CodeQL CI
|
8129d0c0ac
|
Merge pull request #4762 from asgerf/js/template-sinks-in-code-injection
Approved by erik-krogh, mchammer01
|
2020-12-07 04:35:11 -08:00 |
|
Asger Feldthaus
|
5561e8f1f6
|
JS: Delete old query and update qhelp
|
2020-12-01 17:05:48 +00:00 |
|
Anders Schack-Mulligen
|
8f2094f0bf
|
Autoformat.
|
2020-11-30 14:42:38 +01:00 |
|
Anders Schack-Mulligen
|
89ef6ea4eb
|
C++/C#/Java/JavaScript/Python: Autoformat set literals.
|
2020-11-10 13:32:27 +01:00 |
|
Asger Feldthaus
|
7a3f0095f6
|
JS: Autoformat
|
2020-10-28 11:57:23 +00:00 |
|
Asger Feldthaus
|
a9adb2912a
|
JS: Improve lodash model
|
2020-10-28 10:09:41 +00:00 |
|
Asger Feldthaus
|
78c85775e3
|
JS: Do not extend AdditionalTaintStep in the ldap library
|
2020-10-20 09:07:12 +01:00 |
|
Esben Sparre Andreasen
|
c0a67a8d7b
|
JS: another CWE-20 -> CWE-020
|
2020-09-28 14:27:10 +02:00 |
|
Esben Sparre Andreasen
|
ba0a2e1665
|
JS: tag consistency: replace cwe-20 with cwe-020
|
2020-09-25 10:28:05 +02:00 |
|
Erik Krogh Kristensen
|
ed54fdcb06
|
Merge pull request #4118 from dellalibera/js/ldap
[javascript] CodeQL to detect LDAP Injection
|
2020-09-03 14:50:03 +02:00 |
|
Alessio Della Libera
|
116e7d006d
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-03 10:32:18 +02:00 |
|
Alessio Della Libera
|
bfae0ef5d5
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-03 10:32:08 +02:00 |
|
Erik Krogh Kristensen
|
fb3148a7a8
|
autoformat
|
2020-09-03 08:17:08 +02:00 |
|
Alessio Della Libera
|
785f335ab8
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-02 15:22:33 +02:00 |
|
Alessio Della Libera
|
548cb65a64
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-02 15:22:23 +02:00 |
|
Alessio Della Libera
|
26046a4847
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-02 15:22:07 +02:00 |
|
Alessio Della Libera
|
6ad88bf93f
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-02 15:21:55 +02:00 |
|
ubuntu
|
042d07161c
|
Rename getQueryCall to getQueryCallSink
|
2020-09-01 22:43:31 +02:00 |
|
ubuntu
|
15562e4814
|
Update LdapjsSearchOptions
|
2020-09-01 22:28:58 +02:00 |
|
ubuntu
|
e2e55455c1
|
Update LdapjsSearchOptions and getQueryCall
|
2020-09-01 22:23:07 +02:00 |
|
Alessio Della Libera
|
8f00acd4e2
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 21:00:49 +02:00 |
|
Alessio Della Libera
|
78ebcee570
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 21:00:38 +02:00 |
|
Alessio Della Libera
|
b86b9ba510
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 21:00:21 +02:00 |
|
Alessio Della Libera
|
28729915d7
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 20:56:25 +02:00 |
|
Alessio Della Libera
|
1b50477fae
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 20:55:44 +02:00 |
|
Alessio Della Libera
|
44e728016b
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-09-01 20:54:58 +02:00 |
|
ubuntu
|
104c9b5dac
|
Move sinks into separate classes
|
2020-08-29 11:24:58 +02:00 |
|
Alessio Della Libera
|
8f98723822
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-29 11:18:41 +02:00 |
|
Esben Sparre Andreasen
|
9aa1404646
|
JS: fix formatting of InsecureCookie.qll
|
2020-08-27 09:44:45 +02:00 |
|
ubuntu
|
736f76b685
|
Simplify getQueryCall
|
2020-08-27 02:12:17 +02:00 |
|
ubuntu
|
30e7f958a8
|
Highlight API call
|
2020-08-27 01:42:16 +02:00 |
|
ubuntu
|
7eeec0d765
|
Correct typo example
|
2020-08-27 01:07:13 +02:00 |
|
ubuntu
|
cbe879ae73
|
Correct typo examples
|
2020-08-27 01:05:49 +02:00 |
|
ubuntu
|
68ff480892
|
Update .qhelp
|
2020-08-27 00:51:08 +02:00 |
|
ubuntu
|
13f443d2c3
|
Update getLdapjsClientDNMethodName
|
2020-08-27 00:48:29 +02:00 |
|
Alessio Della Libera
|
616113aeff
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-27 00:47:29 +02:00 |
|
ubuntu
|
94bd9c6d3e
|
Rename LdapjsDN to LdapjsDNArgument and add it as Sink
|
2020-08-27 00:43:38 +02:00 |
|
ubuntu
|
7d36b3b4d2
|
Correct typo
|
2020-08-27 00:26:54 +02:00 |
|
ubuntu
|
2305a642eb
|
Correct typo
|
2020-08-27 00:24:50 +02:00 |
|
Alessio Della Libera
|
23287aacee
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-27 00:17:55 +02:00 |
|
Alessio Della Libera
|
f12ac8ca60
|
Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-27 00:17:33 +02:00 |
|
ubuntu
|
cd1d50b637
|
Update expected output
|
2020-08-26 23:50:15 +02:00 |
|
Alessio Della Libera
|
dcf51c75e9
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.ql
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-26 23:33:52 +02:00 |
|
Alessio Della Libera
|
57f3c73d3d
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-26 02:08:31 +02:00 |
|
Alessio Della Libera
|
6979c394fe
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-26 02:08:18 +02:00 |
|
Alessio Della Libera
|
355c7bc3b5
|
Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-08-26 02:08:08 +02:00 |
|
Alessio Della Libera
|
e027c8cc13
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-26 01:48:05 +02:00 |
|
Alessio Della Libera
|
a1f64e26cf
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-26 01:47:52 +02:00 |
|
Alessio Della Libera
|
3bd7615a75
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-26 01:47:37 +02:00 |
|
Alessio Della Libera
|
57cf447188
|
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-08-26 01:46:59 +02:00 |
|