Erik Krogh Kristensen
|
ed54fdcb06
|
Merge pull request #4118 from dellalibera/js/ldap
[javascript] CodeQL to detect LDAP Injection
|
2020-09-03 14:50:03 +02:00 |
|
Alessio Della Libera
|
116e7d006d
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-03 10:32:18 +02:00 |
|
Alessio Della Libera
|
bfae0ef5d5
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-03 10:32:08 +02:00 |
|
Erik Krogh Kristensen
|
fb3148a7a8
|
autoformat
|
2020-09-03 08:17:08 +02:00 |
|
Alessio Della Libera
|
785f335ab8
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-02 15:22:33 +02:00 |
|
Alessio Della Libera
|
548cb65a64
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-02 15:22:23 +02:00 |
|
Alessio Della Libera
|
26046a4847
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-02 15:22:07 +02:00 |
|
Alessio Della Libera
|
6ad88bf93f
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-02 15:21:55 +02:00 |
|
ubuntu
|
042d07161c
|
Rename getQueryCall to getQueryCallSink
|
2020-09-01 22:43:31 +02:00 |
|
ubuntu
|
15562e4814
|
Update LdapjsSearchOptions
|
2020-09-01 22:28:58 +02:00 |
|
ubuntu
|
e2e55455c1
|
Update LdapjsSearchOptions and getQueryCall
|
2020-09-01 22:23:07 +02:00 |
|
Alessio Della Libera
|
8f00acd4e2
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 21:00:49 +02:00 |
|
Alessio Della Libera
|
78ebcee570
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 21:00:38 +02:00 |
|
Alessio Della Libera
|
b86b9ba510
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 21:00:21 +02:00 |
|
Alessio Della Libera
|
28729915d7
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 20:56:25 +02:00 |
|
Alessio Della Libera
|
1b50477fae
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 20:55:44 +02:00 |
|
Alessio Della Libera
|
44e728016b
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 20:54:58 +02:00 |
|
ubuntu
|
104c9b5dac
|
Move sinks into separate classes
|
2020-08-29 11:24:58 +02:00 |
|
Alessio Della Libera
|
8f98723822
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-29 11:18:41 +02:00 |
|
Esben Sparre Andreasen
|
9aa1404646
|
JS: fix formatting of InsecureCookie.qll
|
2020-08-27 09:44:45 +02:00 |
|
ubuntu
|
736f76b685
|
Simplify getQueryCall
|
2020-08-27 02:12:17 +02:00 |
|
ubuntu
|
30e7f958a8
|
Highlight API call
|
2020-08-27 01:42:16 +02:00 |
|
ubuntu
|
7eeec0d765
|
Correct typo example
|
2020-08-27 01:07:13 +02:00 |
|
ubuntu
|
cbe879ae73
|
Correct typo examples
|
2020-08-27 01:05:49 +02:00 |
|
ubuntu
|
68ff480892
|
Update .qhelp
|
2020-08-27 00:51:08 +02:00 |
|
ubuntu
|
13f443d2c3
|
Update getLdapjsClientDNMethodName
|
2020-08-27 00:48:29 +02:00 |
|
Alessio Della Libera
|
616113aeff
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-27 00:47:29 +02:00 |
|
ubuntu
|
94bd9c6d3e
|
Rename LdapjsDN to LdapjsDNArgument and add it as Sink
|
2020-08-27 00:43:38 +02:00 |
|
ubuntu
|
7d36b3b4d2
|
Correct typo
|
2020-08-27 00:26:54 +02:00 |
|
ubuntu
|
2305a642eb
|
Correct typo
|
2020-08-27 00:24:50 +02:00 |
|
Alessio Della Libera
|
23287aacee
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-27 00:17:55 +02:00 |
|
Alessio Della Libera
|
f12ac8ca60
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-27 00:17:33 +02:00 |
|
ubuntu
|
cd1d50b637
|
Update expected output
|
2020-08-26 23:50:15 +02:00 |
|
Alessio Della Libera
|
dcf51c75e9
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.ql
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-26 23:33:52 +02:00 |
|
Alessio Della Libera
|
57f3c73d3d
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-26 02:08:31 +02:00 |
|
Alessio Della Libera
|
6979c394fe
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-26 02:08:18 +02:00 |
|
Alessio Della Libera
|
355c7bc3b5
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-26 02:08:08 +02:00 |
|
Alessio Della Libera
|
e027c8cc13
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-26 01:48:05 +02:00 |
|
Alessio Della Libera
|
a1f64e26cf
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-26 01:47:52 +02:00 |
|
Alessio Della Libera
|
3bd7615a75
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-26 01:47:37 +02:00 |
|
Alessio Della Libera
|
57cf447188
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-26 01:46:59 +02:00 |
|
ubuntu
|
22f5ae4ad4
|
Format code
|
2020-08-24 18:53:37 +02:00 |
|
ubuntu
|
3e97ec85b2
|
Add CodeQL to detect LDAP Injection in JS
|
2020-08-23 15:24:29 +02:00 |
|
ubuntu
|
8ec91ef0c6
|
Change polarity predicate isInsecure
|
2020-08-16 15:23:29 +02:00 |
|
ubuntu
|
3e9142bf71
|
Remove examples
|
2020-08-16 14:58:37 +02:00 |
|
ubuntu
|
2a322976c6
|
Changed .qhelp
|
2020-08-16 14:57:04 +02:00 |
|
ubuntu
|
91d44854c0
|
Replace class and module name
|
2020-08-16 14:53:31 +02:00 |
|
ubuntu
|
d4b231b867
|
Replace regex
|
2020-08-16 14:48:26 +02:00 |
|
ubuntu
|
e2908026c5
|
Remove redundancy
|
2020-08-16 14:41:55 +02:00 |
|
Alessio Della Libera
|
1ba39e4130
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-16 14:34:19 +02:00 |
|