erik-krogh
|
abb8d65483
|
Merge branch 'main' into amammad-js-SQLI
|
2023-11-23 21:17:58 +01:00 |
|
amammad
|
60b422a35c
|
fix second round of code review. improve documents, fix better-sqlite3 method
|
2023-11-23 14:01:38 +01:00 |
|
amammad
|
0328a2986d
|
move TypeORM library file and tests to experimental
add inline tests :)
Fix TypeORM fuzzy method according to Review
|
2023-11-21 19:59:06 +01:00 |
|
erik-krogh
|
c2942b37a7
|
JS: delete various outdated deprecations
|
2023-10-09 09:14:55 +02:00 |
|
Asger F
|
094302a27b
|
JS: Replace sanitizing prefix edge with node
|
2023-07-11 14:48:13 +02:00 |
|
erik-krogh
|
b343dcaadd
|
put string/object in the alert-message for sql-injection
|
2023-05-31 08:06:04 +02:00 |
|
Asger F
|
20e8ee8423
|
Merge pull request #12748 from JarLob/yi
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
|
2023-05-15 11:03:00 +02:00 |
|
Kasper Svendsen
|
67950c8e6b
|
JS: Make implicit this receivers explicit
|
2023-05-03 15:31:00 +02:00 |
|
Nate Johnson
|
78229bb264
|
Moved into experimental
|
2023-04-18 21:59:14 -04:00 |
|
jarlob
|
a8a6913512
|
Simplify exists according to the warning
|
2023-04-13 23:10:16 +02:00 |
|
jarlob
|
72b66ffe97
|
Fix comment.
|
2023-04-07 10:01:14 +02:00 |
|
jarlob
|
39ff3c72a2
|
Remove label sanitizer because it is prone to race conditions
|
2023-04-03 23:28:31 +02:00 |
|
Pierre
|
c3116b3f0f
|
Merge branch 'main' into turbo/experimental/combined
|
2023-01-11 18:02:55 +01:00 |
|
erik-krogh
|
66be8cda06
|
remove more of the implementation into ConditionalBypassQuery.qll
|
2022-12-19 14:37:19 +01:00 |
|
erik-krogh
|
442749bb7f
|
JS: add heuristic variants of queries that use RemoteFlowSource
|
2022-12-19 12:01:22 +01:00 |
|
turbo
|
4ec401a3f6
|
Tag all security queries in supported languages' experimental directories with an experimental tag
|
2022-12-14 17:15:50 +01:00 |
|
erik-krogh
|
2eb6b1adb3
|
JS: fix two typos
|
2022-11-23 14:38:12 +01:00 |
|
Erik Krogh Kristensen
|
bbdda9ef70
|
Merge pull request #10727 from erik-krogh/js-last-msg
JS: fix some more style-guide violations in the alert-messages
|
2022-10-27 15:48:12 +02:00 |
|
Daniel Santos
|
64da2cec50
|
removed unnecessary getACall and fixed formatting
|
2022-10-26 12:02:55 -05:00 |
|
Daniel Santos
|
f7ace6f801
|
Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2022-10-25 14:27:03 -05:00 |
|
Daniel Santos
|
5b080481aa
|
TokenBuiltFromUuid formatting
|
2022-10-25 09:51:48 -05:00 |
|
Daniel Santos
|
375edf7455
|
TokenAssignmentValueSink refactor
|
2022-10-25 09:50:04 -05:00 |
|
Daniel Santos
|
a2ad924376
|
Minor formatting fixes
|
2022-10-24 09:38:17 -05:00 |
|
Daniel Santos
|
066ffb7520
|
Tokens built from predictable UUIDs
|
2022-10-22 11:15:43 -05:00 |
|
erik-krogh
|
368f84785b
|
fix some more style-guide violations in the alert-messages
|
2022-10-07 11:22:22 +02:00 |
|
Asger F
|
df44076435
|
JS: Remove Portal-based flow summary implementation
