hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Renamed README to CUSTOMIZING, removed details from qhelp and referenced md doc instead

Browse Source
This commit is contained in:
aegilops
2024-06-19 17:59:43 +01:00
parent a07639f4f6
commit 1ecd72727d
2 changed files with 3 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/Security/CWE-693/README.md → javascript/ql/src/Security/CWE-693/CUSTOMIZING.md
View File

@@ -1,6 +1,6 @@
# Insecure Helmet Configuration - customizations
You can extend the required [Helmet security settings](https://helmetjs.github.io/) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/).
You can extend the required [Helmet security settings](https://helmetjs.github.io/) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/) in a [CodeQL model pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
They are defaulted to just `frameguard` and `contentSecurityPolicy`, but you can add more using this method, to require them not to be set to `false` (which explicitly disables them) in the Helmet configuration.
@@ -18,7 +18,7 @@ extensions:
Note: Using `frameguard` and `contentSecurityPolicy` is an example: the query already enforces these, so it is not necessary to add it with your own data extension.
A suitable model pack might be:
A suitable [model pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack) might be:
```yaml
name: my-org/javascript-helmet-insecure-config-model-pack

13
javascript/ql/src/Security/CWE-693/InsecureHelmet.qhelp
View File

@@ -19,18 +19,7 @@
</p>
<p>
Users of the query can extend the set of required Helmet features by adding additional checks for them, using CodeQL <a href="https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/">data extensions</a>.
</p>
<pre>extensions:
- addsTo:
pack: codeql/javascript-all
extensible: requiredHelmetSecuritySetting
data:
- ["frameguard"]</pre>
<p>
Note: <code>frameguard</code> is an example: the query already enforces this setting, so it is not necessary to add it to the data extension.
Users of the query can extend the set of required Helmet features by adding additional checks for them, using CodeQL <a href="https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/">data extensions</a> in a <a href="https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack">CodeQL model pack</a>. See `CUSTOMIZING.md` in the query source for more information.
</p>
</overview>