hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,718 Commits 1,703 Branches 162 Tags
d08e4504ff741602eea7d598eaa6b89e95a19b0a
Commit Graph

29 Commits

Author SHA1 Message Date
Asger F
a5c221fcfc JS: Port PrototypePollutingMergeCall 2023-10-13 13:15:04 +02:00
Asger F
adf7d5409d JS: Port PrototypePollutingFunction 2023-10-13 13:15:04 +02:00
Asger F
f1f45927b1 JS: Port PrototypePollutingAssignment 2023-10-13 13:15:04 +02:00
erik-krogh
2ebce99eae add another example of how to fix the prototype pollution issue 2023-05-15 17:24:02 +02:00
erik-krogh
7a338c408e fix typo, the variable in the example is called items 2023-05-15 17:23:40 +02:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
erik-krogh
442749bb7f JS: add heuristic variants of queries that use RemoteFlowSource 2022-12-19 12:01:22 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Erik Krogh Kristensen
82c6c22d50 make a model for hasOwnProperty calls and similar 2022-05-24 14:13:53 +02:00
Erik Krogh Kristensen
2a97dd9f6f add support for Object.hasOwn(obj, key) 2022-05-24 13:59:25 +02:00
Stephan Brandauer
3f13a5e082 fix a FN for prototype polluting function query 2022-04-28 22:00:09 +02:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Khang. Võ Vĩ
f4581ae866 fix PrototypePollutingAssignment examples 2022-04-22 11:55:45 +07:00
Erik Krogh Kristensen
517e17d422 support more property writes in js/prototype-pollution-utility, and generalize ObjectDefinePropertyAsPropWrite 2022-02-22 13:23:34 +01:00
Erik Krogh Kristensen
5780161b2c fix most issues found by ql/class-doc-style in JS 2022-01-20 15:10:16 +01:00
Erik Krogh Kristensen
cb9e14f544 add cwe-471 to js/prototype-pollution 2022-01-19 14:54:57 +01:00
Erik Krogh Kristensen
e4203a4109 add CWE-471 to the prototype-pollution queries 2022-01-19 14:26:34 +01:00
Erik Krogh Kristensen
d1238dfd8b update alert message to distinguish between library input and remote flow 2021-10-27 20:35:38 +02:00
Asger Feldthaus
f6da030572 JS: Migrate to *Query.qll convention 2021-08-12 09:30:18 +02:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Erik Krogh Kristensen
f7f88689c4 use strings in isTypeofGard 2020-12-22 13:55:32 +01:00
Erik Krogh Kristensen
6eb88b9e41 introduce and use TaintTracking::isTypeofGuard 2020-12-22 09:42:12 +01:00
Asger F
ed729a1963 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-12-09 09:59:55 +00:00
Asger Feldthaus
fd293d07d7 JS: Address doc review 2020-12-09 09:58:52 +00:00
Asger Feldthaus
f96c425a72 JS: Deny -> block 2020-12-07 10:50:01 +00:00
Asger Feldthaus
479dcf56ad JS: Update to use more inclusive language 2020-12-07 10:16:38 +00:00
Asger Feldthaus
ca38a1c8b9 JS: Update CWE tags 2020-12-07 10:16:38 +00:00
Asger Feldthaus
25161ed338 JS: Move all prototype pollution queries to CWE-915 2020-12-07 10:16:38 +00:00