hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 07:36:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,762 Commits 1,673 Branches 157 Tags
6979c394fe8f3c494b0e930773b00aebc26d7879
Commit Graph

75 Commits

Author SHA1 Message Date
Alessio Della Libera
6979c394fe Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-26 02:08:18 +02:00
Alessio Della Libera
355c7bc3b5 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-26 02:08:08 +02:00
ubuntu
3e97ec85b2 Add CodeQL to detect LDAP Injection in JS 2020-08-23 15:24:29 +02:00
semmle-qlci
b24fba8df0 Merge pull request #3734 from dellalibera/loginjection 
Approved by esbena
 2020-06-25 11:06:25 +01:00
ubuntu
d9a0dc0982 Remove check for console().getAMethodCall 2020-06-24 19:31:23 +02:00
ubuntu
65eba0272d Merge remote-tracking branch 'upstream/master' into loginjection 2020-06-24 19:15:27 +02:00
Toufik Airane
27f91b36b0 Update javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-23 12:28:21 +02:00
toufik-airane
37f44d98ce fix minor issues 2020-06-23 12:28:03 +02:00
toufik-airane
f7cbc8a8d4 Enhance query ouput 
- add valuable text to assess the query results
- add an example of the output
 2020-06-22 22:34:06 +02:00
toufik-airane
0f8879716f rewrite description 2020-06-22 21:57:58 +02:00
Alessio Della Libera
a759905a5c Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-22 20:37:38 +02:00
toufik-airane
364f0ca734 rewrite description 2020-06-22 20:11:58 +02:00
toufik-airane
ac8991b192 remove JWTMissingSecretOrPublicKeyVerification.qll 2020-06-22 20:09:48 +02:00
toufik-airane
d9ecb7d762 rewrite help 2020-06-22 20:06:17 +02:00
toufik-airane
d65b7be32b rewrite help 2020-06-22 20:00:52 +02:00
Toufik Airane
bb7ba50e23 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 19:27:36 +02:00
toufik-airane
4853b8a281 Try to finish the PR 
- Add help documentation
- Empty qll file
- rename examples
 2020-06-22 13:26:13 +02:00
toufik-airane
7166d5422e add test file for CWE-347 
Add a test file for CWE-347.
The HS256 algorithm is safe, but the none algorithm is unsafe.
 2020-06-20 17:10:35 +02:00
toufik-airane
8a2a33459a Merge branch 'master' of github.com:toufik-airane/codeql 2020-06-20 16:56:27 +02:00
toufik-airane
b0aaca0e1c JWT Missing Secret Or Public Key Verification 
Add an experimental CodeQL query.
 2020-06-20 16:54:41 +02:00
Esben Sparre Andreasen
baaa31665a Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 2020-06-19 09:05:13 +02:00
Alessio Della Libera
eba64dba7c Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:46 +02:00
Alessio Della Libera
c0271b1627 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:38 +02:00
Alessio Della Libera
ffc9a449ab Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:45 +02:00
Alessio Della Libera
e84339d5bf Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:36 +02:00
ubuntu
71a7ec593c Use StringOps to identify functions used for verifing the origin 2020-06-18 19:41:07 +02:00
Alessio Della Libera
cc91026873 Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-06-18 19:31:11 +02:00
Alessio Della Libera
b4f255176a Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.help 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-06-18 19:29:34 +02:00
ubuntu
41c029567f Add CodeQL query to detect Log Injection in JS code 2020-06-17 21:16:24 +02:00
ubuntu
c490cfdfa5 Create another branch 2020-06-17 19:51:14 +02:00
ubuntu
4ccfdef71d Add CodeQL query to detect Log Injection in JS code 2020-06-17 19:44:58 +02:00
ubuntu
3104f8a37b Remove Fields in PostMessageEvent 2020-06-16 18:30:00 +02:00
Alessio Della Libera
68b2a6c848 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:27:21 +02:00
Alessio Della Libera
8843522d14 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:26:42 +02:00
Alessio Della Libera
72dc6510b2 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:22:55 +02:00
ubuntu
e8b05b70c4 Added support for detecting unsafe methods used for origin verification 2020-06-10 23:11:03 +02:00
ubuntu
cf3142e083 Updated qhelp with a third example 2020-06-10 23:09:35 +02:00
ubuntu
92f9f320f9 Added new example of an unsafe event.origin verification 2020-06-10 23:07:05 +02:00
ubuntu
ab65ec40c0 Add Codeql to detect missing 'Message.origin' validation when using postMessage API 2020-06-08 20:18:34 +02:00
monkey-junkie
4594aa470d Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 18:18:06 +03:00
monkey-junkie
5ce9e0d0a2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 14:32:55 +03:00
monkey-junkie
122354a81a Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 12:54:50 +03:00
monkey-junkie
3314dd0614 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-06 11:17:41 +03:00
monkey-junkie
560674b670 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:36:11 +03:00
monkey-junkie
758e85dd3e Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:34:57 +03:00
monkey-junkie
a8019705b5 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:24 +03:00
monkey-junkie
0aaa8af3bd Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:10 +03:00
monkey-junkie
056566ecc1 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:05:01 +03:00
monkey-junkie
3a4ea82ae2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:02:46 +03:00
monkey-junkie
8310c96b97 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:59:06 +03:00