hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 08:42:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,144 Commits 1,673 Branches 157 Tags
43e5c0212cc3a562dbe033b4eac7cb1626401b63
Commit Graph

489 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
43e5c0212c add basic support for indirect route handlers 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
6fccf5aa70 use isLikelyIntentionalHtmlSink in the sink instead of in the where clause 2020-09-04 09:26:03 +02:00
Esben Sparre Andreasen
d27442e846 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-26 20:18:54 +02:00
Esben Sparre Andreasen
89305865d0 JS: make sanitization a "common" technique rather than "important" 2020-08-26 15:41:54 +02:00
Erik Krogh Kristensen
15a74493e0 more permissive path elements in js/incomplete-url-substring-sanitization 2020-08-13 11:46:13 +02:00
Erik Krogh Kristensen
1d111c3e1f expand what urls are detected by js/incomplete-url-substring-sanitization 2020-08-12 14:25:35 +02:00
Erik Krogh Kristensen
cc5ef4d5e1 rename JsonSerializeCall to JsonStringifyCall 2020-08-05 13:22:41 +02:00
Erik Krogh Kristensen
5a3f67a682 introduce model for JSON.stringify and similar libraries 2020-08-05 12:14:51 +02:00
semmle-qlci
13c3513d76 Merge pull request #3905 from erik-krogh/unsafeShellTypo 
Approved by esbena
 2020-07-06 11:41:56 +01:00
Erik Krogh Kristensen
8585312271 fix typo in js/shell-command-constructed-from-input 2020-07-06 10:33:49 +02:00
Esben Sparre Andreasen
80981ec8f5 Update UnsafeHtmlExpansion-transformed.html 2020-06-30 12:01:02 +02:00
Erik Krogh Kristensen
3f8881a334 don't report insecure randomness when the insecure random is just a fallback 2020-06-23 15:53:19 +02:00
semmle-qlci
0d61443915 Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing 
Approved by erik-krogh
 2020-06-23 13:01:41 +01:00
Asger F
ca06f6dfb4 Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-23 00:16:02 +01:00
Asger F
7d54b02fb9 Merge branch 'js-team-sprint' into js/delay-slow-query-merge 2020-06-22 16:34:49 +01:00
Esben Sparre Andreasen
9a0bbb31f4 Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" 
This reverts commit eca5e2df8a, reversing
changes made to 1548eca994.
 2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen
0a8d15ccc4 Revert "Merge pull request #3672 from esbena/js/server-crashing-route-handler" 
This reverts commit 243e3ad9e3, reversing
changes made to df79f2adc5.
 2020-06-22 14:45:35 +02:00
Esben Sparre Andreasen
3be094ea5b JS: polish js/incomplete-html-attribute-sanitization 2020-06-22 14:35:00 +02:00
Asger F
56124b68a3 Update javascript/ql/src/Security/CWE-079/ExceptionXss.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 12:54:19 +01:00
Asger Feldthaus
1edb2a1892 JS: Rephrase XSS queries that use exception/dom text as source 2020-06-22 10:44:46 +01:00
Esben Sparre Andreasen
0654823b97 Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen
f1dad0d6e0 Update DisablingCertificateValidation.qhelp 2020-06-22 11:24:33 +02:00
Esben Sparre Andreasen
3e898487e8 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-22 11:23:40 +02:00
Asger F
eca5e2df8a Merge pull request #3702 from esbena/js/memory-exhaustion 
JS: add query js/memory-exhaustion
 2020-06-19 20:35:57 +01:00
Erik Krogh Kristensen
0f5ef2c02a Merge branch 'js-team-sprint' into https-fix 2020-06-19 14:57:44 +02:00
Erik Krogh Kristensen
a17d152ca4 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-19 13:19:10 +02:00
Esben Sparre Andreasen
457588e893 JS: mention MITM 2020-06-19 11:59:12 +02:00
Esben Sparre Andreasen
0463c427a5 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:59 +02:00
Esben Sparre Andreasen
b8229ca362 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:48 +02:00
Esben Sparre Andreasen
e73beccc0b Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:26 +02:00
Esben Sparre Andreasen
2846666f32 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:47:13 +02:00
Esben Sparre Andreasen
4557af3c30 Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-19 09:46:58 +02:00
Erik Krogh Kristensen
7d6dac479c Merge branch 'js-team-sprint' into https-fix 2020-06-18 16:53:01 +02:00
Erik Krogh Kristensen
dcf617b235 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen
6b0adf18d1 rewrite sentence in private-file-exposure qhelp 2020-06-18 16:51:15 +02:00
Erik Krogh Kristensen
1556b62007 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-18 16:40:53 +02:00
Erik Krogh Kristensen
9ba2c98ec0 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-18 16:38:52 +02:00
Esben Sparre Andreasen
ab01dda559 JS: another qhelp fixup 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
96160a6334 JS: fixup qhelp 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
3f67e90374 JS: rename query, support timeouts, add documentation, add to suite 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
d9d8eb4805 JS: avoid type inference in the taint steps (just a nice to have) 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
fa4e8914e6 JS: fixups 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
7b97fd07a8 JS: add query js/memory-exhaustion 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
5e31f3a34e JS: polish js/disabling-certificate-validation 2020-06-18 09:07:08 +02:00
Erik Krogh Kristensen
27a20b263e Merge branch 'https-fix' of github.com:erik-krogh/ql into https-fix 2020-06-17 21:06:21 +02:00
Erik Krogh Kristensen
7a1c161e9e Merge branch 'js-team-sprint' into https-fix 2020-06-17 21:04:44 +02:00
Erik Krogh Kristensen
218338b4f1 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-17 21:04:00 +02:00
Erik Krogh Kristensen
73f26956a6 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-17 21:03:09 +02:00
Erik Krogh Kristensen
bdda587247 Merge branch 'js-team-sprint' into build-leaks 2020-06-17 19:51:30 +02:00
Erik Krogh Kristensen
a465fef7aa shorten sentence in qhelp 2020-06-17 17:24:18 +02:00