hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
0463c427a5 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:59 +02:00
Esben Sparre Andreasen
b8229ca362 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:48 +02:00
Esben Sparre Andreasen
e73beccc0b Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:26 +02:00
Esben Sparre Andreasen
2846666f32 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:13 +02:00
Esben Sparre Andreasen
4557af3c30 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:46:58 +02:00
Esben Sparre Andreasen
baaa31665a Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 2020-06-19 09:05:13 +02:00
Alessio Della Libera
eba64dba7c Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:46 +02:00
Alessio Della Libera
c0271b1627 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:38 +02:00
Alessio Della Libera
ffc9a449ab Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:45 +02:00
Alessio Della Libera
e84339d5bf Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:36 +02:00
ubuntu
71a7ec593c Use StringOps to identify functions used for verifing the origin 2020-06-18 19:41:07 +02:00
Alessio Della Libera
cc91026873 Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-06-18 19:31:11 +02:00
Alessio Della Libera
b4f255176a Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.help 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-06-18 19:29:34 +02:00
Erik Krogh Kristensen
7d6dac479c Merge branch 'js-team-sprint' into https-fix 2020-06-18 16:53:01 +02:00
Erik Krogh Kristensen
dcf617b235 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen
6b0adf18d1 rewrite sentence in private-file-exposure qhelp 2020-06-18 16:51:15 +02:00
Erik Krogh Kristensen
1556b62007 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-18 16:40:53 +02:00
Erik Krogh Kristensen
9ba2c98ec0 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-18 16:38:52 +02:00
Esben Sparre Andreasen
ab01dda559 JS: another qhelp fixup 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
c9f60d4c97 JS: add lodash sinks for js/resource-exhaustion 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
96160a6334 JS: fixup qhelp 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
3f67e90374 JS: rename query, support timeouts, add documentation, add to suite 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
d9d8eb4805 JS: avoid type inference in the taint steps (just a nice to have) 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
fa4e8914e6 JS: fixups 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
7b97fd07a8 JS: add query js/memory-exhaustion 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
5e31f3a34e JS: polish js/disabling-certificate-validation 2020-06-18 09:07:08 +02:00
ubuntu
41c029567f Add CodeQL query to detect Log Injection in JS code 2020-06-17 21:16:24 +02:00
Erik Krogh Kristensen
27a20b263e Merge branch 'https-fix' of github.com:erik-krogh/ql into https-fix 2020-06-17 21:06:21 +02:00
Erik Krogh Kristensen
7a1c161e9e Merge branch 'js-team-sprint' into https-fix 2020-06-17 21:04:44 +02:00
Erik Krogh Kristensen
218338b4f1 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-17 21:04:00 +02:00
Erik Krogh Kristensen
73f26956a6 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-17 21:03:09 +02:00
Erik Krogh Kristensen
bdda587247 Merge branch 'js-team-sprint' into build-leaks 2020-06-17 19:51:30 +02:00
ubuntu
c490cfdfa5 Create another branch 2020-06-17 19:51:14 +02:00
ubuntu
4ccfdef71d Add CodeQL query to detect Log Injection in JS code 2020-06-17 19:44:58 +02:00
Erik Krogh Kristensen
a465fef7aa shorten sentence in qhelp 2020-06-17 17:24:18 +02:00
Erik Krogh Kristensen
abd9aab109 code-injection -> code injection 2020-06-17 17:20:46 +02:00
Erik Krogh Kristensen
45e2b94eb5 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-17 17:19:44 +02:00
Erik Krogh Kristensen
69888f90c6 add dot after bullet-point 2020-06-17 17:15:39 +02:00
Erik Krogh Kristensen
cd111fe350 Merge pull request #3721 from asger-semmle/js/non-linear-pattern-msg 
JS: Improve alert message in js/non-linear-pattern
 2020-06-17 13:10:56 +02:00
Erik Krogh Kristensen
b0be0eb805 fix qhelp links 2020-06-17 11:50:44 +02:00
Erik Krogh Kristensen
fa0a8c3423 add documentation examples as tests 2020-06-17 11:37:32 +02:00
Erik Krogh Kristensen
b42824640d add qhelp for js/exposure-of-private-files 2020-06-17 11:29:24 +02:00
ubuntu
22cb45beab Merge remote-tracking branch 'upstream/master' 2020-06-17 11:13:13 +02:00
Erik Krogh Kristensen
639907967f add home/rootdir as leaking folders 2020-06-17 10:46:42 +02:00
Erik Krogh Kristensen
6675ddae12 add more libraries that serve static files to js/exposure-of-private-files 2020-06-17 10:00:59 +02:00
Erik Krogh Kristensen
fb5e13b456 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-16 23:45:45 +02:00
Erik Krogh Kristensen
d811518a2e fixed from doc review, and add fixed example for js/biased-cryptographic-random using a secure library 2020-06-16 23:26:54 +02:00
Erik Krogh Kristensen
210e71cd93 update expected output 2020-06-16 21:52:59 +02:00
ubuntu
3104f8a37b Remove Fields in PostMessageEvent 2020-06-16 18:30:00 +02:00
Alessio Della Libera
68b2a6c848 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:27:21 +02:00