hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Promote OAuth2 constant-state query to mainline

Browse Source
This commit is contained in:
Chris Smowton
2020-08-18 15:30:22 +01:00
parent 0ee7bbbaa7
commit faf43efb60
13 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
change-notes/2020-08-18-oauth2.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Use of constant `state` value in OAuth 2.0 URL" (`go/constant-oauth2-state`) has been promoted from experimental status. This checks for use of a constant state value in generating an OAuth2 redirect URL, which may open the way for a CSRF attack.

0
ql/src/experimental/CWE-352/ConstantOauth2State.qhelp → ql/src/Security/CWE-352/ConstantOauth2State.qhelp
View File

0
ql/src/experimental/CWE-352/ConstantOauth2State.ql → ql/src/Security/CWE-352/ConstantOauth2State.ql
View File

0
ql/src/experimental/CWE-352/ConstantOauth2StateBad.go → ql/src/Security/CWE-352/ConstantOauth2StateBad.go
View File

0
ql/src/experimental/CWE-352/ConstantOauth2StateBetter.go → ql/src/Security/CWE-352/ConstantOauth2StateBetter.go
View File

1
ql/test/experimental/CWE-352/ConstantOauth2State.qlref
View File

@@ -1 +0,0 @@
experimental/CWE-352/ConstantOauth2State.ql

0
ql/test/experimental/CWE-352/ConstantOauth2State.expected → ql/test/query-tests/Security/CWE-352/ConstantOauth2State.expected
View File

0
ql/test/experimental/CWE-352/ConstantOauth2State.go → ql/test/query-tests/Security/CWE-352/ConstantOauth2State.go
View File

1
ql/test/query-tests/Security/CWE-352/ConstantOauth2State.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-352/ConstantOauth2State.ql

0
ql/test/experimental/CWE-352/go.mod → ql/test/query-tests/Security/CWE-352/go.mod
View File

0
ql/test/experimental/CWE-352/vendor/golang.org/x/oauth2/LICENSE → ql/test/query-tests/Security/CWE-352/vendor/golang.org/x/oauth2/LICENSE generated vendored
View File

0
ql/test/experimental/CWE-352/vendor/golang.org/x/oauth2/stub.go → ql/test/query-tests/Security/CWE-352/vendor/golang.org/x/oauth2/stub.go generated vendored
View File

0
ql/test/experimental/CWE-352/vendor/modules.txt → ql/test/query-tests/Security/CWE-352/vendor/modules.txt vendored
View File