hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,192 Commits 1,673 Branches 157 Tags
0d306e6189619a6210c6539af7bf6f4546e81fce
Commit Graph

883 Commits

Author SHA1 Message Date
Jeroen Ketema
17bd9c12d7 JS: Fix qhelp after file rename 2023-04-03 09:25:19 +02:00
Asger F
dec1e4dfd6 Merge pull request #12666 from smiddy007/improve-insufficient-pw-hash-query 
JS: Improve insufficient pw hash query
 2023-03-31 11:58:41 +02:00
Chris Bellanti
6bf94e800b Added check to disabling certificate validation query 2023-03-27 12:16:20 -04:00
smiddy007
cef6b95b15 Fixed Conflicts due to recent changes to file 2023-03-26 22:32:34 -04:00
smiddy007
ad527b8f69 Added new example files and renamed existing ones 2023-03-26 21:53:22 -04:00
Alex Ford
b000b9b5c0 JS: add a missing space in alert message for js/weak-cryptographic-algorithm 2023-03-22 11:12:13 +00:00
Anders Schack-Mulligen
8d97fe9ed3 JavaScript: Autoformat 2023-03-10 09:41:20 +01:00
erik-krogh
393649b7ce don't call environment variables for command-line arguments 2023-02-14 14:27:41 +01:00
erik-krogh
36478124ae add process.env and process.argv etc. as source for js/regex-injection 2023-02-14 14:21:53 +01:00
Kristen Newbury
231110ddca Update javascript/ql/src/Security/CWE-312/CleartextLogging.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-02-02 11:12:44 -05:00
Kristen Newbury
dc5eb40d5f Update JS CleartextLogging qhelp 2023-02-01 16:29:13 -05:00
Mark Vogelgesang
c9119848d9 Updated express-rate-limit example to match implementation examples found on packages README 2023-01-18 14:42:40 -05:00
Tony Torralba
3b6dae41cd JavaScript: Remove omittable exists variables 2023-01-10 13:37:21 +01:00
Erik Krogh Kristensen
cedc9c0bff Merge pull request #11582 from erik-krogh/heuristics 
JS: Add experimental variants of common security queries with more sources
 2023-01-04 10:46:19 +01:00
Calum Grant
ad55706527 Merge branch 'main' into calumgrant/remove-lgtm 2023-01-03 10:27:30 +00:00
Jacques
97b8126385 Fix javascript 2022-12-20 12:45:59 +09:00
Calum Grant
4a37c01c5f JavaScript: Remove references to LGTM 2022-12-19 15:15:17 +00:00
erik-krogh
66be8cda06 remove more of the implementation into ConditionalBypassQuery.qll 2022-12-19 14:37:19 +01:00
erik-krogh
442749bb7f JS: add heuristic variants of queries that use RemoteFlowSource 2022-12-19 12:01:22 +01:00
erik-krogh
35e8d6afd4 move getACommonTld into a utility module without parameters 2022-12-18 17:23:45 +01:00
erik-krogh
26c5480ee6 share {js,rb}/regex/missing-regexp-anchor 2022-12-18 17:23:41 +01:00
erik-krogh
355499ea52 move getACommonTld to the shared pack 2022-12-17 17:26:18 +01:00
erik-krogh
f67d0bc8c0 put the shared HostnameRegexp code in the shared regex pack 2022-12-17 17:26:18 +01:00
Asger F
b63c658e3b JS: recognize tiny-csrf 2022-12-14 12:30:15 +01:00
Asger F
162419138d JS: Replace csurf -> lusca.csrf from example and qhelp 2022-12-14 12:30:15 +01:00
Erik Krogh Kristensen
6b9cab23d4 Merge pull request #11248 from erik-krogh/js-redosMod 
JS: use the shared regex pack
 2022-12-05 14:48:37 +01:00
Matt Rothenberg
95f994a82b Update RequestForgeryBad.js 2022-12-02 14:17:37 +01:00
Matt Rothenberg
7d674e7cdc set base URL 2022-12-02 14:17:17 +01:00
Matt Rothenberg
c49e9e8503 fix: use let for subdomain assignment 2022-12-02 14:07:39 +01:00
Matt Rothenberg
a453405365 Update RequestForgeryBad.js 2022-12-02 14:03:37 +01:00
Matt Rothenberg
2ae0c7e115 Update RequestForgeryGood.js 2022-12-02 14:02:54 +01:00
erik-krogh
6b5cd9abc3 use RegExpTreeView insteaed of RegexTreeView in JS 2022-11-22 12:55:48 +01:00
erik-krogh
e18ceba49e port the JS regex/redos queries to use the shared pack 2022-11-15 17:14:38 +01:00
Erik Krogh Kristensen
1f51bd4594 add dash in description 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-11-03 16:24:59 +01:00
erik-krogh
96ec54e5be fix minor issues in qhelp 2022-11-03 14:01:58 +01:00
erik-krogh
b5666888b1 rewrite @description of second-order-command-injection 2022-11-03 14:00:29 +01:00
erik-krogh
6f3ca40fed expand the explanation to include with arguments make the commands vulnerable 2022-11-01 14:24:23 +01:00
Erik Krogh Kristensen
8fd6424db9 fix the qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2022-11-01 14:05:25 +01:00
erik-krogh
fc2112831c add second-order-command-injection query 2022-10-30 21:20:47 +01:00
Erik Krogh Kristensen
bbdda9ef70 Merge pull request #10727 from erik-krogh/js-last-msg 
JS: fix some more style-guide violations in the alert-messages
 2022-10-27 15:48:12 +02:00
erik-krogh
0f9b4334cc remove some FPs in js/password-in-configuration-file 2022-10-26 11:51:56 +02:00
Erik Krogh Kristensen
71135da7ff Merge pull request #10768 from erik-krogh/fixFileLoops 
JS: fix that js/file-system-race could have FPs related to loops
 2022-10-17 12:01:55 +02:00
Josh Soref
9d6ea28448 spelling: the 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
erik-krogh
7500a31814 fix that js/file-system-race could have FPs related to loops 2022-10-11 13:41:51 +02:00
Josh Soref
cbea5ec40c spelling: executables 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
6db36616cd spelling: arbitrary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
Erik Krogh Kristensen
0720fa75df Merge pull request #10286 from erik-krogh/js-followMsg 
JS: change alert messages of path queries to use the same template
 2022-09-20 16:12:45 +02:00
erik-krogh
fb5a04a71d filter out "file read after existence check" from js/file-system-race 2022-09-19 13:26:10 +02:00