hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,471 Commits 1,673 Branches 157 Tags
27f91b36b02ab1aa21a07bae7c0d92b296eab70d
Commit Graph

3781 Commits

Author SHA1 Message Date
Toufik Airane
27f91b36b0 Update javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-23 12:28:21 +02:00
toufik-airane
37f44d98ce fix minor issues 2020-06-23 12:28:03 +02:00
toufik-airane
f7cbc8a8d4 Enhance query ouput 
- add valuable text to assess the query results
- add an example of the output
 2020-06-22 22:34:06 +02:00
toufik-airane
0f8879716f rewrite description 2020-06-22 21:57:58 +02:00
toufik-airane
364f0ca734 rewrite description 2020-06-22 20:11:58 +02:00
toufik-airane
ac8991b192 remove JWTMissingSecretOrPublicKeyVerification.qll 2020-06-22 20:09:48 +02:00
toufik-airane
d9ecb7d762 rewrite help 2020-06-22 20:06:17 +02:00
toufik-airane
d65b7be32b rewrite help 2020-06-22 20:00:52 +02:00
Toufik Airane
bb7ba50e23 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 19:27:36 +02:00
toufik-airane
4853b8a281 Try to finish the PR 
- Add help documentation
- Empty qll file
- rename examples
 2020-06-22 13:26:13 +02:00
toufik-airane
7166d5422e add test file for CWE-347 
Add a test file for CWE-347.
The HS256 algorithm is safe, but the none algorithm is unsafe.
 2020-06-20 17:10:35 +02:00
toufik-airane
8a2a33459a Merge branch 'master' of github.com:toufik-airane/codeql 2020-06-20 16:56:27 +02:00
toufik-airane
b0aaca0e1c JWT Missing Secret Or Public Key Verification 
Add an experimental CodeQL query.
 2020-06-20 16:54:41 +02:00
Esben Sparre Andreasen
4126d5b59e Merge pull request #3646 from dellalibera/master 
[javascript] CodeQL query to detect missing origin validation in cross-origin communication via postMessage
 2020-06-19 11:43:57 +02:00
Esben Sparre Andreasen
baaa31665a Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 2020-06-19 09:05:13 +02:00
Alessio Della Libera
eba64dba7c Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:46 +02:00
Alessio Della Libera
c0271b1627 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:38 +02:00
Alessio Della Libera
ffc9a449ab Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:45 +02:00
Alessio Della Libera
e84339d5bf Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:36 +02:00
ubuntu
71a7ec593c Use StringOps to identify functions used for verifing the origin 2020-06-18 19:41:07 +02:00
ubuntu
c490cfdfa5 Create another branch 2020-06-17 19:51:14 +02:00
ubuntu
4ccfdef71d Add CodeQL query to detect Log Injection in JS code 2020-06-17 19:44:58 +02:00
Erik Krogh Kristensen
cd111fe350 Merge pull request #3721 from asger-semmle/js/non-linear-pattern-msg 
JS: Improve alert message in js/non-linear-pattern
 2020-06-17 13:10:56 +02:00
ubuntu
22cb45beab Merge remote-tracking branch 'upstream/master' 2020-06-17 11:13:13 +02:00
ubuntu
3104f8a37b Remove Fields in PostMessageEvent 2020-06-16 18:30:00 +02:00
Alessio Della Libera
68b2a6c848 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:27:21 +02:00
Alessio Della Libera
8843522d14 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:26:42 +02:00
Alessio Della Libera
72dc6510b2 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:22:55 +02:00
semmle-qlci
07bff646d8 Merge pull request #3641 from asger-semmle/js/pre-call-graph-steps 
Approved by erik-krogh
 2020-06-16 13:41:55 +01:00
Asger Feldthaus
23d28967a7 JS: Autoformat 2020-06-15 20:40:17 +01:00
Asger Feldthaus
3242f5ed94 JS: Include qhelp example in test suite 2020-06-15 17:37:26 +01:00
Asger Feldthaus
824054ba62 JS: Change note and updated help 2020-06-15 17:34:36 +01:00
Asger Feldthaus
7091a9f704 JS: Special-case alert message for type annotations 2020-06-15 17:17:47 +01:00
Asger Feldthaus
c8ab69af11 JS: Avoid duplicate alerts 2020-06-15 16:57:54 +01:00
Asger Feldthaus
f380898126 JS: Add test showing duplicate alerts 2020-06-15 16:40:37 +01:00
Asger Feldthaus
51d143d6f1 JS: Add test with destructuring pattern that looks like type annotations 2020-06-15 16:35:36 +01:00
semmle-qlci
3728e1afd3 Merge pull request #3715 from asger-semmle/js/returned-functions 
Approved by erik-krogh, esbena
 2020-06-15 15:32:54 +01:00
Asger Feldthaus
17010e25a1 JS: Update another test 2020-06-15 13:55:46 +01:00
semmle-qlci
57c8dd85a4 Merge pull request #2801 from esbena/js/bulky-route-handler-registration 
Approved by asgerf
 2020-06-15 13:06:22 +01:00
Asger Feldthaus
4b3faabcc8 JS: Autoformat 2020-06-15 11:16:55 +01:00
Asger Feldthaus
c4179eb81d JS: Update test 2020-06-15 11:13:20 +01:00
Asger Feldthaus
c7f74e47e2 JS: Autoformat 2020-06-15 09:51:42 +01:00
Asger Feldthaus
4c536dde20 JS: Propagate locally returned functions out of calls 2020-06-12 10:07:37 +01:00
Asger Feldthaus
6531db3cca JS: Add test 2020-06-12 09:56:38 +01:00
Jonas Jensen
abd05bcff1 Merge pull request #3596 from robertbrignull/more-suites 
Add more code-scanning suites
 2020-06-12 09:08:20 +02:00
Asger Feldthaus
475c631ff9 JS: Fix a misleading javadoc comment 2020-06-11 16:16:51 +01:00
ubuntu
e8b05b70c4 Added support for detecting unsafe methods used for origin verification 2020-06-10 23:11:03 +02:00
ubuntu
cf3142e083 Updated qhelp with a third example 2020-06-10 23:09:35 +02:00
ubuntu
92f9f320f9 Added new example of an unsafe event.origin verification 2020-06-10 23:07:05 +02:00
semmle-qlci
b841cacb83 Merge pull request #3676 from max-schaefer/js/global-access-paths-minor-fixes 
Approved by erik-krogh
 2020-06-10 20:02:55 +01:00