Erik Krogh Kristensen
|
dbd1148bd6
|
apply range pattern patch to javascript
|
2021-10-25 19:38:00 +02:00 |
|
Henry Mercer
|
83cbc86f50
|
JS: Move ClassifyFiles.qll to library pack
This allows us to use this library in packs that depend on the
`codeql/javascript-all` library pack.
|
2021-10-06 16:08:06 +01:00 |
|
Erik Krogh Kristensen
|
bcf4626fd0
|
remove ldap examples from experimental folder
|
2021-10-01 09:00:10 +02:00 |
|
Erik Krogh Kristensen
|
2b286a856c
|
naively move ldap into the SQL injection query
|
2021-10-01 09:00:10 +02:00 |
|
Erik Krogh Kristensen
|
94e2676c0f
|
naive conversion of ldapjs model to API node
|
2021-10-01 09:00:10 +02:00 |
|
luciaromeroML
|
1fc58e51a3
|
adding suggestion that removes sanitizer for unknown base urls
|
2021-09-27 17:37:36 -03:00 |
|
luciaromeroML
|
f348a5ce47
|
adding comments to some functions
|
2021-09-17 18:25:14 -03:00 |
|
luciaromeroML
|
25065bc986
|
simplifying sentence
|
2021-09-17 18:07:04 -03:00 |
|
luciaromeroML
|
0b0ac8317c
|
format ql code
|
2021-09-17 18:05:52 -03:00 |
|
valeria-meli
|
054218a381
|
Merge branch 'main' into javascript/ssrf
|
2021-09-17 17:08:52 -03:00 |
|
Erik Krogh Kristensen
|
bac80bf686
|
delete ClipboardXss.ql experimental query
|
2021-09-13 20:43:31 +02:00 |
|
rhysd
|
97ed9edd32
|
JS: Detect untrusted inputs in 'discussion' and 'discussion_comment' payloads
|
2021-09-10 10:42:58 +09:00 |
|
Nati Pesaresi
|
629efb85fb
|
ternary operator
|
2021-09-02 17:55:09 -03:00 |
|
Daniel Santos
|
b8ce5a63c5
|
Remove unncessary results
Simplifies query to improve performance by removing unnecessary results.
|
2021-08-25 17:33:45 -05:00 |
|
Daniel Santos
|
cd40de7464
|
Update javascript/ql/src/experimental/Security/CWE-079/ClipboardXss.ql
Typo fix
Co-authored-by: Asger F <asgerf@github.com>
|
2021-08-25 09:40:55 -05:00 |
|
Daniel Santos
|
5644514606
|
Update javascript/ql/src/experimental/Security/CWE-079/ClipboardXss.ql
Co-authored-by: Asger F <asgerf@github.com>
|
2021-08-18 09:52:55 -05:00 |
|
Daniel Santos
|
5e155d25b1
|
new Experimental query ClipboardBasedXss
|
2021-08-17 12:57:26 -05:00 |
|
valeria-meli
|
595ea6c383
|
files for qhelp
|
2021-08-03 18:00:29 -03:00 |
|
valeria-meli
|
57ac944319
|
rename folders
|
2021-08-03 17:39:48 -03:00 |
|
valeria-meli
|
92c874c2e2
|
rename query
|
2021-08-03 17:32:36 -03:00 |
|
valeria-meli
|
f3c0bf7826
|
copy-paste from our repo
|
2021-07-27 18:09:11 -03:00 |
|
Max Schaefer
|
6e34784fc5
|
Add new experimental query MultipleArgumentsToSetConstructor.
