Asger F
|
ca06f6dfb4
|
Merge branch 'js-team-sprint' into js/insecure-http-options
|
2020-06-23 00:16:02 +01:00 |
|
semmle-qlci
|
69b44def7b
|
Merge pull request #3759 from asger-semmle/js/sprint-suite
Approved by erik-krogh
|
2020-06-22 23:27:43 +01:00 |
|
Asger Feldthaus
|
1efd71a681
|
JS: Sort security suite
|
2020-06-22 16:40:55 +01:00 |
|
Asger Feldthaus
|
8cc41a0c84
|
JS: Add new queries to security suite
|
2020-06-22 16:40:19 +01:00 |
|
Asger F
|
a067cd35aa
|
Merge pull request #3756 from esbena/js/delay-slow-query-merge
JS: delay merging two slow queries
|
2020-06-22 16:35:15 +01:00 |
|
Asger F
|
7d54b02fb9
|
Merge branch 'js-team-sprint' into js/delay-slow-query-merge
|
2020-06-22 16:34:49 +01:00 |
|
Asger F
|
4a459c8a7d
|
Merge pull request #3755 from esbena/js/polish-imcs
JS: polish js/incomplete-html-attribute-sanitization
|
2020-06-22 16:32:16 +01:00 |
|
Esben Sparre Andreasen
|
d4ad9a8bb2
|
Update change-notes/1.25/analysis-javascript.md
Co-authored-by: Asger F <asgerf@github.com>
|
2020-06-22 14:55:27 +02:00 |
|
Esben Sparre Andreasen
|
9a0bbb31f4
|
Revert "Merge pull request #3702 from esbena/js/memory-exhaustion"
This reverts commit eca5e2df8a, reversing
changes made to 1548eca994.
|
2020-06-22 14:46:51 +02:00 |
|
Esben Sparre Andreasen
|
0a8d15ccc4
|
Revert "Merge pull request #3672 from esbena/js/server-crashing-route-handler"
This reverts commit 243e3ad9e3, reversing
changes made to df79f2adc5.
|
2020-06-22 14:45:35 +02:00 |
|
Esben Sparre Andreasen
|
3be094ea5b
|
JS: polish js/incomplete-html-attribute-sanitization
|
2020-06-22 14:35:00 +02:00 |
|
Esben Sparre Andreasen
|
0654823b97
|
Merge branch 'js-team-sprint' into js/insecure-http-options
|
2020-06-22 11:25:25 +02:00 |
|
Esben Sparre Andreasen
|
f1dad0d6e0
|
Update DisablingCertificateValidation.qhelp
|
2020-06-22 11:24:33 +02:00 |
|
Esben Sparre Andreasen
|
3e898487e8
|
Apply suggestions from code review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
|
2020-06-22 11:23:40 +02:00 |
|
Asger F
|
eca5e2df8a
|
Merge pull request #3702 from esbena/js/memory-exhaustion
JS: add query js/memory-exhaustion
|
2020-06-19 20:35:57 +01:00 |
|
semmle-qlci
|
1548eca994
|
Merge pull request #3689 from erik-krogh/https-fix
Approved by mchammer01
|
2020-06-19 17:00:11 +01:00 |
|
Erik Krogh Kristensen
|
0f5ef2c02a
|
Merge branch 'js-team-sprint' into https-fix
|
2020-06-19 14:57:44 +02:00 |
|
semmle-qlci
|
e13353f26a
|
Merge pull request #3732 from erik-krogh/priv-file-polish
Approved by mchammer01
|
2020-06-19 13:56:57 +01:00 |
|
Erik Krogh Kristensen
|
a17d152ca4
|
Merge branch 'js-team-sprint' into priv-file-polish
|
2020-06-19 13:19:10 +02:00 |
|
semmle-qlci
|
bfb2e9d6ea
|
Merge pull request #3724 from erik-krogh/bad-random-polish
Approved by mchammer01
|
2020-06-19 12:18:25 +01:00 |
|
Esben Sparre Andreasen
|
457588e893
|
JS: mention MITM
|
2020-06-19 11:59:12 +02:00 |
|
Esben Sparre Andreasen
|
0463c427a5
|
Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
|
2020-06-19 09:47:59 +02:00 |
|
Esben Sparre Andreasen
|
b8229ca362
|
Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
|
2020-06-19 09:47:48 +02:00 |
|
Esben Sparre Andreasen
|
e73beccc0b
|
Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
