toufik-airane
|
8a2a33459a
|
Merge branch 'master' of github.com:toufik-airane/codeql
|
2020-06-20 16:56:27 +02:00 |
|
toufik-airane
|
b0aaca0e1c
|
JWT Missing Secret Or Public Key Verification
Add an experimental CodeQL query.
|
2020-06-20 16:54:41 +02:00 |
|
Esben Sparre Andreasen
|
baaa31665a
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp
|
2020-06-19 09:05:13 +02:00 |
|
Alessio Della Libera
|
eba64dba7c
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-18 19:44:46 +02:00 |
|
Alessio Della Libera
|
c0271b1627
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-18 19:44:38 +02:00 |
|
Alessio Della Libera
|
ffc9a449ab
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-18 19:43:45 +02:00 |
|
Alessio Della Libera
|
e84339d5bf
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-18 19:43:36 +02:00 |
|
ubuntu
|
71a7ec593c
|
Use StringOps to identify functions used for verifing the origin
|
2020-06-18 19:41:07 +02:00 |
|
ubuntu
|
c490cfdfa5
|
Create another branch
|
2020-06-17 19:51:14 +02:00 |
|
ubuntu
|
4ccfdef71d
|
Add CodeQL query to detect Log Injection in JS code
|
2020-06-17 19:44:58 +02:00 |
|
ubuntu
|
3104f8a37b
|
Remove Fields in PostMessageEvent
|
2020-06-16 18:30:00 +02:00 |
|
Alessio Della Libera
|
68b2a6c848
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-16 18:27:21 +02:00 |
|
Alessio Della Libera
|
8843522d14
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-16 18:26:42 +02:00 |
|
Alessio Della Libera
|
72dc6510b2
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-16 18:22:55 +02:00 |
|
ubuntu
|
e8b05b70c4
|
Added support for detecting unsafe methods used for origin verification
|
2020-06-10 23:11:03 +02:00 |
|
ubuntu
|
cf3142e083
|
Updated qhelp with a third example
|
2020-06-10 23:09:35 +02:00 |
|
ubuntu
|
92f9f320f9
|
Added new example of an unsafe event.origin verification
|
2020-06-10 23:07:05 +02:00 |
|
ubuntu
|
ab65ec40c0
|
Add Codeql to detect missing 'Message.origin' validation when using postMessage API
|
2020-06-08 20:18:34 +02:00 |
|
monkey-junkie
|
4594aa470d
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-06 18:18:06 +03:00 |
|
monkey-junkie
|
5ce9e0d0a2
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-06 14:32:55 +03:00 |
|
monkey-junkie
|
122354a81a
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-06 12:54:50 +03:00 |
|
monkey-junkie
|
3314dd0614
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-05-06 11:17:41 +03:00 |
|
monkey-junkie
|
560674b670
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 15:36:11 +03:00 |
|
monkey-junkie
|
758e85dd3e
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 15:34:57 +03:00 |
|
monkey-junkie
|
a8019705b5
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 15:24:24 +03:00 |
|
monkey-junkie
|
0aaa8af3bd
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 15:24:10 +03:00 |
|
monkey-junkie
|
056566ecc1
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 12:05:01 +03:00 |
|
monkey-junkie
|
3a4ea82ae2
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 12:02:46 +03:00 |
|
monkey-junkie
|
8310c96b97
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 11:59:06 +03:00 |
|
monkey-junkie
|
25df6e1664
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 11:58:49 +03:00 |
|
monkey-junkie
|
700a070a15
|
Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjection.js
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 11:58:40 +03:00 |
|
monkey-junkie
|
d8fb552097
|
Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjectionSafe.js
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 11:58:28 +03:00 |
|
John Doe
|
337be9c2e0
|
ssti query and help updated
|
2020-05-05 03:58:29 +03:00 |
|
John Doe
|
09922e5bb4
|
Merge branch 'master' of github.com:monkey-junkie/codeql
|
2020-05-05 03:44:23 +03:00 |
|
John Doe
|
895aa622bf
|
ssti updated
|
2020-05-05 03:37:43 +03:00 |
|
monkey-junkie
|
cd18842aa5
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 02:15:58 +03:00 |
|
monkey-junkie
|
a60660617f
|
Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-05-05 02:15:00 +03:00 |
|
John Doe
|
68b57502f9
|
JS SSTI CWE-094
|
2020-05-03 02:42:45 +03:00 |
|
Esben Sparre Andreasen
|
a66b4b55fe
|
Update javascript/ql/src/experimental/poi/PoI.qll
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-04-23 09:47:21 +02:00 |
|
Esben Sparre Andreasen
|
161c05dced
|
Apply suggestions from code review
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-04-23 08:41:54 +02:00 |
|
Esben Sparre Andreasen
|
a0e6562208
|
JS: address review feedback
|
2020-04-22 14:24:35 +02:00 |
|
Esben Sparre Andreasen
|
2186ca7efc
|
JS: address non-semantic review feedback
|
2020-04-22 14:24:35 +02:00 |
|
Esben Sparre Andreasen
|
27e5fce0ed
|
JS: make the default PoIConfiguration/enabled inclusive
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
3b45bcd285
|
JS: remove the standard PoI configurations
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
dd6378f1d0
|
JS: address PoI review comments
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
b2ca3d2bdc
|
JS: improve PoI::alertQuery docstring
|
2020-04-22 14:24:34 +02:00 |
|
Esben Sparre Andreasen
|
e4ea089a0b
|
JS: add experimental PoI module
|
2020-04-22 14:24:34 +02:00 |
|
Erik Krogh Kristensen
|
7b7eddff1e
|
remove previous SockJS implementation, and move example to WebSocket test
|
2020-03-23 23:45:05 +01:00 |
|
kyprizel
|
dec1b8b070
|
Update javascript/ql/src/experimental/SockJS/SockJS.qll
Fix comments
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-03-23 22:59:48 +03:00 |
|
kyprizel
|
b90ff5e84d
|
Update javascript/ql/src/experimental/SockJS/SockJS.qll
do not import specific libs
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-03-23 22:59:23 +03:00 |
|