erik-krogh
368f84785b
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
erik-krogh
aa56ca37ae
make the alert messages of taint-tracking queries more consistent
2022-09-05 14:04:52 +02:00
erik-krogh
9cdd8cc8f5
update js/tainted-format-string to match ruby/java
2022-08-22 21:41:46 +02:00
Asger Feldthaus
682a71176d
JS: Make TaintedFormatString have same severity as LogInjection
...
The CWE number for this query is associated with buffer overflows
from printf/scanf-style functions in C++, which has likely determined
its derived security score.
But in JavaScript, a tainted format string is unlikely to lead to
anything worse than log injection so we're manually update its score
to reflect this.
2021-10-05 10:10:01 +02:00
Asger Feldthaus
f6da030572
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
Calum Grant
771e686946
Update security-severity scores
2021-06-15 13:25:17 +01:00
Calum Grant
a594afb828
Add security-severity metadata
2021-06-10 20:11:08 +01:00
Max Schaefer
31bb39a810
JavaScript: Autoformat all QL files.
2019-01-07 10:15:45 +00:00
Max Schaefer
3fcd02ab0e
JavaScript: Rename hasPathFlow to hasFlowPath for consistency with other languages.
2018-11-14 11:23:17 +00:00
Max Schaefer
52ae757279
JavaScript: Select Nodes (instead of PathNodes) everywhere.
2018-11-14 09:16:40 +00:00
Max Schaefer
e365b722ee
JavaScript: Select source and sink in all path queries.
2018-11-14 09:16:40 +00:00
Max Schaefer
11d6259dbf
JavaScript: Move from Node to PathNode.
2018-11-14 09:16:40 +00:00
Max Schaefer
8d87f556e1
JavaScript: Add import DataFlow::PathGraph.
2018-11-14 09:16:40 +00:00
Max Schaefer
60a1357092
JavaScript: Make all taint-based security queries have @kind path-problem.
2018-11-14 09:16:40 +00:00
Max Schaefer
65bcf0f526
JavaScript: Refactor security queries for uniformity.
2018-11-14 09:16:40 +00:00
Pavel Avgustinov
b55526aa58
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
