hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,073 Commits 1,671 Branches 157 Tags
b513033e0f5f176289d30ff045f7af6947b0345c
Commit Graph

6677 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
b513033e0f Merge pull request #7021 from erik-krogh/cwe326 
JS: Add insufficient key size query
 2021-11-11 12:17:04 +01:00
Erik Krogh Kristensen
891694b50a Merge pull request #5908 from erik-krogh/protoLib 
JS: Add library input as source to js/prototype-polluting-assignment
 2021-11-11 12:04:05 +01:00
Erik Krogh Kristensen
140a70f9df Merge pull request #7029 from erik-krogh/cwe384 
JS: add js/session-fixation query
 2021-11-11 11:59:52 +01:00
Erik Krogh Kristensen
55434653f5 add CWE-532 to the clear-text-logging query 2021-11-10 14:15:49 +01:00
Erik Krogh Kristensen
ab5d9459c7 Update javascript/ql/src/Security/CWE-384/SessionFixation.qhelp 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2021-11-10 08:24:46 +01:00
CodeQL CI
d9d304fc13 Merge pull request #7076 from asgerf/js/tainted-path-regexp-guard2 
Approved by erik-krogh
 2021-11-09 03:40:37 -08:00
Erik Krogh Kristensen
56a7c8b163 fix typo in change note 
Co-authored-by: Asger F <asgerf@github.com>
 2021-11-09 12:06:29 +01:00
Erik Krogh Kristensen
8727060ca7 add comment about modes of operation 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-09 11:15:12 +01:00
Asger F
0c6680b2c0 Revert "JS: Skip files with unsupported file encoding" 2021-11-09 09:07:54 +00:00
Asger Feldthaus
f14f9449ee JS: Use getAMatchedString instead of getConstantString 2021-11-08 15:35:35 +01:00
Asger Feldthaus
b3e64f1669 JS: Add test 2021-11-08 15:32:43 +01:00
Erik Krogh Kristensen
330c2c42b5 Merge pull request #7075 from erik-krogh/cwe297 
JS: add cwe-297 to `js/disabling-certificate-validation`
 2021-11-08 14:35:58 +01:00
Erik Krogh Kristensen
a2175a3207 add cwe-297 to js/disabling-certificate-validation 2021-11-08 13:26:53 +01:00
Erik Krogh Kristensen
507c8addb2 add cwe-942 to js/cors-misconfiguration-for-credentials 2021-11-08 13:12:19 +01:00
CodeQL CI
6f80387ac1 Merge pull request #6993 from asgerf/js/tainted-path-regexp-contains-check 
Approved by erik-krogh
 2021-11-08 01:52:28 -08:00
Ian Wright
95f21b5308 Merge pull request #7027 from github/z80coder/faster-callee-api-name-feature 
more efficient implementation of calleeApiName
 2021-11-04 14:23:13 +00:00
Ian Wright
b8d7f52d3e format code 2021-11-04 12:28:08 +00:00
Erik Krogh Kristensen
a19627c72f optionally ignore everything after a dash 2021-11-04 13:19:44 +01:00
Erik Krogh Kristensen
99f5f70345 Merge branch 'main' into protoLib 2021-11-04 12:53:53 +01:00
Erik Krogh Kristensen
bf5e36e9d4 fix docstring 
Co-authored-by: Asger F <asgerf@github.com>
 2021-11-04 12:46:24 +01:00
CodeQL CI
2895428d5b Merge pull request #6714 from valeria-meli/javascript/ssrf 
Approved by asgerf
 2021-11-04 03:10:27 -07:00
CodeQL CI
5515256e53 Merge pull request #7044 from asgerf/js/proto-pollution-fps 
Approved by erik-krogh
 2021-11-04 02:45:46 -07:00
Erik Krogh Kristensen
523c15cd72 don't include mode-of-operation into the algorithm names 2021-11-03 14:54:50 +01:00
luciaromeroML
e50938588e formatting qll file 2021-11-03 10:30:35 -03:00
Erik Krogh Kristensen
3638892d35 Merge pull request #6881 from erik-krogh/add-missing-noinline 
JS: add pragma[noinline] to predicates where the qldoc mentions join-order
 2021-11-03 14:21:27 +01:00
Asger Feldthaus
712614a03c JS: Block prototype pollution flow into this 2021-11-03 13:33:50 +01:00
Asger Feldthaus
08bc80ffdb JS: Block prototype pollution assignment flows through .replace() 2021-11-03 13:24:29 +01:00
Asger Feldthaus
76e841830f JS: Check for labeled barriers in reachableFromInput 2021-11-03 13:10:20 +01:00
Erik Krogh Kristensen
264f4ab5ab add js/session-fixation query 2021-11-03 13:04:41 +01:00
Erik Krogh Kristensen
9d99ce12c4 add CWE-497 to js/stack-trace-exposure 2021-11-02 15:43:55 +01:00
Erik Krogh Kristensen
2a8807efe4 add change note 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
076a3dca1f add qhelp 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
d9a214767b add support for node-rsa 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
49ea53f32b move ExpressJwt that was inside the Hasha module 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
2c013214f7 add Diffie-Hellman from the crypto library 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
1df8ec2cae add insufficient key size model for node-forge 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
62039b866c add cryptographic key model to the crypto-js library 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
028799deb6 implement a simple InsufficientKeySize query 2021-11-02 14:45:30 +01:00
Erik Krogh Kristensen
7a9315f146 use set literal 2021-11-02 14:45:14 +01:00
Asger Feldthaus
971f032b5f JS: Autoformat 2021-11-02 14:12:05 +01:00
Asger Feldthaus
46bd3e58a3 JS: Switch to instanceof base type 2021-11-02 14:12:05 +01:00
Asger Feldthaus
5f4c1dd19b JS: Support regexp-based path traversal check 2021-11-02 14:12:05 +01:00
Asger Feldthaus
83edcf515b JS: Add test for regexp-based sanitizer 2021-11-02 14:12:04 +01:00
Erik Krogh Kristensen
54fba2d6a1 Merge pull request #6781 from erik-krogh/ldap 
JS: Move LDAP injection out of experimental
 2021-11-02 13:35:32 +01:00
Ian Wright
6fa9413f8b more efficient implementation of calleeApiName 2021-11-02 12:05:33 +00:00
Erik Krogh Kristensen
f7f315adbb Merge pull request #7022 from erik-krogh/cwe319 
JS: add cwe-319 to js/clear-text-cookie
 2021-11-02 12:47:53 +01:00
Erik Krogh Kristensen
7a96b8e9e1 Merge branch 'main' into ldap 2021-11-02 12:47:28 +01:00
CodeQL CI
d5e2026a26 Merge pull request #6934 from erik-krogh/more-instanceof 
Approved by MathiasVP, esbena, yoff
 2021-11-02 03:46:23 -07:00
CodeQL CI
5d62aa5b29 Merge pull request #6994 from erik-krogh/redundant-cast 
Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe
 2021-11-02 03:45:48 -07:00
Erik Krogh Kristensen
41e7dea943 add cwe-319 "Cleartext Transmission of Sensitive Information" to js/clear-text-cookie 2021-11-02 11:11:38 +01:00