hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
725 Commits 1,714 Branches 163 Tags
0882eb7bb3363d5f556a35e4d6cc14a7cf5d1cea
Commit Graph

18 Commits

Author SHA1 Message Date
Asger F
4797924bea JS: review comments 2018-09-21 14:46:21 +01:00
Asger F
5f467d2fc5 JS: recognize CSRF middleware from lusca package 2018-09-21 13:15:40 +01:00
semmle-qlci
89f2dbf8db Merge pull request #195 from esben-semmle/js/reflected-xss-through-filenames 
Approved by asger-semmle
 2018-09-19 12:42:22 +01:00
Esben Sparre Andreasen
bb48421d77 JS: address doc review comments 2018-09-17 11:08:35 +02:00
Esben Sparre Andreasen
33f98dd1a7 JS: add query: js/stored-xss 2018-09-14 15:30:44 +02:00
Esben Sparre Andreasen
81aeda69e1 JS: lower @precision of js/remote-property-injection 2018-09-14 07:37:47 +02:00
Esben Sparre Andreasen
aaf1ac770d JS: reduce declared precision of js/request-forgery 2018-09-09 21:30:43 +02:00
Esben Sparre Andreasen
6e1846b1ca JS: address doc review comments 2018-09-05 09:20:45 +02:00
Esben Sparre Andreasen
89887e7dc8 JS: address review comments 2018-09-05 09:20:45 +02:00
Esben Sparre Andreasen
f5a6af54e6 JS: add security query: js/request-forgery 2018-09-04 09:25:42 +02:00
Max Schaefer
58e384558c JavaScript: Improve query name and help for js/incomplete-sanitization. 
The query applies more generally to all kinds of string escaping and encoding, not just sanitization.
 2018-09-03 08:20:01 +01:00
semmle-qlci
7e7e30c01c Merge pull request #73 from esben-semmle/js/cleartext-logging-query 
Approved by xiemaisi
 2018-08-22 08:04:36 +01:00
Esben Sparre Andreasen
2b9f5c3fa2 JS: remove check for test-environment in js/clear-text-logging 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
6950bfe915 JS: review fixups in documentation and comments 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Julian Tibble
5456ffb64c JS: fix typo in qhelp (parameter type confusion) 2018-08-14 13:07:20 +01:00
Max Schaefer
41da997651 JavaScript: Teach IncompleteSanitization to recognize incomplete URL {en,de}coding. 2018-08-09 12:44:16 +01:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00