hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,672 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

3856 Commits

Author SHA1 Message Date
Alessio Della Libera
a759905a5c Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-22 20:37:38 +02:00
toufik-airane
364f0ca734 rewrite description 2020-06-22 20:11:58 +02:00
toufik-airane
ac8991b192 remove JWTMissingSecretOrPublicKeyVerification.qll 2020-06-22 20:09:48 +02:00
toufik-airane
d9ecb7d762 rewrite help 2020-06-22 20:06:17 +02:00
toufik-airane
d65b7be32b rewrite help 2020-06-22 20:00:52 +02:00
Toufik Airane
bb7ba50e23 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 19:27:36 +02:00
Asger F
7d54b02fb9 Merge branch 'js-team-sprint' into js/delay-slow-query-merge 2020-06-22 16:34:49 +01:00
Asger Feldthaus
5cd2c7cdb2 JS: Reduce precision of js/unused-npm-dependency 2020-06-22 15:25:24 +01:00
Esben Sparre Andreasen
9a0bbb31f4 Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" 
This reverts commit eca5e2df8a, reversing
changes made to 1548eca994.
 2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen
0a8d15ccc4 Revert "Merge pull request #3672 from esbena/js/server-crashing-route-handler" 
This reverts commit 243e3ad9e3, reversing
changes made to df79f2adc5.
 2020-06-22 14:45:35 +02:00
Esben Sparre Andreasen
3be094ea5b JS: polish js/incomplete-html-attribute-sanitization 2020-06-22 14:35:00 +02:00
semmle-qlci
7a5aae7432 Merge pull request #3630 from erik-krogh/DevServer 
Approved by asgerf
 2020-06-22 12:59:13 +01:00
Asger F
56124b68a3 Update javascript/ql/src/Security/CWE-079/ExceptionXss.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 12:54:19 +01:00
toufik-airane
4853b8a281 Try to finish the PR 
- Add help documentation
- Empty qll file
- rename examples
 2020-06-22 13:26:13 +02:00
Asger Feldthaus
1edb2a1892 JS: Rephrase XSS queries that use exception/dom text as source 2020-06-22 10:44:46 +01:00
Esben Sparre Andreasen
0654823b97 Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen
f1dad0d6e0 Update DisablingCertificateValidation.qhelp 2020-06-22 11:24:33 +02:00
Esben Sparre Andreasen
3e898487e8 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-22 11:23:40 +02:00
Erik Krogh Kristensen
8d1b080d78 limit size of getStringValue 2020-06-22 10:29:53 +02:00
toufik-airane
7166d5422e add test file for CWE-347 
Add a test file for CWE-347.
The HS256 algorithm is safe, but the none algorithm is unsafe.
 2020-06-20 17:10:35 +02:00
toufik-airane
8a2a33459a Merge branch 'master' of github.com:toufik-airane/codeql 2020-06-20 16:56:27 +02:00
toufik-airane
b0aaca0e1c JWT Missing Secret Or Public Key Verification 
Add an experimental CodeQL query.
 2020-06-20 16:54:41 +02:00
Asger F
eca5e2df8a Merge pull request #3702 from esbena/js/memory-exhaustion 
JS: add query js/memory-exhaustion
 2020-06-19 20:35:57 +01:00
Erik Krogh Kristensen
0f5ef2c02a Merge branch 'js-team-sprint' into https-fix 2020-06-19 14:57:44 +02:00
Erik Krogh Kristensen
c860151e8d recognize instances of express from webpack-dev-server 2020-06-19 14:15:25 +02:00
Erik Krogh Kristensen
11cc97d286 add basic support for importing from neighbouring packages 2020-06-19 14:15:10 +02:00
Erik Krogh Kristensen
a17d152ca4 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-19 13:19:10 +02:00
Esben Sparre Andreasen
457588e893 JS: mention MITM 2020-06-19 11:59:12 +02:00
Esben Sparre Andreasen
4126d5b59e Merge pull request #3646 from dellalibera/master 
[javascript] CodeQL query to detect missing origin validation in cross-origin communication via postMessage
 2020-06-19 11:43:57 +02:00
Esben Sparre Andreasen
0463c427a5 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:59 +02:00
Esben Sparre Andreasen
b8229ca362 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:48 +02:00
Esben Sparre Andreasen
e73beccc0b Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:26 +02:00
Esben Sparre Andreasen
2846666f32 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:13 +02:00
Esben Sparre Andreasen
4557af3c30 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:46:58 +02:00
Esben Sparre Andreasen
baaa31665a Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 2020-06-19 09:05:13 +02:00
Alessio Della Libera
eba64dba7c Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:46 +02:00
Alessio Della Libera
c0271b1627 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:38 +02:00
Alessio Della Libera
ffc9a449ab Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:45 +02:00
Alessio Della Libera
e84339d5bf Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:36 +02:00
ubuntu
71a7ec593c Use StringOps to identify functions used for verifing the origin 2020-06-18 19:41:07 +02:00
Alessio Della Libera
cc91026873 Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-06-18 19:31:11 +02:00
Alessio Della Libera
b4f255176a Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.help 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-06-18 19:29:34 +02:00
Erik Krogh Kristensen
7d6dac479c Merge branch 'js-team-sprint' into https-fix 2020-06-18 16:53:01 +02:00
Erik Krogh Kristensen
dcf617b235 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen
6b0adf18d1 rewrite sentence in private-file-exposure qhelp 2020-06-18 16:51:15 +02:00
Erik Krogh Kristensen
1556b62007 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-18 16:40:53 +02:00
Erik Krogh Kristensen
9ba2c98ec0 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-18 16:38:52 +02:00
Esben Sparre Andreasen
ab01dda559 JS: another qhelp fixup 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
c9f60d4c97 JS: add lodash sinks for js/resource-exhaustion 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
96160a6334 JS: fixup qhelp 2020-06-18 13:01:02 +02:00