codeql

mirror of https://github.com/github/codeql.git synced 2026-01-08 12:10:22 +01:00

Author	SHA1	Message	Date
Alessio Della Libera	1ba39e4130	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:34:19 +02:00
Alessio Della Libera	05ffd672d7	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:33:38 +02:00
Alessio Della Libera	ab20beba56	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:32:51 +02:00
Alessio Della Libera	bfef84e1b5	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:32:05 +02:00
Alessio Della Libera	a2e9456450	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:31:21 +02:00
Alessio Della Libera	14c8e4ce76	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:30:45 +02:00
Alessio Della Libera	275b8dfda2	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:29:36 +02:00
Alessio Della Libera	9292e3b80e	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:28:39 +02:00
Alessio Della Libera	ab128f7172	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:27:26 +02:00
Alessio Della Libera	40e101de5a	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:26:15 +02:00
Alessio Della Libera	97f039af3a	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:25:11 +02:00
Alessio Della Libera	fb3ffb895a	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:23:17 +02:00
Alessio Della Libera	e463014759	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:21:56 +02:00
Alessio Della Libera	5cae3005f3	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:20:22 +02:00
Alessio Della Libera	10bd745740	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:18:54 +02:00
Alessio Della Libera	8d26b810ee	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:17:16 +02:00
Alessio Della Libera	0c121062b6	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:13:54 +02:00
Alessio Della Libera	67fccac8a9	Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-16 14:13:03 +02:00
ubuntu	8dee3da4fe	Update .qhelp	2020-07-26 23:50:22 +02:00
ubuntu	ac7c511d86	Update .qhelp	2020-07-26 23:47:53 +02:00
ubuntu	2cec8f7e9d	Update .qhelp	2020-07-26 23:23:56 +02:00
ubuntu	c469f71957	Add Codeql query to detect if cookies are sent without the flag being set	2020-07-26 22:56:36 +02:00
semmle-qlci	b24fba8df0	Merge pull request #3734 from dellalibera/loginjection Approved by esbena	2020-06-25 11:06:25 +01:00
ubuntu	d9a0dc0982	Remove check for console().getAMethodCall	2020-06-24 19:31:23 +02:00
ubuntu	65eba0272d	Merge remote-tracking branch 'upstream/master' into loginjection	2020-06-24 19:15:27 +02:00
Toufik Airane	27f91b36b0	Update javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-06-23 12:28:21 +02:00
toufik-airane	37f44d98ce	fix minor issues	2020-06-23 12:28:03 +02:00
toufik-airane	f7cbc8a8d4	Enhance query ouput - add valuable text to assess the query results - add an example of the output	2020-06-22 22:34:06 +02:00
toufik-airane	0f8879716f	rewrite description	2020-06-22 21:57:58 +02:00
Alessio Della Libera	a759905a5c	Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-06-22 20:37:38 +02:00
toufik-airane	364f0ca734	rewrite description	2020-06-22 20:11:58 +02:00
toufik-airane	ac8991b192	remove JWTMissingSecretOrPublicKeyVerification.qll	2020-06-22 20:09:48 +02:00
toufik-airane	d9ecb7d762	rewrite help	2020-06-22 20:06:17 +02:00
toufik-airane	d65b7be32b	rewrite help	2020-06-22 20:00:52 +02:00
Toufik Airane	bb7ba50e23	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-06-22 19:27:36 +02:00
toufik-airane	4853b8a281	Try to finish the PR - Add help documentation - Empty qll file - rename examples	2020-06-22 13:26:13 +02:00
toufik-airane	7166d5422e	add test file for CWE-347 Add a test file for CWE-347. The HS256 algorithm is safe, but the none algorithm is unsafe.	2020-06-20 17:10:35 +02:00
toufik-airane	8a2a33459a	Merge branch 'master' of github.com:toufik-airane/codeql	2020-06-20 16:56:27 +02:00
toufik-airane	b0aaca0e1c	JWT Missing Secret Or Public Key Verification Add an experimental CodeQL query.	2020-06-20 16:54:41 +02:00
Esben Sparre Andreasen	baaa31665a	Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp	2020-06-19 09:05:13 +02:00
Alessio Della Libera	eba64dba7c	Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-06-18 19:44:46 +02:00
Alessio Della Libera	c0271b1627	Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-06-18 19:44:38 +02:00
Alessio Della Libera	ffc9a449ab	Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-06-18 19:43:45 +02:00
Alessio Della Libera	e84339d5bf	Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-06-18 19:43:36 +02:00
ubuntu	71a7ec593c	Use StringOps to identify functions used for verifing the origin	2020-06-18 19:41:07 +02:00
Alessio Della Libera	cc91026873	Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2020-06-18 19:31:11 +02:00
Alessio Della Libera	b4f255176a	Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.help Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2020-06-18 19:29:34 +02:00
ubuntu	41c029567f	Add CodeQL query to detect Log Injection in JS code	2020-06-17 21:16:24 +02:00
ubuntu	c490cfdfa5	Create another branch	2020-06-17 19:51:14 +02:00
ubuntu	4ccfdef71d	Add CodeQL query to detect Log Injection in JS code	2020-06-17 19:44:58 +02:00

1 2

94 Commits