hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,696 Commits 1,703 Branches 162 Tags
8715c1b324d078b4417259a235db96d30f22d766
Commit Graph

992 Commits

Author SHA1 Message Date
Asger F
8715c1b324 JS: Port HostHeaderPoisoningInEmailGeneration 2023-10-13 13:15:05 +02:00
Asger F
bc88f50a5f JS: Port HardcodedDataInterpretedAsCode 2023-10-13 13:15:04 +02:00
Asger F
4bac90252c JS: Port HardcodedCredentials 2023-10-13 13:15:04 +02:00
Asger F
f4d62c3225 JS: Port HttpToFileAccess 2023-10-13 13:15:04 +02:00
Asger F
2935aac559 JS: Port FileAccessToHttp 2023-10-13 13:15:04 +02:00
Asger F
8e95a90d03 JS: Port UntrustedDataToExternalAPI 2023-10-13 13:15:04 +02:00
Asger F
d324e554f3 JS: Port DeepObjectResourceExhaustion 2023-10-13 13:15:04 +02:00
Asger F
30f1fbc10d JS: Port CorsMisconfigurationForCredentials 2023-10-13 13:15:04 +02:00
Asger F
f14303acea JS: Port ConditionalBypass 2023-10-13 13:15:04 +02:00
Asger F
2296a273c4 JS: Port BuildArtifactLeak 2023-10-13 13:15:04 +02:00
Asger F
85617c292e JS: Port BrokenCryptoAlgorithm 2023-10-13 13:15:04 +02:00
Asger F
7a1aead831 JS: Port ZipSlip 2023-10-13 13:15:04 +02:00
Asger F
e9189f965f JS: Port LogInjection 2023-10-13 13:15:04 +02:00
Asger F
ae680e747b JS: Port LoopBoundInjection 2023-10-13 13:15:04 +02:00
Asger F
40d68cb4dc JS: Port CleartextStorage 2023-10-13 13:15:04 +02:00
Asger F
b8a6f81669 JS: Port CleartextLogging 2023-10-13 13:15:04 +02:00
Asger F
a5c221fcfc JS: Port PrototypePollutingMergeCall 2023-10-13 13:15:04 +02:00
Asger F
adf7d5409d JS: Port PrototypePollutingFunction 2023-10-13 13:15:04 +02:00
Asger F
f1f45927b1 JS: Port PrototypePollutingAssignment 2023-10-13 13:15:04 +02:00
Asger F
81d2721248 JS: Port ClientSideUrlRedirect 2023-10-13 13:15:04 +02:00
Asger F
46fd727a55 JS: Port ServerSideUrlRedirect 2023-10-13 13:15:04 +02:00
Asger F
92816b1c9a JS: Port ClientSideRequestForgery 2023-10-13 13:15:03 +02:00
Asger F
b2216627be JS: Port RequestForgery 2023-10-13 13:15:03 +02:00
Asger F
d7b4e0c206 JS: Port ExceptionXss 2023-10-13 13:15:03 +02:00
Asger F
cf5450dbd5 JS: Port XssThroughDom 2023-10-13 13:15:03 +02:00
Asger F
5f05232e02 JS: Port StoredXss 2023-10-13 13:15:03 +02:00
Asger F
46b90e51fc JS: Port ReflectedXss 2023-10-13 13:15:03 +02:00
Asger F
e091fdefa4 JS: Port DomBasedXss 2023-10-13 13:15:03 +02:00
Asger F
547a8a958a JS: Port SqlInjection 2023-10-13 13:15:03 +02:00
Asger F
65e9706c8e JS: Port TaintedPath 2023-10-13 13:15:03 +02:00
Asger F
fcfab5238e JS: Port CodeInjection 2023-10-13 13:15:03 +02:00
Asger F
17233a6749 JS: Port CommandInjection 2023-10-13 13:15:03 +02:00
erik-krogh
ccd06c78b9 delete an .expected file outside the test directories 2023-10-10 21:35:19 +02:00
Erik Krogh Kristensen
7e7852eff6 Merge pull request #13641 from erik-krogh/multi-char 
JS/RB: write qhelp for `incomplete-multi-character-sanitization`
 2023-09-14 14:48:30 +02:00
Max Schaefer
e722e3288f Merge pull request #13771 from github/max-schaefer/server-side-url-redirect-help 
JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.
 2023-09-13 13:20:48 +01:00
Max Schaefer
a9e81672f0 Make suggestion to replace example.com more explicit. 2023-09-12 16:54:05 +01:00
Max Schaefer
7ddb7da65e Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-09-12 16:47:23 +01:00
Max Schaefer
46d7165885 Explain about redirects to example.com. 2023-09-07 09:12:07 +01:00
Max Schaefer
a02f373e79 Use better sanitiser. 2023-09-06 14:06:16 +01:00
Max Schaefer
87364137df Use more sensible validator in example. 2023-08-21 15:14:01 +01:00
erik-krogh
5ffce86768 change the defaults in the qhelp for missing-rate-limit to something more reasonable 2023-08-10 13:40:17 +02:00
Erik Krogh Kristensen
6631e838cf re-appearing -> reappearing 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2023-08-07 09:57:52 +02:00
Max Schaefer
5124310f14 Update javascript/ql/src/Security/CWE-730/ServerCrash.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2023-08-01 17:03:05 +01:00
Max Schaefer
7823ff968c JavaScript: Improve query help for js/server-side-unvalidated-url-redirection. 2023-07-19 13:23:25 +01:00
Max Schaefer
9432fec612 JavaScript: Improve qhelp for js/server-crash. 
The examples now use `fs.access` instead of the deprecated `fs.exists`. I have also rewritten the async/await example, since as of Node.js v15 the default behaviour for uncaught exceptions has changed to terminating the process instead of logging a warning, making the previous advice incorrect.
 2023-07-17 14:44:23 +01:00
erik-krogh
1fe66232c6 suggestions based on review: add a popular library example for HTML-sanitization, and use the old text about ../ replacements 2023-07-13 14:28:11 +02:00
Erik Krogh Kristensen
9db970f055 apply suggestion from review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2023-07-13 14:17:33 +02:00
Max Schaefer
ae237247f2 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-07-13 12:10:57 +01:00
Max Schaefer
63c45a0da3 Add another example of when and how to use shell-quote. 2023-07-10 14:02:17 +01:00
Max Schaefer
1d3e3440f2 Add example of manual sanitisation. 2023-07-06 12:54:30 +01:00