codeql

mirror of https://github.com/github/codeql.git synced 2026-01-15 15:34:49 +01:00

Author	SHA1	Message	Date
Stephan Brandauer	2278e7f6e6	CWE 830 polish error messages	2022-02-22 11:41:54 +01:00
Stephan Brandauer	82330391c3	CWE-830 add support for setting attributes via setAttribute method	2022-02-22 11:41:54 +01:00
Stephan Brandauer	d80cd1aeb5	CWE 830 test where both branches in a ternary are unsafe	2022-02-22 11:41:53 +01:00
Stephan Brandauer	2934aa1a3a	rewrite docs, improve error messages, etc	2022-02-22 11:41:53 +01:00
Stephan Brandauer	d2335b65d5	stylistic improvements after review	2022-02-22 11:41:53 +01:00
Stephan Brandauer	9aec4437e2	polish qhelp for CWE-830 and add test file	2022-02-22 11:41:53 +01:00
Stephan Brandauer	44d86569ac	remove illegal chars from comments	2022-02-22 11:41:53 +01:00
Stephan Brandauer	fd77e27ed9	replace taint tracking by type tracking and merge remaining queries for CWE-830	2022-02-22 11:41:53 +01:00
Stephan Brandauer	8cafa6d562	improve error message in CWE-830	2022-02-22 11:41:53 +01:00
Stephan Brandauer	780fa97869	always require integrity checking for certain CDNs	2022-02-22 11:41:53 +01:00
Stephan Brandauer	8d397fea09	JS: query to find dynamic creations of DOM elements that use untrusted sources	2022-02-22 11:41:52 +01:00
Stephan Brandauer	b35c70994f	permit http urls to 127.0.0.1 and others	2022-02-22 11:41:52 +01:00
Stephan Brandauer	dd2b779a3c	add CWE 830 link to references	2022-02-22 11:41:52 +01:00
Stephan Brandauer	6722c17bb0	JS: Functionality from untrusted sources query (CWE-830)	2022-02-22 11:41:52 +01:00
Esben Sparre Andreasen	816d79692b	ignore deliberately hardcoded password strings	2022-02-16 09:47:01 +01:00
Ethan Palm	2f7f9d9032	Move explanation of example above sample code	2022-02-09 10:45:24 -08:00
Erik Krogh Kristensen	aa95dd4ec7	fix typo Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-02-08 00:19:40 +01:00
Erik Krogh Kristensen	6f28cb9201	lower the precision of `js/unsafe-code-construction`	2022-02-07 13:35:29 +01:00
Erik Krogh Kristensen	eb133f59f6	update qhelp to focus on properly documenting potentially unsafe library functions	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	d77c28f6a7	add qhelp for unsafe-code-construction	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	198a464346	add `js/unsafe-code-construction` query	2022-02-07 13:34:18 +01:00
Naman Jain	aea7054938	modified query and added tests	2022-02-02 19:39:08 +05:30
Erik Krogh Kristensen	0f85a52f09	Merge pull request #7773 from erik-krogh/CWE-367 JS: add a js/file-system-race query	2022-02-01 15:36:13 +01:00
Erik Krogh Kristensen	a51f892a99	move dot in qhelp Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-02-01 14:34:30 +01:00
Erik Krogh Kristensen	e6c90670e6	Merge pull request #7740 from erik-krogh/CWE-347 JS: promote the js/jwt-missing-verification query out of experimental	2022-02-01 13:10:35 +01:00
Erik Krogh Kristensen	8dcec2e037	apply suggestions from doc review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-01-31 13:17:26 +01:00
Erik Krogh Kristensen	ec1a8cc826	apply suggestions from doc review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-01-31 12:32:12 +01:00
Erik Krogh Kristensen	7aa59ca233	Merge pull request #7633 from erik-krogh/CWE-300 JS: add js/http-dependency query	2022-01-28 12:10:14 +01:00
Erik Krogh Kristensen	b5198bdaca	apply suggestions from doc review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-01-28 10:46:27 +01:00
Erik Krogh Kristensen	bf9bcc9600	add a js/file-system-race query	2022-01-28 09:41:12 +01:00
Erik Krogh Kristensen	179c26da9a	apply suggestions from review	2022-01-28 09:37:46 +01:00
Erik Krogh Kristensen	e75dc2116f	add CWE-184 to incomplete-scheme-check and bad-tag-filter	2022-01-26 16:13:13 +01:00
Erik Krogh Kristensen	abd87615ff	update qhelp with suggestions Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-01-26 11:03:05 +01:00
Erik Krogh Kristensen	de633940fe	promote the js/jwt-missing-verification query out of exeprimental	2022-01-26 09:35:54 +01:00
Erik Krogh Kristensen	cc527bdecd	Merge pull request #7721 from erik-krogh/CWE-1275 JS: add a js/samesite-none-cookie cookie	2022-01-25 13:28:08 +01:00
Erik Krogh Kristensen	9f9dee5d18	apply documentation suggestions Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-01-25 12:14:16 +01:00
CodeQL CI	8d1e22bc38	Merge pull request #7632 from erik-krogh/CWE-862 Approved by esbena, felicitymay	2022-01-24 12:47:16 -08:00
Erik Krogh Kristensen	d4bac887cf	add a js/samesite-none-cookie cookie	2022-01-24 21:39:41 +01:00
Erik Krogh Kristensen	75f389749a	Merge pull request #7719 from erik-krogh/cwe-219 JS: add CWE-219 to js/exposure-of-private-files	2022-01-24 17:06:09 +01:00
Erik Krogh Kristensen	bb786bc557	fix good/bad mixup in ClientExposedCookie qhelp	2022-01-24 15:34:30 +01:00
Erik Krogh Kristensen	148b0c33a9	update the empty-password-in-config-file qhelp	2022-01-24 13:39:54 +01:00
Erik Krogh Kristensen	ab0d67a573	update query name and description Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-01-24 13:37:25 +01:00
Erik Krogh Kristensen	823cadecd5	add CWE-219 to js/exposure-of-private-files	2022-01-24 13:22:06 +01:00
Erik Krogh Kristensen	ab1bc685bb	add CWE-80 to queries that detect bad HTML sanitizers	2022-01-24 11:01:17 +01:00
Erik Krogh Kristensen	f9d5cbf017	update qhelp Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-01-21 11:26:58 +01:00
Erik Krogh Kristensen	debebb2b8c	rewrite the qhelp for `js/insecure-dependency`	2022-01-21 10:41:08 +01:00
Erik Krogh Kristensen	5780161b2c	fix most issues found by ql/class-doc-style in JS	2022-01-20 15:10:16 +01:00
Erik Krogh Kristensen	cb9e14f544	add cwe-471 to js/prototype-pollution	2022-01-19 14:54:57 +01:00
Erik Krogh Kristensen	e4203a4109	add CWE-471 to the prototype-pollution queries	2022-01-19 14:26:34 +01:00
Erik Krogh Kristensen	ef2eacebce	add a js/empty-password-in-configuration-file query	2022-01-19 10:48:45 +01:00

1 2 3 4 5 ...

699 Commits