hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,464 Commits 1,712 Branches 163 Tags
3bd7615a75167fc75c899197b80ca4bc1b35ea01
Commit Graph

4111 Commits

Author SHA1 Message Date
Alessio Della Libera
3bd7615a75 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 01:47:37 +02:00
Alessio Della Libera
57cf447188 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 01:46:59 +02:00
ubuntu
22f5ae4ad4 Format code 2020-08-24 18:53:37 +02:00
ubuntu
8ec91ef0c6 Change polarity predicate isInsecure 2020-08-16 15:23:29 +02:00
ubuntu
5d6e6be4e4 Add query-tests 2020-08-16 15:02:52 +02:00
ubuntu
3e9142bf71 Remove examples 2020-08-16 14:58:37 +02:00
ubuntu
2a322976c6 Changed .qhelp 2020-08-16 14:57:04 +02:00
ubuntu
91d44854c0 Replace class and module name 2020-08-16 14:53:31 +02:00
ubuntu
d4b231b867 Replace regex 2020-08-16 14:48:26 +02:00
ubuntu
e2908026c5 Remove redundancy 2020-08-16 14:41:55 +02:00
Alessio Della Libera
1ba39e4130 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:34:19 +02:00
Alessio Della Libera
05ffd672d7 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:33:38 +02:00
Alessio Della Libera
ab20beba56 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:32:51 +02:00
Alessio Della Libera
bfef84e1b5 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:32:05 +02:00
Alessio Della Libera
a2e9456450 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:31:21 +02:00
Alessio Della Libera
14c8e4ce76 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:30:45 +02:00
Alessio Della Libera
275b8dfda2 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:29:36 +02:00
Alessio Della Libera
9292e3b80e Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:28:39 +02:00
Alessio Della Libera
ab128f7172 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:27:26 +02:00
Alessio Della Libera
40e101de5a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:26:15 +02:00
Alessio Della Libera
97f039af3a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:25:11 +02:00
Alessio Della Libera
fb3ffb895a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:23:17 +02:00
Alessio Della Libera
e463014759 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:21:56 +02:00
Alessio Della Libera
5cae3005f3 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:20:22 +02:00
Alessio Della Libera
10bd745740 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:18:54 +02:00
Alessio Della Libera
8d26b810ee Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:17:16 +02:00
Alessio Della Libera
0c121062b6 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:13:54 +02:00
Alessio Della Libera
67fccac8a9 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:13:03 +02:00
ubuntu
8dee3da4fe Update .qhelp 2020-07-26 23:50:22 +02:00
ubuntu
ac7c511d86 Update .qhelp 2020-07-26 23:47:53 +02:00
ubuntu
2cec8f7e9d Update .qhelp 2020-07-26 23:23:56 +02:00
ubuntu
c469f71957 Add Codeql query to detect if cookies are sent without the flag being set 2020-07-26 22:56:36 +02:00
semmle-qlci
e167b87150 Merge pull request #3932 from max-schaefer/portals-additions 
Approved by esbena
 2020-07-09 11:43:45 +01:00
Max Schaefer
7a1410e0d5 JavaScript: Update and expand tests. 2020-07-09 09:25:52 +01:00
Max Schaefer
1c47260bde JavaScript: Add support for global variables to portals. 2020-07-09 09:12:56 +01:00
Max Schaefer
c40ef0556a JavaScript: Broaden scope of imports considered relevant to portals. 
Previously, we only considered an import relevant to portals if the path it imported was declared as a dependency. This falls down for deep imports where a specific module inside the package is imported rather than the default entry point, for imports of built-in modules like `fs`, and in cases where a developer simply forgets to declare a dependency.

So instead we now consider all imports relevant whose path does not start with a dot or a slash.
 2020-07-09 09:09:44 +01:00
Max Schaefer
8b4b5781e6 JavaScript: Add utility predicate getBasePortal(i). 
This iterates the existing `getBasePortal()` predicate `i` times.
 2020-07-09 09:08:18 +01:00
Anders Schack-Mulligen
67db1df00c C++/C#/JavaScript/Python: Port Location qldoc update. 2020-07-07 11:39:27 +02:00
semmle-qlci
fe0c5a9ea6 Merge pull request #3892 from asger-semmle/js/redirect-starts-with-sanitizer 
Approved by esbena
 2020-07-06 17:04:30 +01:00
semmle-qlci
6d80445f24 Merge pull request #3851 from erik-krogh/queryStuff 
Approved by esbena
 2020-07-06 14:40:41 +01:00
Erik Krogh Kristensen
9a944625d1 autoformat 2020-07-06 15:17:15 +02:00
semmle-qlci
13c3513d76 Merge pull request #3905 from erik-krogh/unsafeShellTypo 
Approved by esbena
 2020-07-06 11:41:56 +01:00
semmle-qlci
73d606d2c3 Merge pull request #3844 from github/esbena-patch-3 
Approved by erik-krogh
 2020-07-06 09:47:59 +01:00
Erik Krogh Kristensen
8585312271 fix typo in js/shell-command-constructed-from-input 2020-07-06 10:33:49 +02:00
Asger Feldthaus
b5104ae42d JS: Add StartsWith sanitizer 2020-07-03 14:46:07 +01:00
Asger Feldthaus
4c06eb8bfe JS: Add test showing FPs 2020-07-03 14:45:42 +01:00
Erik Krogh Kristensen
078b6a8df2 autoformat 2020-07-03 00:21:55 +02:00
Erik Krogh Kristensen
261821b32c Merge remote-tracking branch 'upstream/master' into queryStuff 2020-07-02 16:08:05 +02:00
semmle-qlci
b5c8f2238b Merge pull request #3805 from esbena/js/seal-freeze-flow 
Approved by asgerf
 2020-07-02 13:54:54 +01:00
Erik Krogh Kristensen
2b0a091921 split out type-tracking into two predicates, to avoid catastrophic join-order 2020-07-02 14:28:28 +02:00