hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

6144 Commits

Author SHA1 Message Date
amammad
48a9b107b9 add query to detect strapi CVe too 2023-11-24 10:47:17 +01:00
Maiky
4ef4c92e2c Move Customizations and Query 2023-11-23 21:29:09 +01:00
erik-krogh
abb8d65483 Merge branch 'main' into amammad-js-SQLI 2023-11-23 21:17:58 +01:00
amammad
60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
erik-krogh
dd1e71ace9 update the JS change notes to mention security severity instead of just severity 2023-11-23 10:28:22 +01:00
amammad
5cc4206e00 add a temporary Query file to demonstrate unsuccessful usage of two DataFlow configs 2023-11-22 08:30:59 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
Max Schaefer
2c5ce3216e Merge pull request #14846 from github/max-schaefer/js/path-injection 
Update qhelp for js/path-injection.
 2023-11-21 13:50:41 +00:00
Max Schaefer
dfffa1e237 Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-11-21 10:07:11 +00:00
Max Schaefer
d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Henry Mercer
de83929a60 Remove LoC metrics from the analysis summary 2023-11-16 11:36:44 +00:00
Remco Vermeulen
52540b42fc Merge branch 'main' into rvermeulen/javascript-adjust-security-severity 2023-11-14 11:21:38 -08:00
Remco Vermeulen
6bd7047e41 Restore XssThroughDom.ql's severity 2023-11-14 11:20:51 -08:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
amammad
0652afced3 update tests, updated qldoc and examples, upgrade all libraries to path-problem, update jsonwebtoken source and sinks 2023-11-07 08:25:25 +01:00
amammad
faa483a282 move to CWE-347, update comments of tests 2023-11-02 16:24:58 +01:00
amammad
9da815a5c0 move to new CWE-321 directory, make saparate query files for each JWT pkg, create a path query for jsonwebtoken package which is not work correctly 2023-11-02 14:13:52 +01:00
github-actions[bot]
2b939fdf08 Post-release preparation for codeql-cli-2.15.2 2023-10-30 16:06:51 +00:00
github-actions[bot]
4641990021 Release preparation for version 2.15.2 2023-10-30 11:05:53 +00:00
erik-krogh
cf958f0828 lower the severity of js/identity-replacement to medium 2023-10-27 13:54:17 +02:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
Max Schaefer
abef8483bd Merge pull request #14600 from github/max-schaefer/express-rate-limit 
JavaScript: Add support for importing `express-rate-limit` using a named import.
 2023-10-26 15:15:22 +01:00
Max Schaefer
741735cc83 Port changes to JavaScript. 2023-10-26 14:47:24 +01:00
Max Schaefer
bb146a1758 JavaScript: Add support for rateLimit export from express-rate-limit package. 2023-10-26 12:14:57 +01:00
amammad
ee4d87bd96 remove hardcoded JWT secret-key query 2023-10-19 11:57:53 +02:00
github-actions[bot]
8dcd8b9e5b Post-release preparation for codeql-cli-2.15.1 2023-10-17 20:24:00 +00:00
amammad
7891e64d3e add sanitizers to hardcoded query 2023-10-17 10:37:27 +02:00
github-actions[bot]
3b3c036626 Release preparation for version 2.15.1 2023-10-16 17:49:39 +00:00
Asger F
a02ab2ad88 JS: Port heuristic versions of standard queries 2023-10-13 13:15:08 +02:00
Asger F
43be45207d JS: Port meta queries 2023-10-13 13:15:06 +02:00
Asger F
c55300d4b0 JS: Port PolynomialReDoS 2023-10-13 13:15:06 +02:00
Asger F
b8847dbc5d JS: Port Xxe 2023-10-13 13:15:06 +02:00
Asger F
c2d170b4fd JS: Port XpathInjection 2023-10-13 13:15:06 +02:00
Asger F
03f8c0fc5e JS: Port XmlBomb 2023-10-13 13:15:06 +02:00
Asger F
83095535f9 JS: Port UnvalidatedDynamicMethodCall 2023-10-13 13:15:06 +02:00
Asger F
ba9edb4e54 JS: Port UnsafeShellCommandConstruction 2023-10-13 13:15:06 +02:00
Asger F
d08e4504ff JS: Port UnsafeJQueryPlugin 2023-10-13 13:15:06 +02:00
Asger F
6e3f4bd7d8 JS: Port UnsafeHtmlConstruction 2023-10-13 13:15:06 +02:00
Asger F
7f4d42ddcd JS: Port UnsafeDynamicMethodAccess 2023-10-13 13:15:06 +02:00
Asger F
758f42495c JS: Port UnsafeDeserialization 2023-10-13 13:15:05 +02:00
Asger F
32022ccbda JS: Port UnsafeCodeConstruction 2023-10-13 13:15:05 +02:00
Asger F
5af608c937 JS: Port TypeConfusionThroughParameterTampering 2023-10-13 13:15:05 +02:00
Asger F
25962a9ba6 JS: Port TemplateObjectInjection 2023-10-13 13:15:05 +02:00
Asger F
51624c02a2 JS: Port TaintedFormatString 2023-10-13 13:15:05 +02:00
Asger F
63343b1ba4 JS: Port StackTraceExposure 2023-10-13 13:15:05 +02:00
Asger F
d446444667 JS: Port ShellCommandInjectionFromEnvironment 2023-10-13 13:15:05 +02:00
Asger F
06835a800c JS: Port SecondOrderCommandInjection 2023-10-13 13:15:05 +02:00