hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
semmle-qlci
696d19cb14 Merge pull request #3773 from erik-krogh/guardedCrypto 
Approved by asgerf
 2020-06-24 13:04:04 +01:00
semmle-qlci
a723ac0d8e Merge pull request #3767 from esbena/js/console-member-calls 
Approved by erik-krogh
 2020-06-24 08:03:49 +01:00
Asger Feldthaus
d15c98d18c JS: Add more metrics 2020-06-24 08:03:24 +01:00
Asger Feldthaus
63d48bfe5c JS: Move IgnoredFile to MetaMetrics 2020-06-23 17:08:09 +01:00
Asger Feldthaus
35bdb4127e JS: Add TypedExprs metric 2020-06-23 17:05:58 +01:00
Erik Krogh Kristensen
3f8881a334 don't report insecure randomness when the insecure random is just a fallback 2020-06-23 15:53:19 +02:00
semmle-qlci
0d61443915 Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing 
Approved by erik-krogh
 2020-06-23 13:01:41 +01:00
Asger F
552b7ad3ca Merge pull request #3765 from asger-semmle/js-team-sprint-merge2 
JS: Merge js-team-sprint
 2020-06-23 12:58:27 +01:00
semmle-qlci
a5a3573a3e Merge pull request #3757 from asger-semmle/js/unused-npm-dependencies 
Approved by erik-krogh
 2020-06-23 12:56:45 +01:00
Asger Feldthaus
4f67cc269b JS: Reduce ExpansiveTypes test 2020-06-23 11:44:07 +01:00
Asger Feldthaus
234f968294 JS: Deprecate property lookup on types 2020-06-23 11:42:28 +01:00
Toufik Airane
27f91b36b0 Update javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-23 12:28:21 +02:00
toufik-airane
37f44d98ce fix minor issues 2020-06-23 12:28:03 +02:00
Esben Sparre Andreasen
2d32ee7448 JS: support member calls of console 2020-06-23 10:46:01 +02:00
Asger Feldthaus
b4f75ef414 Merge branch 'master' into js-team-sprint-merge2 2020-06-23 00:18:09 +01:00
Asger F
ca06f6dfb4 Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-23 00:16:02 +01:00
toufik-airane
f7cbc8a8d4 Enhance query ouput 
- add valuable text to assess the query results
- add an example of the output
 2020-06-22 22:34:06 +02:00
toufik-airane
0f8879716f rewrite description 2020-06-22 21:57:58 +02:00
Alessio Della Libera
a759905a5c Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-22 20:37:38 +02:00
toufik-airane
364f0ca734 rewrite description 2020-06-22 20:11:58 +02:00
toufik-airane
ac8991b192 remove JWTMissingSecretOrPublicKeyVerification.qll 2020-06-22 20:09:48 +02:00
toufik-airane
d9ecb7d762 rewrite help 2020-06-22 20:06:17 +02:00
toufik-airane
d65b7be32b rewrite help 2020-06-22 20:00:52 +02:00
Toufik Airane
bb7ba50e23 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 19:27:36 +02:00
Asger Feldthaus
1efd71a681 JS: Sort security suite 2020-06-22 16:40:55 +01:00
Asger Feldthaus
8cc41a0c84 JS: Add new queries to security suite 2020-06-22 16:40:19 +01:00
Asger F
7d54b02fb9 Merge branch 'js-team-sprint' into js/delay-slow-query-merge 2020-06-22 16:34:49 +01:00
Asger Feldthaus
5cd2c7cdb2 JS: Reduce precision of js/unused-npm-dependency 2020-06-22 15:25:24 +01:00
Esben Sparre Andreasen
9a0bbb31f4 Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" 
This reverts commit eca5e2df8a, reversing
changes made to 1548eca994.
 2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen
0a8d15ccc4 Revert "Merge pull request #3672 from esbena/js/server-crashing-route-handler" 
This reverts commit 243e3ad9e3, reversing
changes made to df79f2adc5.
 2020-06-22 14:45:35 +02:00
Esben Sparre Andreasen
3be094ea5b JS: polish js/incomplete-html-attribute-sanitization 2020-06-22 14:35:00 +02:00
semmle-qlci
7a5aae7432 Merge pull request #3630 from erik-krogh/DevServer 
Approved by asgerf
 2020-06-22 12:59:13 +01:00
Asger F
56124b68a3 Update javascript/ql/src/Security/CWE-079/ExceptionXss.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 12:54:19 +01:00
toufik-airane
4853b8a281 Try to finish the PR 
- Add help documentation
- Empty qll file
- rename examples
 2020-06-22 13:26:13 +02:00
Asger Feldthaus
1edb2a1892 JS: Rephrase XSS queries that use exception/dom text as source 2020-06-22 10:44:46 +01:00
Esben Sparre Andreasen
0654823b97 Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen
f1dad0d6e0 Update DisablingCertificateValidation.qhelp 2020-06-22 11:24:33 +02:00
Esben Sparre Andreasen
3e898487e8 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-22 11:23:40 +02:00
Erik Krogh Kristensen
8d1b080d78 limit size of getStringValue 2020-06-22 10:29:53 +02:00
toufik-airane
7166d5422e add test file for CWE-347 
Add a test file for CWE-347.
The HS256 algorithm is safe, but the none algorithm is unsafe.
 2020-06-20 17:10:35 +02:00
toufik-airane
8a2a33459a Merge branch 'master' of github.com:toufik-airane/codeql 2020-06-20 16:56:27 +02:00
toufik-airane
b0aaca0e1c JWT Missing Secret Or Public Key Verification 
Add an experimental CodeQL query.
 2020-06-20 16:54:41 +02:00
Asger F
eca5e2df8a Merge pull request #3702 from esbena/js/memory-exhaustion 
JS: add query js/memory-exhaustion
 2020-06-19 20:35:57 +01:00
Erik Krogh Kristensen
0f5ef2c02a Merge branch 'js-team-sprint' into https-fix 2020-06-19 14:57:44 +02:00
Erik Krogh Kristensen
0ee3f4977c add test of webpack-dev-server and monorepo import 2020-06-19 14:15:46 +02:00
Erik Krogh Kristensen
c860151e8d recognize instances of express from webpack-dev-server 2020-06-19 14:15:25 +02:00
Erik Krogh Kristensen
11cc97d286 add basic support for importing from neighbouring packages 2020-06-19 14:15:10 +02:00
Erik Krogh Kristensen
a17d152ca4 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-19 13:19:10 +02:00
Esben Sparre Andreasen
457588e893 JS: mention MITM 2020-06-19 11:59:12 +02:00
Esben Sparre Andreasen
4126d5b59e Merge pull request #3646 from dellalibera/master 
[javascript] CodeQL query to detect missing origin validation in cross-origin communication via postMessage
 2020-06-19 11:43:57 +02:00