|
2022-09-22 11:28:31 +02:00 |
|
erik-krogh
|
26d8553f6e
|
ensure consistent casing of names
|
2022-09-09 10:34:14 +02:00 |
|
Erik Krogh Kristensen
|
9cb7522bc1
|
change RouteSetup to a DataFlow::Node
|
2022-09-05 15:45:31 +02:00 |
|
erik-krogh
|
cc7a9ef97a
|
rename more acronyms
|
2022-08-25 20:52:27 +02:00 |
|
Erik Krogh Kristensen
|
a404a8c61a
|
use more set literals instead of big disjunctions
|
2022-05-24 11:09:10 +02:00 |
|
Erik Krogh Kristensen
|
4bef451156
|
Merge pull request #9021 from erik-krogh/actions
JS: promote `js/actions/injection` out of experimental
|
2022-05-12 14:38:38 +02:00 |
|
Erik Krogh Kristensen
|
53b26eba17
|
Merge pull request #8724 from erik-krogh/postMessage
JS: promote the `js/missing-origin-verification` query
|
2022-05-09 12:28:58 +02:00 |
|
Erik Krogh Kristensen
|
1f00ba812a
|
move YAMLMappingLikeNode to the standard library
|
2022-05-05 10:22:52 +02:00 |
|
Erik Krogh Kristensen
|
2a65d1d3ec
|
move js/actions/injection out of experimental
|
2022-05-04 16:14:19 +02:00 |
|
Erik Krogh Kristensen
|
bc470b89f1
|
leave a deprecated alias for Actions.qll
|
2022-05-04 16:14:19 +02:00 |
|
Erik Krogh Kristensen
|
9db67d4988
|
move the Actions API out of experimental
|
2022-05-04 16:14:19 +02:00 |
|
Erik Krogh Kristensen
|
e2b7f7d05d
|
reintroduce the number sinks
|
2022-04-12 16:26:10 +02:00 |
|
Erik Krogh Kristensen
|
688b2b6898
|
use the Query.qll pattern
|
2022-04-12 15:52:52 +02:00 |
|
Erik Krogh Kristensen
|
8fb54c3f32
|
move js/resource-exhaustion out of experimental
|
2022-04-12 15:51:36 +02:00 |
|
Erik Krogh Kristensen
|
18532bae54
|
move js/missing-postmessageorigin-verification out of experimental
|
2022-04-12 10:39:27 +02:00 |
|
Erik Krogh Kristensen
|
9cf0a94e4d
|
use some Sanitizer classes that were unused in the query code
|
2022-03-13 23:54:53 +01:00 |
|
Erik Krogh Kristensen
|
4734f1916e
|
Merge pull request #7598 from erik-krogh/fieldOnlyUsedInCharPred
QL: field only used in charPred
|
2022-03-08 11:25:57 +01:00 |
|
Erik Krogh Kristensen
|
a1c5724be7
|
fix most ql-for-ql warnings in JS
|
2022-02-11 17:57:37 +01:00 |
|
Erik Krogh Kristensen
|
de633940fe
|
promote the js/jwt-missing-verification query out of exeprimental
|
2022-01-26 09:35:54 +01:00 |
|
CodeQL CI
|
b02f1c87a1
|
Merge pull request #7679 from erik-krogh/ql-doc-style
Approved by esbena
|
2022-01-20 23:43:44 -08:00 |
|
Erik Krogh Kristensen
|
5780161b2c
|
fix most issues found by ql/class-doc-style in JS
|
2022-01-20 15:10:16 +01:00 |
|
Erik Krogh Kristensen
|
4e8e3a7420
|
simplify expressions that could be type-casts
|
2022-01-20 10:41:35 +01:00 |
|
Erik Krogh Kristensen
|
b8f1fb3954
|
JS: fix ql/field-only-used-in-charpred within JavaScript
|
2022-01-20 09:41:13 +01:00 |
|
Erik Krogh Kristensen
|
d17879e1f9
|
run the non-us patch
|
2021-12-20 16:24:41 +01:00 |
|
Nick Rolfe
|
28912c508f
|
Fix non-US spelling of 'behavior'
|
2021-12-17 15:29:31 +00:00 |
|