hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,672 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

3856 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
3f67e90374 JS: rename query, support timeouts, add documentation, add to suite 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
d9d8eb4805 JS: avoid type inference in the taint steps (just a nice to have) 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
fa4e8914e6 JS: fixups 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
7b97fd07a8 JS: add query js/memory-exhaustion 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
5e31f3a34e JS: polish js/disabling-certificate-validation 2020-06-18 09:07:08 +02:00
ubuntu
41c029567f Add CodeQL query to detect Log Injection in JS code 2020-06-17 21:16:24 +02:00
Erik Krogh Kristensen
27a20b263e Merge branch 'https-fix' of github.com:erik-krogh/ql into https-fix 2020-06-17 21:06:21 +02:00
Erik Krogh Kristensen
7a1c161e9e Merge branch 'js-team-sprint' into https-fix 2020-06-17 21:04:44 +02:00
Erik Krogh Kristensen
218338b4f1 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-17 21:04:00 +02:00
Erik Krogh Kristensen
73f26956a6 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-17 21:03:09 +02:00
Erik Krogh Kristensen
bdda587247 Merge branch 'js-team-sprint' into build-leaks 2020-06-17 19:51:30 +02:00
ubuntu
c490cfdfa5 Create another branch 2020-06-17 19:51:14 +02:00
ubuntu
4ccfdef71d Add CodeQL query to detect Log Injection in JS code 2020-06-17 19:44:58 +02:00
Erik Krogh Kristensen
a465fef7aa shorten sentence in qhelp 2020-06-17 17:24:18 +02:00
Erik Krogh Kristensen
abd9aab109 code-injection -> code injection 2020-06-17 17:20:46 +02:00
Erik Krogh Kristensen
45e2b94eb5 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-17 17:19:44 +02:00
Erik Krogh Kristensen
69888f90c6 add dot after bullet-point 2020-06-17 17:15:39 +02:00
Erik Krogh Kristensen
cd111fe350 Merge pull request #3721 from asger-semmle/js/non-linear-pattern-msg 
JS: Improve alert message in js/non-linear-pattern
 2020-06-17 13:10:56 +02:00
Erik Krogh Kristensen
b0be0eb805 fix qhelp links 2020-06-17 11:50:44 +02:00
Erik Krogh Kristensen
b42824640d add qhelp for js/exposure-of-private-files 2020-06-17 11:29:24 +02:00
ubuntu
22cb45beab Merge remote-tracking branch 'upstream/master' 2020-06-17 11:13:13 +02:00
Erik Krogh Kristensen
639907967f add home/rootdir as leaking folders 2020-06-17 10:46:42 +02:00
Erik Krogh Kristensen
6675ddae12 add more libraries that serve static files to js/exposure-of-private-files 2020-06-17 10:00:59 +02:00
Erik Krogh Kristensen
fb5e13b456 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-16 23:45:45 +02:00
Erik Krogh Kristensen
d811518a2e fixed from doc review, and add fixed example for js/biased-cryptographic-random using a secure library 2020-06-16 23:26:54 +02:00
ubuntu
3104f8a37b Remove Fields in PostMessageEvent 2020-06-16 18:30:00 +02:00
Alessio Della Libera
68b2a6c848 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:27:21 +02:00
Alessio Della Libera
8843522d14 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:26:42 +02:00
Alessio Della Libera
72dc6510b2 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:22:55 +02:00
Erik Krogh Kristensen
5ce17bea60 add qhelp for js/bad-code-sanitization 2020-06-16 16:23:41 +02:00
Erik Krogh Kristensen
a0951f76b6 add additional taint steps when type-tracking RemoteFlowSource 2020-06-16 14:55:07 +02:00
semmle-qlci
07bff646d8 Merge pull request #3641 from asger-semmle/js/pre-call-graph-steps 
Approved by erik-krogh
 2020-06-16 13:41:55 +01:00
Erik Krogh Kristensen
696879653a add qhelp to js/biased-cryptographic-random 2020-06-16 11:10:09 +02:00
Erik Krogh Kristensen
5e060fa6a8 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-15 23:47:40 +02:00
Erik Krogh Kristensen
315faaffee small corrections in documentation 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-15 23:40:27 +02:00
Asger Feldthaus
23d28967a7 JS: Autoformat 2020-06-15 20:40:17 +01:00
Asger Feldthaus
824054ba62 JS: Change note and updated help 2020-06-15 17:34:36 +01:00
Asger Feldthaus
7091a9f704 JS: Special-case alert message for type annotations 2020-06-15 17:17:47 +01:00
Asger Feldthaus
c8ab69af11 JS: Avoid duplicate alerts 2020-06-15 16:57:54 +01:00
Erik Krogh Kristensen
3ef5dc74a1 add backtracking to find division that end up being rounded 2020-06-15 17:10:10 +02:00
Erik Krogh Kristensen
e8db624e74 add .jar and .war to the list of sensitive files for js/insecure-download 2020-06-15 16:48:07 +02:00
semmle-qlci
3728e1afd3 Merge pull request #3715 from asger-semmle/js/returned-functions 
Approved by erik-krogh, esbena
 2020-06-15 15:32:54 +01:00
Erik Krogh Kristensen
d2716c532c qhelp 2020-06-15 14:59:48 +02:00
semmle-qlci
57c8dd85a4 Merge pull request #2801 from esbena/js/bulky-route-handler-registration 
Approved by asgerf
 2020-06-15 13:06:22 +01:00
Erik Krogh Kristensen
fe9aa241a1 add qhelp 2020-06-15 13:47:39 +02:00
Erik Krogh Kristensen
4d1920eec1 add .js and .py files to js/insecure-download 2020-06-15 12:48:50 +02:00
Asger Feldthaus
4b3faabcc8 JS: Autoformat 2020-06-15 11:16:55 +01:00
semmle-qlci
b6b838774e Merge pull request #3704 from asger-semmle/js/cve-serve 
Approved by esbena
 2020-06-15 09:54:17 +01:00
Asger Feldthaus
c7f74e47e2 JS: Autoformat 2020-06-15 09:51:42 +01:00
Asger F
d844e0025a Merge pull request #3651 from esbena/js/bad-multicharacter-sanitization 
JS: initial version of IncompleteMultiCharacterSanitization.ql
 2020-06-12 16:25:22 +01:00