codeql

mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00

Author	SHA1	Message	Date
Asger F	40d68cb4dc	JS: Port CleartextStorage	2023-10-13 13:15:04 +02:00
Asger F	b8a6f81669	JS: Port CleartextLogging	2023-10-13 13:15:04 +02:00
Asger F	a5c221fcfc	JS: Port PrototypePollutingMergeCall	2023-10-13 13:15:04 +02:00
Asger F	adf7d5409d	JS: Port PrototypePollutingFunction	2023-10-13 13:15:04 +02:00
Asger F	f1f45927b1	JS: Port PrototypePollutingAssignment	2023-10-13 13:15:04 +02:00
Asger F	81d2721248	JS: Port ClientSideUrlRedirect	2023-10-13 13:15:04 +02:00
Asger F	46fd727a55	JS: Port ServerSideUrlRedirect	2023-10-13 13:15:04 +02:00
Asger F	92816b1c9a	JS: Port ClientSideRequestForgery	2023-10-13 13:15:03 +02:00
Asger F	b2216627be	JS: Port RequestForgery	2023-10-13 13:15:03 +02:00
Asger F	d7b4e0c206	JS: Port ExceptionXss	2023-10-13 13:15:03 +02:00
Asger F	cf5450dbd5	JS: Port XssThroughDom	2023-10-13 13:15:03 +02:00
Asger F	5f05232e02	JS: Port StoredXss	2023-10-13 13:15:03 +02:00
Asger F	46b90e51fc	JS: Port ReflectedXss	2023-10-13 13:15:03 +02:00
Asger F	e091fdefa4	JS: Port DomBasedXss	2023-10-13 13:15:03 +02:00
Asger F	547a8a958a	JS: Port SqlInjection	2023-10-13 13:15:03 +02:00
Asger F	65e9706c8e	JS: Port TaintedPath	2023-10-13 13:15:03 +02:00
Asger F	fcfab5238e	JS: Port CodeInjection	2023-10-13 13:15:03 +02:00
Asger F	17233a6749	JS: Port CommandInjection	2023-10-13 13:15:03 +02:00
erik-krogh	ccd06c78b9	delete an .expected file outside the test directories	2023-10-10 21:35:19 +02:00
Erik Krogh Kristensen	7e7852eff6	Merge pull request #13641 from erik-krogh/multi-char JS/RB: write qhelp for `incomplete-multi-character-sanitization`	2023-09-14 14:48:30 +02:00
Max Schaefer	e722e3288f	Merge pull request #13771 from github/max-schaefer/server-side-url-redirect-help JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.	2023-09-13 13:20:48 +01:00
Max Schaefer	a9e81672f0	Make suggestion to replace example.com more explicit.	2023-09-12 16:54:05 +01:00
Max Schaefer	7ddb7da65e	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2023-09-12 16:47:23 +01:00
Max Schaefer	46d7165885	Explain about redirects to example.com.	2023-09-07 09:12:07 +01:00
Max Schaefer	a02f373e79	Use better sanitiser.	2023-09-06 14:06:16 +01:00
Max Schaefer	87364137df	Use more sensible validator in example.	2023-08-21 15:14:01 +01:00
erik-krogh	5ffce86768	change the defaults in the qhelp for missing-rate-limit to something more reasonable	2023-08-10 13:40:17 +02:00
Erik Krogh Kristensen	6631e838cf	re-appearing -> reappearing Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>	2023-08-07 09:57:52 +02:00
Max Schaefer	5124310f14	Update javascript/ql/src/Security/CWE-730/ServerCrash.qhelp Co-authored-by: Asger F <asgerf@github.com>	2023-08-01 17:03:05 +01:00
Max Schaefer	7823ff968c	JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.	2023-07-19 13:23:25 +01:00
Max Schaefer	9432fec612	JavaScript: Improve qhelp for js/server-crash. The examples now use `fs.access` instead of the deprecated `fs.exists`. I have also rewritten the async/await example, since as of Node.js v15 the default behaviour for uncaught exceptions has changed to terminating the process instead of logging a warning, making the previous advice incorrect.	2023-07-17 14:44:23 +01:00
erik-krogh	1fe66232c6	suggestions based on review: add a popular library example for HTML-sanitization, and use the old text about ../ replacements	2023-07-13 14:28:11 +02:00
Erik Krogh Kristensen	9db970f055	apply suggestion from review Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2023-07-13 14:17:33 +02:00
Max Schaefer	ae237247f2	Apply suggestions from code review Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2023-07-13 12:10:57 +01:00
Max Schaefer	63c45a0da3	Add another example of when and how to use shell-quote.	2023-07-10 14:02:17 +01:00
Max Schaefer	1d3e3440f2	Add example of manual sanitisation.	2023-07-06 12:54:30 +01:00
Max Schaefer	240e0799b0	Fix spurious character in code example.	2023-07-06 12:54:03 +01:00
Max Schaefer	83a854c3ff	Update javascript/ql/src/Security/CWE-078/IndirectCommandInjection.qhelp Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-06 12:47:06 +01:00
Max Schaefer	6fb41adc61	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-06 12:02:44 +01:00
Max Schaefer	f89992eb16	Address more review feedback.	2023-07-05 12:02:11 +01:00
Max Schaefer	921d8de8dc	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-05 11:19:30 +01:00
Max Schaefer	5fb6b5810f	Clarify that splitting arguments on space is not safe.	2023-07-04 15:58:37 +01:00
Max Schaefer	74af0b1f05	Improve command-injection example and provide a fixed version.	2023-07-04 15:58:37 +01:00
Erik Krogh Kristensen	8676516cb9	recursively -> repeatedly Co-authored-by: Asger F <asgerf@github.com>	2023-07-03 13:17:13 +02:00
erik-krogh	3e2b8124c9	apply suggestions from review	2023-07-03 10:03:45 +02:00
erik-krogh	bea4162736	delete multi-char note from the `incomplete-sanitization` qhelp	2023-07-03 09:10:54 +02:00
erik-krogh	a60478ba8a	write qhelp for js/incomplete-multi-character-sanitization	2023-07-03 09:07:13 +02:00
Adrien Pessu	e332a4348d	Update javascript/ql/src/Security/CWE-798/HardcodedCredentials.qhelp Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-06-21 12:55:33 +01:00
Adrien Pessu	4d1bbe36a9	Merge branch 'main' into main	2023-06-21 09:11:57 +01:00
Adrien Pessu	7dfb404fd7	clean examples	2023-06-21 08:11:39 +00:00

1 2 3 4 5 ...

978 Commits