|
2021-05-21 09:54:41 +01:00 |
|
Edwin
|
27c680e28b
|
Apply suggestions from code review
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2021-05-03 16:41:09 +03:00 |
|
edvraa
|
cef845ac47
|
Support string expressions
|
2021-05-03 13:46:56 +03:00 |
|
edvraa
|
000826af11
|
typo
|
2021-05-03 12:18:43 +03:00 |
|
edvraa
|
65183cde80
|
Move to experimental
|
2021-05-03 09:59:52 +03:00 |
|
edvraa
|
3aec9c1a41
|
Cookies without HttpOnly
|
2021-04-27 16:28:32 +03:00 |
|
Asger Feldthaus
|
bc5b477f79
|
JS: Change kind of summary-extraction queries to table
|
2021-03-30 21:26:58 +01:00 |
|
Asger Feldthaus
|
42c4b22ea1
|
JS: Fix query ID for UntrustedCheckout
|
2021-03-19 12:41:34 +00:00 |
|
Erik Krogh Kristensen
|
6bab41ce8b
|
Merge pull request #5350 from JarLob/actions
github actions queries
|
2021-03-18 14:46:25 +01:00 |
|
Jaroslav Lobačevski
|
a9ed3317bf
|
Fix regex per suggestion
|
2021-03-18 11:54:55 +02:00 |
|
Jaroslav Lobačevski
|
7b6773c96a
|
Update javascript/ql/src/experimental/semmle/javascript/Actions.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2021-03-17 19:49:03 +02:00 |
|
Jaroslav Lobačevski
|
e3bf308952
|
Removed positive lookbehind
|
2021-03-17 17:32:10 +02:00 |
|
Asger Feldthaus
|
96c6e4d8d8
|
JS: Update with new AdditionalTaintStep subclasses
|
2021-03-17 13:29:16 +00:00 |
|
Jaroslav Lobačevski
|
8445ec6c17
|
Update javascript/ql/src/experimental/semmle/javascript/Actions.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2021-03-15 19:15:10 +02:00 |
|
Jaroslav Lobačevski
|
87ea442a78
|
qhelp
|
2021-03-15 18:47:45 +02:00 |
|
Jaroslav Lobačevski
|
de6ed1dcb9
|
File rename
|
2021-03-15 18:34:10 +02:00 |
|
Jaroslav Lobačevski
|
a823baabfb
|
Ranamed to CWE-094
|
2021-03-15 18:24:08 +02:00 |
|
Jaroslav Lobačevski
|
16ca2314e4
|
Apply suggestions from code review
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2021-03-15 18:14:20 +02:00 |
|
Erik Krogh Kristensen
|
caf1dbdc46
|
move TemplateObjectInjection out of experimental
|
2021-03-09 11:29:45 +01:00 |
|
Jaroslav Lobačevski
|
673e64909a
|
github actions queries
|
2021-03-06 10:27:11 +02:00 |
|
CaptainFreak
|
503b339a1f
|
remove hbs specific checks
|
2021-02-09 07:35:35 +05:30 |
|
Erik Krogh Kristensen
|
d016ba2252
|
rename name dataflow configuration in js/template-object-injection
|
2021-02-03 12:29:23 +01:00 |
|
Erik Krogh Kristensen
|
a5bde53bfe
|
use the TaintedObject library in js/template-object-injection
|
2021-02-03 12:26:37 +01:00 |
|
CaptainFreak
|
12ee497485
|
move query to src, rename and refactor
|
2021-02-03 15:48:02 +05:30 |
|
CodeQL CI
|
30015ee995
|
Merge pull request #4942 from esbena/js/reintroduce-resource-exhaustion
Approved by erik-krogh
|
2021-01-21 01:21:33 -08:00 |
|
Esben Sparre Andreasen
|
b90dd89746
|
JS: move js/resource-exhaustion to experimental
|
2021-01-21 09:09:01 +01:00 |
|
CodeQL CI
|
4229f556cb
|
Merge pull request #4751 from erik-krogh/logInjection
Approved by asgerf, mchammer01
|
2021-01-14 00:32:46 -08:00 |
|
CodeQL CI
|
8129d0c0ac
|
Merge pull request #4762 from asgerf/js/template-sinks-in-code-injection
Approved by erik-krogh, mchammer01
|
2020-12-07 04:35:11 -08:00 |
|
Asger Feldthaus
|
5561e8f1f6
|
JS: Delete old query and update qhelp
|
2020-12-01 17:05:48 +00:00 |
|