codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	cc527bdecd	Merge pull request #7721 from erik-krogh/CWE-1275 JS: add a js/samesite-none-cookie cookie	2022-01-25 13:28:08 +01:00
Erik Krogh Kristensen	9f9dee5d18	apply documentation suggestions Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-01-25 12:14:16 +01:00
CodeQL CI	8d1e22bc38	Merge pull request #7632 from erik-krogh/CWE-862 Approved by esbena, felicitymay	2022-01-24 12:47:16 -08:00
Erik Krogh Kristensen	d4bac887cf	add a js/samesite-none-cookie cookie	2022-01-24 21:39:41 +01:00
Erik Krogh Kristensen	75f389749a	Merge pull request #7719 from erik-krogh/cwe-219 JS: add CWE-219 to js/exposure-of-private-files	2022-01-24 17:06:09 +01:00
Erik Krogh Kristensen	bb786bc557	fix good/bad mixup in ClientExposedCookie qhelp	2022-01-24 15:34:30 +01:00
Erik Krogh Kristensen	148b0c33a9	update the empty-password-in-config-file qhelp	2022-01-24 13:39:54 +01:00
Erik Krogh Kristensen	ab0d67a573	update query name and description Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-01-24 13:37:25 +01:00
Erik Krogh Kristensen	823cadecd5	add CWE-219 to js/exposure-of-private-files	2022-01-24 13:22:06 +01:00
Erik Krogh Kristensen	ab1bc685bb	add CWE-80 to queries that detect bad HTML sanitizers	2022-01-24 11:01:17 +01:00
Erik Krogh Kristensen	f9d5cbf017	update qhelp Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-01-21 11:26:58 +01:00
Erik Krogh Kristensen	debebb2b8c	rewrite the qhelp for `js/insecure-dependency`	2022-01-21 10:41:08 +01:00
CodeQL CI	b02f1c87a1	Merge pull request #7679 from erik-krogh/ql-doc-style Approved by esbena	2022-01-20 23:43:44 -08:00
Erik Krogh Kristensen	a77b2b0209	Merge pull request #7668 from erik-krogh/simplify-casts simplify expressions that could be type-casts	2022-01-20 15:20:18 +01:00
Erik Krogh Kristensen	5780161b2c	fix most issues found by ql/class-doc-style in JS	2022-01-20 15:10:16 +01:00
Erik Krogh Kristensen	548fb47603	JS: move ExternalArtifact.qll into lib/ folder to fix ql/db-type-outside-core	2022-01-20 14:00:57 +01:00
github-actions[bot]	ab218421da	Post-release preparation for codeql-cli-2.7.6	2022-01-20 12:59:20 +00:00
Erik Krogh Kristensen	4e8e3a7420	simplify expressions that could be type-casts	2022-01-20 10:41:35 +01:00
Erik Krogh Kristensen	b8f1fb3954	JS: fix ql/field-only-used-in-charpred within JavaScript	2022-01-20 09:41:13 +01:00
github-actions[bot]	4ce8ccc52b	Release preparation for version 2.7.6	2022-01-20 08:21:18 +00:00
Erik Krogh Kristensen	cb9e14f544	add cwe-471 to js/prototype-pollution	2022-01-19 14:54:57 +01:00
Erik Krogh Kristensen	e4203a4109	add CWE-471 to the prototype-pollution queries	2022-01-19 14:26:34 +01:00
Erik Krogh Kristensen	ef2eacebce	add a js/empty-password-in-configuration-file query	2022-01-19 10:48:45 +01:00
Erik Krogh Kristensen	b7a0b8765e	add js/http-dependency query	2022-01-19 10:05:39 +01:00
Erik Krogh Kristensen	2433eafef2	add query for detecting insecure temprary files	2022-01-18 14:54:56 +01:00
Andrew Eisenberg	fbb5d7196f	Merge branch 'main' into post-release-prep/codeql-cli-2.7.5	2022-01-14 08:23:43 -08:00
Edoardo Pirovano	f2818ebb5e	Merge pull request #7489 from edoardopirovano/fix-example Fix example in JavaScript query	2022-01-14 08:58:28 +00:00
github-actions[bot]	8a2d92badc	Post-release preparation for codeql-cli-2.7.5	2022-01-12 13:28:43 +00:00
