hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,711 Commits 1,673 Branches 157 Tags
0fe0d067e91a0146f55e1b271ec1ecd7a05725fc
Commit Graph

504 Commits

Author SHA1 Message Date
CodeQL CI
da58306f2d Merge pull request #4506 from asgerf/js/separate-jquery-config 
Approved by esbena
 2020-10-21 03:13:42 -07:00
Erik Krogh Kristensen
e061c6a006 add support for more custom CSRF checking middlewares 2020-10-20 15:16:14 +02:00
Asger Feldthaus
c91cdb5194 JS: Address review comments 2020-10-20 12:00:02 +01:00
Asger Feldthaus
50a015c73e JS: Move $() sink into separate dataflow config 2020-10-20 10:52:33 +01:00
Erik Krogh Kristensen
ce95676130 add express.csrf as an CSRF protecting middleware 2020-10-19 15:39:02 +02:00
Erik Krogh Kristensen
27a2cd310d inline value in nodeLeadingToCsrfWrite 2020-10-16 14:21:49 +02:00
Erik Krogh Kristensen
017c73dce3 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-16 14:20:40 +02:00
Erik Krogh Kristensen
4d1a9740f0 add support for home made CSRF protection middlewares in js/missing-token-validation 2020-10-15 14:50:59 +02:00
CodeQL CI
339c0721c5 Merge pull request #4344 from esbena/js/fixup-cwe-20-to-cwe-020 
Approved by erik-krogh
 2020-10-05 12:30:53 -07:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Erik Krogh Kristensen
e04404b713 also recognize cookie writes are leading to cookie access 2020-09-28 21:17:25 +02:00
Esben Sparre Andreasen
ba0a2e1665 JS: tag consistency: replace cwe-20 with cwe-020 2020-09-25 10:28:05 +02:00
CodeQL CI
9a306866c5 Merge pull request #4282 from erik-krogh/es2021 
Approved by esbena
 2020-09-22 05:34:35 -07:00
Erik Krogh Kristensen
b09015380a add support for String.prototype.replaceAll 2020-09-21 10:50:04 +02:00
Erik Krogh Kristensen
ae228cb5b2 move new predicates to a more fitting location 2020-09-20 22:15:03 +02:00
Erik Krogh Kristensen
43e5c0212c add basic support for indirect route handlers 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
6fccf5aa70 use isLikelyIntentionalHtmlSink in the sink instead of in the where clause 2020-09-04 09:26:03 +02:00
Esben Sparre Andreasen
d27442e846 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-26 20:18:54 +02:00
Esben Sparre Andreasen
89305865d0 JS: make sanitization a "common" technique rather than "important" 2020-08-26 15:41:54 +02:00
Erik Krogh Kristensen
15a74493e0 more permissive path elements in js/incomplete-url-substring-sanitization 2020-08-13 11:46:13 +02:00
Erik Krogh Kristensen
1d111c3e1f expand what urls are detected by js/incomplete-url-substring-sanitization 2020-08-12 14:25:35 +02:00
Erik Krogh Kristensen
cc5ef4d5e1 rename JsonSerializeCall to JsonStringifyCall 2020-08-05 13:22:41 +02:00
Erik Krogh Kristensen
5a3f67a682 introduce model for JSON.stringify and similar libraries 2020-08-05 12:14:51 +02:00
semmle-qlci
13c3513d76 Merge pull request #3905 from erik-krogh/unsafeShellTypo 
Approved by esbena
 2020-07-06 11:41:56 +01:00
Erik Krogh Kristensen
8585312271 fix typo in js/shell-command-constructed-from-input 2020-07-06 10:33:49 +02:00
Esben Sparre Andreasen
80981ec8f5 Update UnsafeHtmlExpansion-transformed.html 2020-06-30 12:01:02 +02:00
Erik Krogh Kristensen
3f8881a334 don't report insecure randomness when the insecure random is just a fallback 2020-06-23 15:53:19 +02:00
semmle-qlci
0d61443915 Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing 
Approved by erik-krogh
 2020-06-23 13:01:41 +01:00
Asger F
ca06f6dfb4 Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-23 00:16:02 +01:00
Asger F
7d54b02fb9 Merge branch 'js-team-sprint' into js/delay-slow-query-merge 2020-06-22 16:34:49 +01:00
Esben Sparre Andreasen
9a0bbb31f4 Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" 
This reverts commit eca5e2df8a, reversing
changes made to 1548eca994.
 2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen
0a8d15ccc4 Revert "Merge pull request #3672 from esbena/js/server-crashing-route-handler" 
This reverts commit 243e3ad9e3, reversing
changes made to df79f2adc5.
 2020-06-22 14:45:35 +02:00
Esben Sparre Andreasen
3be094ea5b JS: polish js/incomplete-html-attribute-sanitization 2020-06-22 14:35:00 +02:00
Asger F
56124b68a3 Update javascript/ql/src/Security/CWE-079/ExceptionXss.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 12:54:19 +01:00
Asger Feldthaus
1edb2a1892 JS: Rephrase XSS queries that use exception/dom text as source 2020-06-22 10:44:46 +01:00
Esben Sparre Andreasen
0654823b97 Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen
f1dad0d6e0 Update DisablingCertificateValidation.qhelp 2020-06-22 11:24:33 +02:00
Esben Sparre Andreasen
3e898487e8 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-22 11:23:40 +02:00
Asger F
eca5e2df8a Merge pull request #3702 from esbena/js/memory-exhaustion 
JS: add query js/memory-exhaustion
 2020-06-19 20:35:57 +01:00
Erik Krogh Kristensen
0f5ef2c02a Merge branch 'js-team-sprint' into https-fix 2020-06-19 14:57:44 +02:00
Erik Krogh Kristensen
a17d152ca4 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-19 13:19:10 +02:00
Esben Sparre Andreasen
457588e893 JS: mention MITM 2020-06-19 11:59:12 +02:00
Esben Sparre Andreasen
0463c427a5 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:59 +02:00
Esben Sparre Andreasen
b8229ca362 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:48 +02:00
Esben Sparre Andreasen
e73beccc0b Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:26 +02:00
Esben Sparre Andreasen
2846666f32 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:13 +02:00
Esben Sparre Andreasen
4557af3c30 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:46:58 +02:00
Erik Krogh Kristensen
7d6dac479c Merge branch 'js-team-sprint' into https-fix 2020-06-18 16:53:01 +02:00
Erik Krogh Kristensen
dcf617b235 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen
6b0adf18d1 rewrite sentence in private-file-exposure qhelp 2020-06-18 16:51:15 +02:00