codeql

mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00

Author	SHA1	Message	Date
erik-krogh	6f3ca40fed	expand the explanation to include with arguments make the commands vulnerable	2022-11-01 14:24:23 +01:00
Erik Krogh Kristensen	8fd6424db9	fix the qhelp Co-authored-by: Asger F <asgerf@github.com>	2022-11-01 14:05:25 +01:00
erik-krogh	fc2112831c	add second-order-command-injection query	2022-10-30 21:20:47 +01:00
Erik Krogh Kristensen	bbdda9ef70	Merge pull request #10727 from erik-krogh/js-last-msg JS: fix some more style-guide violations in the alert-messages	2022-10-27 15:48:12 +02:00
erik-krogh	0f9b4334cc	remove some FPs in `js/password-in-configuration-file`	2022-10-26 11:51:56 +02:00
Erik Krogh Kristensen	71135da7ff	Merge pull request #10768 from erik-krogh/fixFileLoops JS: fix that js/file-system-race could have FPs related to loops	2022-10-17 12:01:55 +02:00
Josh Soref	9d6ea28448	spelling: the Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-12 04:40:26 -04:00
erik-krogh	7500a31814	fix that js/file-system-race could have FPs related to loops	2022-10-11 13:41:51 +02:00
Josh Soref	cbea5ec40c	spelling: executables Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	6db36616cd	spelling: arbitrary Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:35 -04:00
erik-krogh	368f84785b	fix some more style-guide violations in the alert-messages	2022-10-07 11:22:22 +02:00
Nick Rolfe	ed74e0aad1	JS/Python/Ruby: s/a HTML/an HTML/	2022-09-30 10:37:52 +01:00
Erik Krogh Kristensen	0720fa75df	Merge pull request #10286 from erik-krogh/js-followMsg JS: change alert messages of path queries to use the same template	2022-09-20 16:12:45 +02:00
erik-krogh	fb5a04a71d	filter out "file read after existence check" from js/file-system-race	2022-09-19 13:26:10 +02:00
erik-krogh	87fb01d55b	apply another suggestion from doc review	2022-09-12 15:36:02 +02:00
erik-krogh	afcb767f8d	Merge branch 'main' into js-followMsg	2022-09-12 13:21:16 +02:00
erik-krogh	6ec03d4738	apply suggestions from doc review	2022-09-12 13:16:39 +02:00
erik-krogh	26d8553f6e	ensure consistent casing of names	2022-09-09 10:34:14 +02:00
Erik Krogh Kristensen	9893650f7c	Merge pull request #8604 from erik-krogh/httpNode JS: refactor most library models away from AST nodes	2022-09-09 10:04:17 +02:00
erik-krogh	a35fe1ffab	Merge branch 'main' into js-followMsg	2022-09-08 13:09:15 +02:00
erik-krogh	24f2e3cc07	update alert-messages of the sensitive data queries to match #10314	2022-09-06 12:25:36 +02:00
erik-krogh	0776687991	fix leftover todo in js/insecure-temporary-file	2022-09-06 10:05:50 +02:00
Erik Krogh Kristensen	b4968eb645	refactor the SensitiveExpr to be a dataflow node	2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen	9cb7522bc1	change `RouteSetup` to a `DataFlow::Node`	2022-09-05 15:45:31 +02:00
erik-krogh	aa56ca37ae	make the alert messages of taint-tracking queries more consistent	2022-09-05 14:04:52 +02:00
erik-krogh	cc7a9ef97a	rename more acronyms	2022-08-25 20:52:27 +02:00
Erik Krogh Kristensen	06afe9c0f4	Merge pull request #9816 from erik-krogh/msgConsis Make alert messages consistent across languages	2022-08-25 15:20:01 +02:00
erik-krogh	f1799ae3d2	print the endpointExample in the alert-messsage, and only report one working example	2022-08-24 13:09:48 +02:00
erik-krogh	20625ae60d	update {js/go/py}/xpath-injection to match csharp/java	2022-08-22 21:41:46 +02:00
erik-krogh	b5458b2125	update js/insecure-randomness to match csharp	2022-08-22 21:41:46 +02:00
erik-krogh	9cdd8cc8f5	update js/tainted-format-string to match ruby/java	2022-08-22 21:41:46 +02:00
erik-krogh	9395f156de	update {js/py}/command-line-injection to match csharp/java	2022-08-22 21:41:46 +02:00
erik-krogh	3553f3d9b8	update {rb/py/js/go}/path-injection to match java/csharp	2022-08-22 21:41:45 +02:00
erik-krogh	594fbc678e	update js/zip-slip to match java/go/csharp	2022-08-22 21:41:45 +02:00
erik-krogh	0aebc90b61	don't lowercase the endpointExample, and correctly handle root states	2022-08-21 18:38:47 +02:00
erik-krogh	d052b1e3c9	also support regular expressions without repetitions	2022-08-19 19:21:44 +02:00
erik-krogh	26fcf6b25b	apply suggestions from review	2022-08-18 15:00:57 +02:00
erik-krogh	de3e1c39e4	use the shared regular expression libraries in `js/case-sensitive-middleware-path`	2022-08-18 10:07:55 +02:00
Harry Maclean	f1a546c4d6	Rename IncompleteMultiCharacterSanitization[Query]	2022-08-17 16:03:49 +12:00
Harry Maclean	e48158b9ad	JS: Share more code with Ruby	2022-08-17 16:03:49 +12:00
Harry Maclean	b7d9bf4066	Share IncompleteMultiCharacterSanitization JS/Ruby Most of the classes and predicates in this query can be shared between the two languages. There's just a few language-specific things that we place in IncompleteMultiCharacterSanitizationSpecific.	2022-08-17 16:03:46 +12:00
Erik Krogh Kristensen	f106e064fa	Merge pull request #9422 from erik-krogh/refacReDoS Refactorizations of the ReDoS libraries	2022-08-16 09:32:08 +02:00
Erik Krogh Kristensen	0adb588fe8	Merge pull request #9712 from erik-krogh/badRange JS/RB/PY/Java: add suspicious range query	2022-08-15 13:55:44 +02:00
erik-krogh	b54f037424	Merge branch 'main' into refacReDoS	2022-08-12 20:28:30 +02:00
Esben Sparre Andreasen	0c6f28014c	Merge pull request #9821 from erik-krogh/jsQlFix JS: fix some QL-for-QL warnings in JS	2022-08-09 22:06:29 +02:00
Erik Krogh Kristensen	49276b1f38	Merge branch 'main' into refacReDoS	2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen	0abbd50ca1	apply changes based on docs review	2022-08-09 13:51:40 +02:00
Asger F	855d4c2ea1	Merge pull request #9718 from asgerf/js/case-sensitive-middleware JS: Add 'case sensitive middleware' query	2022-07-14 10:47:58 +02:00
Erik Krogh Kristensen	43a82004b2	Merge pull request #9798 from erik-krogh/backtrackers JS: use small steps in TypeBackTracker correctly	2022-07-14 10:28:07 +02:00
Erik Krogh Kristensen	ed80089d7c	fix some QL-for-QL warnings in JS	2022-07-14 09:45:44 +02:00

1 2 3 4 5 ...

847 Commits