github-actions[bot]	1dfcf427aa	Release preparation for version 2.7.5	2022-01-04 14:44:56 +00:00
Erik Krogh Kristensen	b9964799f3	Merge pull request #7458 from erik-krogh/modelling QL: add "modelling/modeling" to `ql/non-us-spelling`	2022-01-04 13:33:54 +01:00
Edoardo Pirovano	081765cbe8	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2022-01-04 10:07:34 +00:00
yoff	5ba70ff3b6	Merge pull request #7369 from RasmusWL/filter-tag-cwe JS/Py/Ruby: Add more CWEs to bad-tag-filter queries	2022-01-04 10:11:03 +01:00
Dave Bartolomeo	5f5af4a29e	Move change notes to correct location A few change notes slipped through the cracks of my previous change. These are now in the proper locations: `old-change-notes` for older notes, and `<lang>\ql\[src\|lib]\change-notes` for current change notes.	2022-01-03 18:21:16 -05:00
Dave Bartolomeo	ded3c52a34	Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 Post-release preparation for codeql-cli-2.7.4	2022-01-03 17:09:58 -05:00
github-actions[bot]	1334d207fa	Post-release version bumps	2022-01-03 20:11:15 +00:00
Edoardo Pirovano	a616059761	Fix example in JavaScript query	2021-12-29 12:01:09 +00:00
Erik Krogh Kristensen	d17879e1f9	run the non-us patch	2021-12-20 16:24:41 +01:00
Nick Rolfe	28912c508f	Fix non-US spelling of 'behavior'	2021-12-17 15:29:31 +00:00
CodeQL CI	39ec7132af	Merge pull request #7049 from asgerf/js/routing-trees Approved by erik-krogh	2021-12-17 12:26:38 +00:00
Asger Feldthaus	8aa4d8227e	JS: Rename RouteHandlerInput->RouteHandlerParameter	2021-12-15 16:32:18 +01:00
Asger Feldthaus	218b746f6f	JS: Rename getAUseSite -> getRouteInstallation	2021-12-15 16:21:41 +01:00
github-actions[bot]	59da2cdf69	Release preparation for version 2.7.4	2021-12-14 21:35:09 +00:00
Dave Bartolomeo	a62f181d42	Move new change notes to appropriate packs	2021-12-14 12:05:15 -05:00
Rasmus Wriedt Larsen	1e45fa9ed4	JS/Py/Ruby: Add more CWEs to bad-tag-filter queries CWE-185: Incorrect Regular Expression The software specifies a regular expression in a way that causes data to be improperly matched or compared. https://cwe.mitre.org/data/definitions/185.html CWE-186: Overly Restrictive Regular Expression > A regular expression is overly restrictive, which prevents dangerous values from being detected. > > (...) [this CWE] is about a regular expression that does not match all > values that are intended. (...) https://cwe.mitre.org/data/definitions/186.html From my understanding, CWE-625: Permissive Regular Expression, is not applicable. (since this is about accepting a regex match where there should not be a match).	2021-12-13 10:23:24 +01:00
Andrew Eisenberg	66c1629974	Merge pull request #7285 from github/post-release-prep-2.7.3-ddd4ccbb Post-release preparation 2.7.3	2021-12-10 09:59:45 -08:00
Asger Feldthaus	23480b2d8f	JS: Remove stray TODO	2021-12-07 10:49:14 +01:00
Asger Feldthaus	5f8ea3965d	JS: Do not flag auth endpoints that are immune to Login CSRF	2021-12-07 10:46:17 +01:00
Asger Feldthaus	66b1612e5e	JS: Treat non-cookie based auth as CSRF preventer	2021-12-07 10:46:17 +01:00
Asger Feldthaus	b73219392b	JS: Improve precision of missing CSRF middleware	2021-12-07 10:46:17 +01:00
Asger Feldthaus	5269933461	JS: Port missing rate limiting query	2021-12-07 10:44:19 +01:00

... 24 25 26 27 28 ...

6335 Commits