|
2020-06-19 09:47:26 +02:00 |
|
Esben Sparre Andreasen
|
2846666f32
|
Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
|
2020-06-19 09:47:13 +02:00 |
|
Esben Sparre Andreasen
|
4557af3c30
|
Update javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
|
2020-06-19 09:46:58 +02:00 |
|
Erik Krogh Kristensen
|
7d6dac479c
|
Merge branch 'js-team-sprint' into https-fix
|
2020-06-18 16:53:01 +02:00 |
|
Erik Krogh Kristensen
|
dcf617b235
|
Merge branch 'js-team-sprint' into bad-random-polish
|
2020-06-18 16:52:32 +02:00 |
|
Erik Krogh Kristensen
|
6b0adf18d1
|
rewrite sentence in private-file-exposure qhelp
|
2020-06-18 16:51:15 +02:00 |
|
Erik Krogh Kristensen
|
1556b62007
|
Merge branch 'js-team-sprint' into priv-file-polish
|
2020-06-18 16:40:53 +02:00 |
|
Erik Krogh Kristensen
|
9ba2c98ec0
|
Apply suggestions from doc review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
|
2020-06-18 16:38:52 +02:00 |
|
semmle-qlci
|
20e96799e2
|
Merge pull request #3661 from erik-krogh/build-leaks
Approved by asgerf, mchammer01
|
2020-06-18 15:32:45 +01:00 |
|
Esben Sparre Andreasen
|
ab01dda559
|
JS: another qhelp fixup
|
2020-06-18 13:01:02 +02:00 |
|
Esben Sparre Andreasen
|
c9f60d4c97
|
JS: add lodash sinks for js/resource-exhaustion
|
2020-06-18 13:01:02 +02:00 |
|
Esben Sparre Andreasen
|
96160a6334
|
JS: fixup qhelp
|
2020-06-18 13:01:02 +02:00 |
|
Esben Sparre Andreasen
|
3f67e90374
|
JS: rename query, support timeouts, add documentation, add to suite
|
2020-06-18 13:01:02 +02:00 |
|
Esben Sparre Andreasen
|
d9d8eb4805
|
JS: avoid type inference in the taint steps (just a nice to have)
|
2020-06-18 13:00:45 +02:00 |
|
Esben Sparre Andreasen
|
fa4e8914e6
|
JS: fixups
|
2020-06-18 13:00:45 +02:00 |
|
Esben Sparre Andreasen
|
7b97fd07a8
|
JS: add query js/memory-exhaustion
|
2020-06-18 13:00:45 +02:00 |
|
Esben Sparre Andreasen
|
44aa182d0d
|
Update change-notes/1.25/analysis-javascript.md
Co-authored-by: Asger F <asgerf@github.com>
|
2020-06-18 10:14:16 +02:00 |
|
Esben Sparre Andreasen
|
5e31f3a34e
|
JS: polish js/disabling-certificate-validation
|
2020-06-18 09:07:08 +02:00 |
|
Erik Krogh Kristensen
|
27a20b263e
|
Merge branch 'https-fix' of github.com:erik-krogh/ql into https-fix
|
2020-06-17 21:06:21 +02:00 |
|
Erik Krogh Kristensen
|
7a1c161e9e
|
Merge branch 'js-team-sprint' into https-fix
|
2020-06-17 21:04:44 +02:00 |
|
Erik Krogh Kristensen
|
218338b4f1
|
Merge branch 'js-team-sprint' into bad-random-polish
|
2020-06-17 21:04:00 +02:00 |
|
Erik Krogh Kristensen
|
73f26956a6
|
Merge branch 'js-team-sprint' into priv-file-polish
|
2020-06-17 21:03:09 +02:00 |
|
Erik Krogh Kristensen
|
bdda587247
|
Merge branch 'js-team-sprint' into build-leaks
|
2020-06-17 19:51:30 +02:00 |
|
Erik Krogh Kristensen
|
6d6f29eb85
|
Merge pull request #3726 from erik-krogh/bad-code-polish
JS: Bad code polish
|
2020-06-17 19:45:37 +02:00 |
|
Erik Krogh Kristensen
|
a465fef7aa
|
shorten sentence in qhelp
|
2020-06-17 17:24:18 +02:00 |
|
Erik Krogh Kristensen
|
7aa911b9f4
|
add reference to cwe-116 in change-note
|
2020-06-17 17:20:46 +02:00 |
|
Erik Krogh Kristensen
|
abd9aab109
|
code-injection -> code injection
|
2020-06-17 17:20:46 +02:00 |
|