getConnection();
+  let preparedStatement = dbConnection.prepareStatement(query);


javascript/frameworks/xsjs/test/queries/XSJSReflectedXss/XSJSReflectedXss.xsjs

+function test1(requestParameters) {
+  let someParameterValue1 = requestParameters.get("someParameter1");
+  $.response.contentType = "text/html";
+  $.response.setBody(requestParameterHandler(someParameterValue1));


jeongsoolee09

XSJS queries and CodeQL update

21edf3f

mbaluda self-assigned this Jul 21, 2024

Update CodeQL to v2.18.0

2c9d74b

github-advanced-security bot found potential problems Jul 21, 2024

View reviewed changes

mbaluda added 2 commits July 21, 2024 12:18

Update expected sarif file

db4b929

Update README.md files

3f8571f

mbaluda requested a review from jeongsoolee09 July 21, 2024 10:52

Merge branch 'main' into mbaluda/xsjs

b6efcde

mbaluda added 3 commits July 23, 2024 00:34

lowercase framework folder xsjs

6808d22

Rename qlpack.yml to qlpack.yml

e2e2389

mv javascript/frameworks/XSJS javascript/frameworks/xsjsnew

e1225fc

github-advanced-security bot found potential problems Jul 22, 2024

View reviewed changes

Merge branch 'main' into mbaluda/xsjs

ff32774

jeongsoolee09 approved these changes Jul 24, 2024

View reviewed changes

jeongsoolee09 merged commit 1e27135 into main Jul 24, 2024

jeongsoolee09 deleted the mbaluda/xsjs branch July 24, 2024 23:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

XSJS queries and CodeQL update #129

XSJS queries and CodeQL update #129

Uh oh!

mbaluda commented Jul 21, 2024 •

edited

Loading

Uh oh!

Check failure

Check warning

Check failure

Check failure

jeongsoolee09 commented Jul 22, 2024

Uh oh!

Check failure

Check warning

Check failure

Check failure

jeongsoolee09 left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

XSJS queries and CodeQL update #129

XSJS queries and CodeQL update #129

Uh oh!

Conversation

mbaluda commented Jul 21, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Check failure

Check warning

Check failure

Check failure

jeongsoolee09 commented Jul 22, 2024

Uh oh!

Check failure

Check warning

Check failure

Check failure

jeongsoolee09 left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

mbaluda commented Jul 21, 2024 •

edited

Loading