codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
Adrien Pessu	7dfb404fd7	clean examples	2023-06-21 08:11:39 +00:00
Adrien Pessu	e85987bfc5	remove useless phrase	2023-06-21 07:59:24 +00:00
Adrien Pessu	2a2f6de78c	fixed text not in a tag	2023-06-20 17:27:37 +00:00
Adrien Pessu	36cb60c746	Add fixed proposition for NodeJS	2023-06-20 17:22:56 +00:00
Tiago Pascoal	150854603b	Single quote was preventing the shell from expanding the BODY variable While this prevents the attack highlighted in the query help it also prevents it from working. Double quotes will allow the expansion of the variable while still preventing the attack	2023-06-20 11:38:27 +01:00
github-actions[bot]	18b678e69e	Post-release preparation for codeql-cli-2.13.4	2023-06-20 10:20:05 +00:00
Adrien Pessu	eb28266bcb	improv example the help file	2023-06-19 17:00:52 +00:00
Tony Torralba	8f6d2ed2f9	Adjust ZipSlip query description according to review suggestions.	2023-06-19 10:27:41 +02:00
Tony Torralba	3c4d938cf1	Apply code review suggestions. Co-authored-by: Asger F <asgerf@github.com>	2023-06-19 10:20:19 +02:00
Tony Torralba	433fc680ec	Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2023-06-19 10:17:40 +02:00
Tony Torralba	c97868f774	Add change notes	2023-06-16 09:01:02 +02:00
Tony Torralba	3e96fe60c5	Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous	2023-06-16 08:52:44 +02:00
github-actions[bot]	e4be303a23	Release preparation for version 2.13.4	2023-06-08 19:57:37 +00:00
Asger F	76a8e9827e	Merge pull request #13283 from asgerf/js/restrict-regex-search-function JS: Be more conservative about flagging "search" call arguments as regex	2023-06-08 10:50:51 +02:00
Erik Krogh Kristensen	6ba7f9a238	Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp delete old deprecations	2023-06-07 13:00:57 +02:00
Erik Krogh Kristensen	b78cd48954	Merge pull request #13329 from erik-krogh/sqlhelp JS: improve the sql-injection help page	2023-06-06 08:44:44 +02:00
erik-krogh	3cb2ec4e87	fix nits from doc review	2023-06-05 19:06:07 +02:00
erik-krogh	f61b781386	JS: delete effectively empty file	2023-06-02 11:58:09 +02:00
erik-krogh	44b6366586	delete old deprecations	2023-06-02 11:58:08 +02:00
erik-krogh	9aeba4f31e	changes based on review	2023-06-01 17:24:44 +02:00
Erik Krogh Kristensen	96a720cfa0	Merge pull request #13285 from erik-krogh/redoshelp ReDoS: fix whitespace in the samples in ReDoS.qhelp	2023-06-01 15:53:58 +02:00
Asger F	baef99995d	JS: Change note	2023-06-01 14:10:11 +02:00
erik-krogh	1e08105863	less duplicated headers in the sql-injection samples	2023-05-31 18:04:34 +02:00
erik-krogh	98820780af	show how to use mysql.escape in the sql-injection qhelp	2023-05-31 18:04:34 +02:00
erik-krogh	7d801e05ee	add an example of using dollar eq	2023-05-31 18:04:23 +02:00
erik-krogh	e24b45b423	elaborate on both SQL and NoSQL injection in the js/sql-injection qhelp	2023-05-31 09:57:38 +02:00
erik-krogh	b343dcaadd	put string/object in the alert-message for sql-injection	2023-05-31 08:06:04 +02:00
Arthur Baars	490d22d123	Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3	2023-05-30 21:31:28 +02:00
erik-krogh	9f5bf8fb22	also fix the first code-block	2023-05-25 13:56:29 +02:00
erik-krogh	765076bcba	fix whitespace in the samples in ReDoS.qhelp	2023-05-25 13:28:39 +02:00
github-actions[bot]	d2e192020b	Post-release preparation for codeql-cli-2.13.3	2023-05-24 11:26:12 +00:00
Erik Krogh Kristensen	50cb5ea184	Merge pull request #13164 from erik-krogh/polyQhelp ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input	2023-05-23 09:25:15 +02:00
github-actions[bot]	7aa23cf11d	Release preparation for version 2.13.3	2023-05-22 20:47:00 +00:00
erik-krogh	710b309142	apply suggestions from doc review	2023-05-21 22:18:48 +02:00
erik-krogh	10bf17c33e	Merge branch 'main' into polyQhelp	2023-05-21 22:17:06 +02:00
Erik Krogh Kristensen	239234c5d2	fix bad change-note Co-authored-by: Asger F <asgerf@github.com>	2023-05-17 14:47:32 +02:00
erik-krogh	5a82454710	add change-note	2023-05-17 12:02:21 +02:00
erik-krogh	480e71fd69	avoid contractions	2023-05-17 08:42:45 +02:00
erik-krogh	2ebce99eae	add another example of how to fix the prototype pollution issue	2023-05-15 17:24:02 +02:00
erik-krogh	7a338c408e	fix typo, the variable in the example is called `items`	2023-05-15 17:23:40 +02:00
erik-krogh	83ca1495e0	trim the whitespace in the poly-redos examples	2023-05-15 16:47:24 +02:00
erik-krogh	d989359656	add another example to the qhelp in poly-redos, showing how to just limit the length of the input	2023-05-15 16:47:02 +02:00
Asger F	20e8ee8423	Merge pull request #12748 from JarLob/yi JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query	2023-05-15 11:03:00 +02:00
Max Schaefer	5dfe52afd0	Merge pull request #13152 from github/max-schaefer/unsafe-shell-command-construction-examples-sync JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input.	2023-05-12 16:50:25 +01:00
Max Schaefer	2e7eb50319	JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input.	2023-05-12 14:42:11 +01:00
Max Schaefer	a4f6ccf2fc	JavaScript: Use gender-neutral language in qhelp for js/user-controlled-bypass	2023-05-12 14:21:40 +01:00
Kasper Svendsen	7dd9906e95	JS: Enable implicit this receiver warnings	2023-05-12 09:49:14 +02:00
Asger F	c376eeb133	Merge pull request #12978 from asgerf/js/github-actions-sources JS: Add sources and sinks related to GitHub Actions	2023-05-10 09:55:24 +02:00
Jaroslav Lobačevski	5aa71352dc	Update javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp Co-authored-by: Asger F <asgerf@github.com>	2023-05-09 12:23:52 +02:00
Kasper Svendsen	67950c8e6b	JS: Make implicit this receivers explicit	2023-05-03 15:31:00 +02:00

... 9 10 11 12 13 ...

6144 Commits