hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 09:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
68,295 Commits 1,754 Branches 167 Tags
61df4d2f046e1fab930796ac47d45bbde6826287
Commit Graph

26 Commits

Author SHA1 Message Date
aegilops
61df4d2f04 Merge branch 'aegilops/polyfill-io-compromised-script' of https://github.com/aegilops/codeql into aegilops/polyfill-io-compromised-script 2024-07-12 12:49:18 +01:00
aegilops
00d91dc6ba Created guide on customizing these queries, and referenced it in the query help 2024-07-12 12:49:09 +01:00
aegilops
040f948e65 Added a note that SRI can be considered for some dynamic services 2024-07-12 12:48:36 +01:00
Paul Hodgkinson
3f37fe6add Apply suggestions from code review - docs and wording 
Docs suggestions accepted, thank you 🙏

Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-07-12 11:48:39 +01:00
aegilops
d71be8aeaf Moved from experimental into default queries 2024-07-11 11:44:01 +01:00
aegilops
86afd54a9b Moved new query to 'experimental' 
Moved lists of domains to data extensions, including adding those to the overall qlpack.yml

Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io
 2024-07-09 16:38:01 +01:00
aegilops
b4d8c4889a Fixed wrong name for example HTML 2024-07-01 16:58:03 +01:00
aegilops
1744a98017 Added full stop to end of message 2024-07-01 16:53:22 +01:00
aegilops
ceda46e317 Fixed ending <p> tags 2024-07-01 16:52:28 +01:00
aegilops
a1b0703690 Added detection for specific Polyfill.io CDN compromise - edited existing library and added new query and tests 2024-07-01 16:21:34 +01:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Stephan Brandauer
1ed71e15f3 apply docreview feedback 2022-02-23 11:21:22 +01:00
Stephan Brandauer
2278e7f6e6 CWE 830 polish error messages 2022-02-22 11:41:54 +01:00
Stephan Brandauer
82330391c3 CWE-830 add support for setting attributes via setAttribute method 2022-02-22 11:41:54 +01:00
Stephan Brandauer
d80cd1aeb5 CWE 830 test where both branches in a ternary are unsafe 2022-02-22 11:41:53 +01:00
Stephan Brandauer
2934aa1a3a rewrite docs, improve error messages, etc 2022-02-22 11:41:53 +01:00
Stephan Brandauer
d2335b65d5 stylistic improvements after review 2022-02-22 11:41:53 +01:00
Stephan Brandauer
9aec4437e2 polish qhelp for CWE-830 and add test file 2022-02-22 11:41:53 +01:00
Stephan Brandauer
44d86569ac remove illegal chars from comments 2022-02-22 11:41:53 +01:00
Stephan Brandauer
fd77e27ed9 replace taint tracking by type tracking and merge remaining queries for CWE-830 2022-02-22 11:41:53 +01:00
Stephan Brandauer
8cafa6d562 improve error message in CWE-830 2022-02-22 11:41:53 +01:00
Stephan Brandauer
780fa97869 always require integrity checking for certain CDNs 2022-02-22 11:41:53 +01:00
Stephan Brandauer
8d397fea09 JS: query to find dynamic creations of DOM elements that use untrusted sources 2022-02-22 11:41:52 +01:00
Stephan Brandauer
b35c70994f permit http urls to 127.0.0.1 and others 2022-02-22 11:41:52 +01:00
Stephan Brandauer
dd2b779a3c add CWE 830 link to references 2022-02-22 11:41:52 +01:00
Stephan Brandauer
6722c17bb0 JS: Functionality from untrusted sources query (CWE-830) 2022-02-22 11:41:52 +01:00