hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-16 06:53:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
70,637 Commits 1,690 Branches 160 Tags
1cd00a118ce7ddb455f1aeec55d0b2a07912914f
Commit Graph

36 Commits

Author SHA1 Message Date
Asger F
b63c658e3b JS: recognize tiny-csrf 2022-12-14 12:30:15 +01:00
Asger F
162419138d JS: Replace csurf -> lusca.csrf from example and qhelp 2022-12-14 12:30:15 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Asger F
631527fe49 JS: Rename Node.{getASource -> asSource, getASink -> asSink} 2022-05-24 11:57:30 +02:00
Asger Feldthaus
19a5db9f89 JS: Rename getARhs -> getASink 2022-05-24 11:57:30 +02:00
Erik Krogh Kristensen
1407b49a8f fix some instances of ql/pred-doc-style for JS 2022-02-21 15:02:21 +01:00
Asger Feldthaus
8aa4d8227e JS: Rename RouteHandlerInput->RouteHandlerParameter 2021-12-15 16:32:18 +01:00
Asger Feldthaus
5f8ea3965d JS: Do not flag auth endpoints that are immune to Login CSRF 2021-12-07 10:46:17 +01:00
Asger Feldthaus
66b1612e5e JS: Treat non-cookie based auth as CSRF preventer 2021-12-07 10:46:17 +01:00
Asger Feldthaus
b73219392b JS: Improve precision of missing CSRF middleware 2021-12-07 10:46:17 +01:00
Asger Feldthaus
389a3c9073 JS: Port CSRF query 2021-12-07 10:43:06 +01:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Ishaq Mohammed
96150a455d Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-06-01 13:47:43 +05:30
Ishaq Mohammed
975355de4a Adding reference link for csurf 2021-06-01 13:41:25 +05:30
Erik Krogh Kristensen
e061c6a006 add support for more custom CSRF checking middlewares 2020-10-20 15:16:14 +02:00
Erik Krogh Kristensen
ce95676130 add express.csrf as an CSRF protecting middleware 2020-10-19 15:39:02 +02:00
Erik Krogh Kristensen
27a2cd310d inline value in nodeLeadingToCsrfWrite 2020-10-16 14:21:49 +02:00
Erik Krogh Kristensen
017c73dce3 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-16 14:20:40 +02:00
Erik Krogh Kristensen
4d1a9740f0 add support for home made CSRF protection middlewares in js/missing-token-validation 2020-10-15 14:50:59 +02:00
Erik Krogh Kristensen
e04404b713 also recognize cookie writes are leading to cookie access 2020-09-28 21:17:25 +02:00
Erik Krogh Kristensen
ae228cb5b2 move new predicates to a more fitting location 2020-09-20 22:15:03 +02:00
Erik Krogh Kristensen
43e5c0212c add basic support for indirect route handlers 2020-09-18 09:26:33 +02:00
Esben Sparre Andreasen
1c5bffc095 JS: fix some FNs in the qhelp examples 2020-05-15 12:40:38 +02:00
Asger Feldthaus
fefcf1a7a6 JS: Autoformat everything 2020-02-27 09:41:01 +00:00
Asger F
701d9989be Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:51 +00:00
Asger F
310dd05185 Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:34 +00:00
Asger Feldthaus
b98db62e82 JS: Recognize req.user a cookie access 2020-01-24 09:44:20 +00:00
Asger Feldthaus
a68bb9ffd1 JS: Ignore calls and csrf/captcha access 2020-01-23 15:32:05 +00:00
Asger Feldthaus
b1ec3e1bf2 JS: Add test and dont check predecessors 2020-01-23 14:59:03 +00:00
Asger Feldthaus
406c6eb981 JS: Sharpen missing CSRF middleware query 2020-01-23 14:22:49 +00:00
Max Schaefer
31bb39a810 JavaScript: Autoformat all QL files. 2019-01-07 10:15:45 +00:00
Asger F
4797924bea JS: review comments 2018-09-21 14:46:21 +01:00
Asger F
5f467d2fc5 JS: recognize CSRF middleware from lusca package 2018-09-21 13:15:40 +01:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00