hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 06:54:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,662 Commits 1,680 Branches 158 Tags
b767dcfd180a76b6dc70eb19915e318ef52c16c2
Commit Graph

865 Commits

Author SHA1 Message Date
Jacques
97b8126385 Fix javascript 2022-12-20 12:45:59 +09:00
erik-krogh
35e8d6afd4 move getACommonTld into a utility module without parameters 2022-12-18 17:23:45 +01:00
erik-krogh
26c5480ee6 share {js,rb}/regex/missing-regexp-anchor 2022-12-18 17:23:41 +01:00
erik-krogh
355499ea52 move getACommonTld to the shared pack 2022-12-17 17:26:18 +01:00
erik-krogh
f67d0bc8c0 put the shared HostnameRegexp code in the shared regex pack 2022-12-17 17:26:18 +01:00
Asger F
b63c658e3b JS: recognize tiny-csrf 2022-12-14 12:30:15 +01:00
Asger F
162419138d JS: Replace csurf -> lusca.csrf from example and qhelp 2022-12-14 12:30:15 +01:00
Erik Krogh Kristensen
6b9cab23d4 Merge pull request #11248 from erik-krogh/js-redosMod 
JS: use the shared regex pack
 2022-12-05 14:48:37 +01:00
Matt Rothenberg
95f994a82b Update RequestForgeryBad.js 2022-12-02 14:17:37 +01:00
Matt Rothenberg
7d674e7cdc set base URL 2022-12-02 14:17:17 +01:00
Matt Rothenberg
c49e9e8503 fix: use let for subdomain assignment 2022-12-02 14:07:39 +01:00
Matt Rothenberg
a453405365 Update RequestForgeryBad.js 2022-12-02 14:03:37 +01:00
Matt Rothenberg
2ae0c7e115 Update RequestForgeryGood.js 2022-12-02 14:02:54 +01:00
erik-krogh
6b5cd9abc3 use RegExpTreeView insteaed of RegexTreeView in JS 2022-11-22 12:55:48 +01:00
erik-krogh
e18ceba49e port the JS regex/redos queries to use the shared pack 2022-11-15 17:14:38 +01:00
Erik Krogh Kristensen
1f51bd4594 add dash in description 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-11-03 16:24:59 +01:00
erik-krogh
96ec54e5be fix minor issues in qhelp 2022-11-03 14:01:58 +01:00
erik-krogh
b5666888b1 rewrite @description of second-order-command-injection 2022-11-03 14:00:29 +01:00
erik-krogh
6f3ca40fed expand the explanation to include with arguments make the commands vulnerable 2022-11-01 14:24:23 +01:00
Erik Krogh Kristensen
8fd6424db9 fix the qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2022-11-01 14:05:25 +01:00
erik-krogh
fc2112831c add second-order-command-injection query 2022-10-30 21:20:47 +01:00
Erik Krogh Kristensen
bbdda9ef70 Merge pull request #10727 from erik-krogh/js-last-msg 
JS: fix some more style-guide violations in the alert-messages
 2022-10-27 15:48:12 +02:00
erik-krogh
0f9b4334cc remove some FPs in js/password-in-configuration-file 2022-10-26 11:51:56 +02:00
Erik Krogh Kristensen
71135da7ff Merge pull request #10768 from erik-krogh/fixFileLoops 
JS: fix that js/file-system-race could have FPs related to loops
 2022-10-17 12:01:55 +02:00
Josh Soref
9d6ea28448 spelling: the 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
erik-krogh
7500a31814 fix that js/file-system-race could have FPs related to loops 2022-10-11 13:41:51 +02:00
Josh Soref
cbea5ec40c spelling: executables 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
6db36616cd spelling: arbitrary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
Erik Krogh Kristensen
0720fa75df Merge pull request #10286 from erik-krogh/js-followMsg 
JS: change alert messages of path queries to use the same template
 2022-09-20 16:12:45 +02:00
erik-krogh
fb5a04a71d filter out "file read after existence check" from js/file-system-race 2022-09-19 13:26:10 +02:00
erik-krogh
87fb01d55b apply another suggestion from doc review 2022-09-12 15:36:02 +02:00
erik-krogh
afcb767f8d Merge branch 'main' into js-followMsg 2022-09-12 13:21:16 +02:00
erik-krogh
6ec03d4738 apply suggestions from doc review 2022-09-12 13:16:39 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Erik Krogh Kristensen
9893650f7c Merge pull request #8604 from erik-krogh/httpNode 
JS: refactor most library models away from AST nodes
 2022-09-09 10:04:17 +02:00
erik-krogh
a35fe1ffab Merge branch 'main' into js-followMsg 2022-09-08 13:09:15 +02:00
erik-krogh
24f2e3cc07 update alert-messages of the sensitive data queries to match #10314 2022-09-06 12:25:36 +02:00
erik-krogh
0776687991 fix leftover todo in js/insecure-temporary-file 2022-09-06 10:05:50 +02:00
Erik Krogh Kristensen
b4968eb645 refactor the SensitiveExpr to be a dataflow node 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
9cb7522bc1 change RouteSetup to a DataFlow::Node 2022-09-05 15:45:31 +02:00
erik-krogh
aa56ca37ae make the alert messages of taint-tracking queries more consistent 2022-09-05 14:04:52 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Erik Krogh Kristensen
06afe9c0f4 Merge pull request #9816 from erik-krogh/msgConsis 
Make alert messages consistent across languages
 2022-08-25 15:20:01 +02:00
erik-krogh
f1799ae3d2 print the endpointExample in the alert-messsage, and only report one working example 2022-08-24 13:09:48 +02:00
erik-krogh
20625ae60d update {js/go/py}/xpath-injection to match csharp/java 2022-08-22 21:41:46 +02:00
erik-krogh
b5458b2125 update js/insecure-randomness to match csharp 2022-08-22 21:41:46 +02:00
erik-krogh
9cdd8cc8f5 update js/tainted-format-string to match ruby/java 2022-08-22 21:41:46 +02:00
erik-krogh
9395f156de update {js/py}/command-line-injection to match csharp/java 2022-08-22 21:41:46 +02:00