codeql

mirror of https://github.com/github/codeql.git synced 2026-04-06 15:44:01 +02:00

Author	SHA1	Message	Date
Asger F	dcc73a7f90	JS: Port RegExpInjection	2023-10-13 13:15:05 +02:00
Max Schaefer	5124310f14	Update javascript/ql/src/Security/CWE-730/ServerCrash.qhelp Co-authored-by: Asger F <asgerf@github.com>	2023-08-01 17:03:05 +01:00
Max Schaefer	9432fec612	JavaScript: Improve qhelp for js/server-crash. The examples now use `fs.access` instead of the deprecated `fs.exists`. I have also rewritten the async/await example, since as of Node.js v15 the default behaviour for uncaught exceptions has changed to terminating the process instead of logging a warning, making the previous advice incorrect.	2023-07-17 14:44:23 +01:00
erik-krogh	36478124ae	add process.env and process.argv etc. as source for `js/regex-injection`	2023-02-14 14:21:53 +01:00
erik-krogh	442749bb7f	JS: add heuristic variants of queries that use RemoteFlowSource	2022-12-19 12:01:22 +01:00
erik-krogh	368f84785b	fix some more style-guide violations in the alert-messages	2022-10-07 11:22:22 +02:00
Erik Krogh Kristensen	0720fa75df	Merge pull request #10286 from erik-krogh/js-followMsg JS: change alert messages of path queries to use the same template	2022-09-20 16:12:45 +02:00
erik-krogh	26d8553f6e	ensure consistent casing of names	2022-09-09 10:34:14 +02:00
erik-krogh	aa56ca37ae	make the alert messages of taint-tracking queries more consistent	2022-09-05 14:04:52 +02:00
Erik Krogh Kristensen	69353bb014	patch upper-case acronyms to be PascalCase	2022-03-11 11:10:33 +01:00
Erik Krogh Kristensen	1407b49a8f	fix some instances of ql/pred-doc-style for JS	2022-02-21 15:02:21 +01:00
Mathias Vorreiter Pedersen	f3bb0a676e	JS: Replace '.prefix'/'.suffix' with '.matches'.	2021-10-13 13:23:07 +01:00
Asger Feldthaus	f6da030572	JS: Migrate to *Query.qll convention	2021-08-12 09:30:18 +02:00
Calum Grant	771e686946	Update security-severity scores	2021-06-15 13:25:17 +01:00
Calum Grant	a594afb828	Add security-severity metadata	2021-06-10 20:11:08 +01:00
Esben Sparre Andreasen	3f3962f7a9	Update javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-B.js Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2021-01-22 14:03:21 +01:00
Esben Sparre Andreasen	718f6eb3fd	JS: update and prettify examples	2021-01-22 13:17:38 +01:00
Esben Sparre Andreasen	9e3cc3b1b2	JS: add qhelp and changenotes for js/server-crash	2021-01-21 08:43:13 +01:00
Esben Sparre Andreasen	3015dcd310	JS: reformulate js/server-crash. Support promises and shorter paths.	2021-01-19 09:08:52 +01:00
Esben Sparre Andreasen	12b985be87	Update javascript/ql/src/Security/CWE-730/ServerCrash.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2021-01-13 14:49:29 +01:00
Esben Sparre Andreasen	d591c519a8	JS: reformulate js/server-crash as a path problem	2021-01-13 00:08:28 +01:00
Esben Sparre Andreasen	2dbd762bd9	JS: reintroduce reverted js/server-crash This reverts commit `0a8d15ccc4`.	2021-01-11 14:13:41 +01:00
Max Schaefer	31bb39a810	JavaScript: Autoformat all QL files.	2019-01-07 10:15:45 +00:00
Max Schaefer	3fcd02ab0e	JavaScript: Rename `hasPathFlow` to `hasFlowPath` for consistency with other languages.	2018-11-14 11:23:17 +00:00
Max Schaefer	52ae757279	JavaScript: Select `Node`s (instead of `PathNode`s) everywhere.	2018-11-14 09:16:40 +00:00
Max Schaefer	e365b722ee	JavaScript: Select `source` and `sink` in all path queries.	2018-11-14 09:16:40 +00:00
Max Schaefer	11d6259dbf	JavaScript: Move from `Node` to `PathNode`.	2018-11-14 09:16:40 +00:00
Max Schaefer	8d87f556e1	JavaScript: Add `import DataFlow::PathGraph`.	2018-11-14 09:16:40 +00:00
Max Schaefer	60a1357092	JavaScript: Make all taint-based security queries have `@kind path-problem`.	2018-11-14 09:16:40 +00:00
Max Schaefer	65bcf0f526	JavaScript: Refactor security queries for uniformity.	2018-11-14 09:16:40 +00:00
Pavel Avgustinov	b55526aa58	QL code and tests for C#/C++/JavaScript.	2018-08-02 17:53:23 +01:00

31 Commits