hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-07 08:06:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,221 Commits 1,703 Branches 162 Tags
908edb39b91bbbb10fa02f4a97a73ae56e35be8c
Commit Graph

394 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
908edb39b9 unsecure -> insecure 2020-06-12 11:02:26 +02:00
Erik Krogh Kristensen
57d2226080 typo 2020-06-12 10:55:29 +02:00
Erik Krogh Kristensen
3f957103ed improve alert message - and autoformat 2020-06-12 10:53:19 +02:00
Erik Krogh Kristensen
056a7e87ff refactor into customizations module - and move curl download to a ClientRequest 2020-06-12 10:51:09 +02:00
Erik Krogh Kristensen
8225adcaea move TODOs 2020-06-12 10:28:06 +02:00
Erik Krogh Kristensen
5b491313ad add simple query for detecting sensitive files downloaded over unsecure connection 2020-06-11 23:19:28 +02:00
Erik Krogh Kristensen
167239e745 add query to detect accidential leak of private files 2020-06-08 23:41:14 +02:00
Esben Sparre Andreasen
f9ed64fc45 Merge branch 'master' into js/membershiptest 2020-06-02 08:54:44 +02:00
semmle-qlci
b9ecf1a304 Merge pull request #3447 from erik-krogh/LibCmdInjection 
Approved by asgerf, mchammer01
 2020-05-22 17:10:57 +01:00
Erik Krogh Kristensen
b297837969 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-05-21 14:32:02 +02:00
Erik Krogh Kristensen
b71919299b Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-19 14:03:03 +02:00
Erik Krogh Kristensen
b8ba31aaa0 autoformat 2020-05-18 21:06:19 +02:00
Erik Krogh Kristensen
0f82370f4e rename getHighLight() -> getAlertLocation() 2020-05-18 12:28:28 +02:00
Erik Krogh Kristensen
2b1724291b adjust qhelp to focus on user-controlled data 2020-05-18 12:27:20 +02:00
Erik Krogh Kristensen
d18808698a adjust qhelp to focus on the execFile API 2020-05-18 12:22:46 +02:00
Esben Sparre Andreasen
aa87008775 JS: typo fixups 2020-05-18 12:19:46 +02:00
Erik Krogh Kristensen
9c294513c7 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-18 12:18:20 +02:00
Esben Sparre Andreasen
b3691cd0e9 JS: change MembershipTest to MembershipCandidate 2020-05-18 11:51:00 +02:00
Esben Sparre Andreasen
ddb545c182 JS: introduce MembershipTests.qll and use in two locations 2020-05-18 09:50:00 +02:00
semmle-qlci
135eae9895 Merge pull request #3483 from esbena/js/fix-qhelp-FNs 
Approved by asgerf
 2020-05-18 08:47:05 +01:00
semmle-qlci
0230b79efc Merge pull request #3391 from erik-krogh/SplitFPs 
Approved by esbena
 2020-05-18 08:46:26 +01:00
Erik Krogh Kristensen
59001bbdf4 add qhelp for js/shell-command-constructed-from-input 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
5e647da0de add js/shell-command-constructed-from-input query 2020-05-17 10:32:15 +02:00
Esben Sparre Andreasen
1c5bffc095 JS: fix some FNs in the qhelp examples 2020-05-15 12:40:38 +02:00
Esben Sparre Andreasen
9552352d6a JS: address qhelp feedback 2020-05-13 12:53:59 +02:00
Esben Sparre Andreasen
7cc3a5a242 JS: qhelp fixups 2020-05-06 14:46:34 +02:00
Esben Sparre Andreasen
69191577d6 JS: qhelp for js/unsafe-html-expansion 2020-05-06 14:03:27 +02:00
Esben Sparre Andreasen
99e5db407f JS: address review comments 2020-05-05 14:04:05 +02:00
Erik Krogh Kristensen
bffb12725b add test and change-note to prototype-polution 2020-05-05 13:49:11 +02:00
Erik Krogh Kristensen
3568439769 change getAnElementRead to getASubstringRead 2020-05-05 13:33:21 +02:00
Erik Krogh Kristensen
fe02137d0b change naming of StringSplitCall methods 2020-05-05 13:27:14 +02:00
Esben Sparre Andreasen
304b013f88 JS: query and tests for unsafe HTML expansion 2020-05-05 10:32:16 +02:00
Erik Krogh Kristensen
89f45372d1 introduce StringSplitCall and use it 2020-05-05 09:13:15 +02:00
Esben Sparre Andreasen
04b5a794f1 Merge pull request #3313 from esbena/js/typical-bad-sanitizer 
New query: Incomplete HTML attribute sanitization
 2020-04-27 14:31:13 +02:00
Esben Sparre Andreasen
c0250894de Apply suggestions from code review 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-27 12:37:39 +02:00
Esben Sparre Andreasen
0a8e371b0e Update javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.qhelp 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-27 09:09:26 +02:00
Esben Sparre Andreasen
58b5bd5cfd JS: fixup documentation 2020-04-24 10:56:53 +02:00
Esben Sparre Andreasen
6d6ec89ba8 JS: add qhelp 2020-04-24 09:18:09 +02:00
Esben Sparre Andreasen
89613dbd23 JS: add query for incomplete HTML attribute sanitization 2020-04-24 09:17:46 +02:00
Erik Krogh Kristensen
a71567da54 autoformat 2020-04-23 18:58:33 +02:00
Erik Krogh Kristensen
96896fd7f5 second round of UnsafeJQueryPlugin reuse 2020-04-23 15:12:32 +02:00
Erik Krogh Kristensen
7bfea946fd update links in xss-through-dom qhelp 2020-04-22 10:23:03 +02:00
Erik Krogh Kristensen
76503d3536 user controlled -> user-controlled 2020-04-22 10:08:01 +02:00
Erik Krogh Kristensen
947e9828da Update javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-22 10:07:50 +02:00
Erik Krogh Kristensen
9fc29ee0f8 update qhelp 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
2d3e42e6d6 update qhelp for xss-through-dom 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-20 11:50:46 +02:00
Erik Krogh Kristensen
1b80f46f30 add QHelp for js/xss-through-dom query 2020-04-17 10:54:21 +02:00
Erik Krogh Kristensen
14b551f887 Xss through DOM 2020-04-17 10:54:14 +02:00
Asger Feldthaus
7da0345c6a JS: Autoformat 2020-04-06 12:30:04 +01:00
Asger Feldthaus
2c6beadf68 JS: Recognize more forms of scheme checks 2020-04-06 12:30:03 +01:00