hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 22:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
67,176 Commits 1,673 Branches 157 Tags
175f0dbb005bee3bdf81796ad20da86c20358e57
Commit Graph

1524 Commits

Author SHA1 Message Date
Asger F
499c4df79b Merge pull request #13554 from am0o0/amammad-js-bombs 
JS: Decompression Bombs
 2024-05-16 13:25:41 +02:00
erik-krogh
39a8b49222 add qhelp recommendation that you can use an obvious placeholder value 2024-05-03 19:37:31 +02:00
erik-krogh
b209fc67cb test the change to hardcoded-credentials 2024-05-03 19:34:18 +02:00
erik-krogh
129286aa1c allow more flow through .filter() 2024-03-13 12:03:00 +01:00
erik-krogh
bf22f4a870 update expected output 2024-02-22 13:21:11 +01:00
erik-krogh
396da117bb remove an FP in overly-large-range for [@-Z] 2024-01-25 14:15:06 +01:00
GitHub Security Lab
df10a7e7f0 Merge branch 'main' into amammad-js-bombs 2024-01-25 11:23:38 +01:00
erik-krogh
1a8a70dc1b mark the range [0-?] as good in the overly-large-range query 2024-01-17 13:11:57 +01:00
erik-krogh
a9f2b3fad6 promote PropsTaintStep to a PreCallGraphStep 2024-01-04 10:45:22 +01:00
Max Schaefer
dfffa1e237 Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-11-21 10:07:11 +00:00
Max Schaefer
d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
Max Schaefer
741735cc83 Port changes to JavaScript. 2023-10-26 14:47:24 +01:00
Max Schaefer
2c7291336d Move test files into right directory. 2023-10-26 12:16:52 +01:00
Max Schaefer
bb146a1758 JavaScript: Add support for rateLimit export from express-rate-limit package. 2023-10-26 12:14:57 +01:00
amammad
6f73e9c3ba revert for in additional steps 2023-10-10 22:12:37 +02:00
amammad
aff6f00450 comments improvement,separate module file, fix tests 2023-10-07 12:02:39 +02:00
amammad
5a49f6bb9b fix tests 2023-10-06 22:10:57 +02:00
Max Schaefer
e722e3288f Merge pull request #13771 from github/max-schaefer/server-side-url-redirect-help 
JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.
 2023-09-13 13:20:48 +01:00
Max Schaefer
a9e81672f0 Make suggestion to replace example.com more explicit. 2023-09-12 16:54:05 +01:00
Max Schaefer
a02f373e79 Use better sanitiser. 2023-09-06 14:06:16 +01:00
Max Schaefer
87364137df Use more sensible validator in example. 2023-08-21 15:14:01 +01:00
erik-krogh
0bce42410a support arbitrary codepoints in NfaUtils.qll 2023-08-08 22:14:51 +02:00
erik-krogh
92db7b047c escape unicode chars in the output for the ReDoS queries 2023-08-08 00:15:54 +02:00
Max Schaefer
7823ff968c JavaScript: Improve query help for js/server-side-unvalidated-url-redirection. 2023-07-19 13:23:25 +01:00
Asger F
d57276ca35 Merge pull request #13719 from asgerf/js/barrier-inout 
JS: Replace barrier edges with barrier nodes
 2023-07-13 16:36:52 +02:00
Asger F
944a2ca825 JS: Replace ClearTextLogging::isSanitizerEdge with a node 2023-07-11 14:20:17 +02:00
Asger F
27085b1fd0 JS: Fix whitespace 2023-07-10 12:07:13 +02:00
Asger F
fe90146a16 JS: Add test for path.join with spread argument 2023-07-10 12:07:07 +02:00
Asger F
06bc0f6957 JS: Add test for fs/promises 2023-07-10 12:05:03 +02:00
Erik Krogh Kristensen
b2a60bf3d1 Merge pull request #13642 from erik-krogh/san-script 
JS/RB: Fix FP in incomplete-multi-character-sanitization
 2023-07-06 15:38:39 +02:00
erik-krogh
f9eee906cf fix FP by requiring that the regular expression mention on of the chars important in the prefix 2023-07-01 20:30:09 +02:00
erik-krogh
bd400be6ec add FP for incomplete-multi-char-sanitization 2023-07-01 20:28:31 +02:00
jorgectf
2ac334bf15 Adapt Webix modeling to support HTML use-cases 2023-06-28 15:26:30 +02:00
amammad
c7a7594821 merge all ql files into one 2023-06-27 01:56:23 +10:00
jorgectf
1e663b8889 Update HeuristicSourceCodeInjection.expected 2023-06-26 13:32:20 +02:00
Jorge
08b9a5e2b2 Add missing ; 2023-06-23 23:10:06 +02:00
Jorge
3c980db93a Format webix.js 2023-06-23 18:08:01 +02:00
Kevin Stubbings
3605269e13 Add webix copy function 2023-06-22 22:16:28 -07:00
amammad
307187f6c1 V1 2023-06-23 06:06:37 +10:00
jorgectf
6947e99c15 Add models for webix 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-06-22 01:07:33 +02:00
erik-krogh
3fd9f26b52 use consistent indentation in mongoose.js 2023-06-12 16:40:42 +02:00
erik-krogh
cd6f738f72 add mongoose.Types.ObjectId.isValid as a sanitizer-guard for NoSQL injection 2023-06-12 16:38:11 +02:00
Asger F
76a8e9827e Merge pull request #13283 from asgerf/js/restrict-regex-search-function 
JS: Be more conservative about flagging "search" call arguments as regex
 2023-06-08 10:50:51 +02:00
Erik Krogh Kristensen
b78cd48954 Merge pull request #13329 from erik-krogh/sqlhelp 
JS: improve the sql-injection help page
 2023-06-06 08:44:44 +02:00
erik-krogh
b343dcaadd put string/object in the alert-message for sql-injection 2023-05-31 08:06:04 +02:00
Asger F
9df9ca2916 JS: Update test and expectations for MissingRegExpAnchor 2023-05-26 14:07:34 +02:00
Asger F
40daa9c906 JS: Update RegExpInjection test and expectations 2023-05-26 14:05:36 +02:00
erik-krogh
f7419c9250 add expected output 2023-05-23 09:56:06 +02:00