hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 01:10:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
74,208 Commits 1,754 Branches 167 Tags
e382ffc5d23e90d98448f0bd6bb4edbefdbeb015
Commit Graph

1023 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
fe9aa241a1 add qhelp 2020-06-15 13:47:39 +02:00
Asger F
d844e0025a Merge pull request #3651 from esbena/js/bad-multicharacter-sanitization 
JS: initial version of IncompleteMultiCharacterSanitization.ql
 2020-06-12 16:25:22 +01:00
Esben Sparre Andreasen
678bb7c128 JS: simplify loop detection 2020-06-12 14:56:08 +02:00
Erik Krogh Kristensen
01c51eea89 Merge pull request #3680 from erik-krogh/bad-code-sanitizer 
JS: Add query to detect bad code sanitizers
 2020-06-12 14:00:21 +02:00
Erik Krogh Kristensen
c9fc1a378d Merge pull request #3663 from erik-krogh/bad-crypto 
JS: Introduce query to detect biased random number generators
 2020-06-12 11:32:12 +02:00
Erik Krogh Kristensen
adabd2daca add qldoc and customizations module 2020-06-12 11:26:49 +02:00
Erik Krogh Kristensen
908edb39b9 unsecure -> insecure 2020-06-12 11:02:26 +02:00
Erik Krogh Kristensen
57d2226080 typo 2020-06-12 10:55:29 +02:00
Erik Krogh Kristensen
3f957103ed improve alert message - and autoformat 2020-06-12 10:53:19 +02:00
Erik Krogh Kristensen
056a7e87ff refactor into customizations module - and move curl download to a ClientRequest 2020-06-12 10:51:09 +02:00
Erik Krogh Kristensen
8225adcaea move TODOs 2020-06-12 10:28:06 +02:00
Esben Sparre Andreasen
1bdae109c5 Merge pull request #3686 from esbena/js/insecure-http-options 
JS: add query js/disabling-certificate-validation
 2020-06-12 08:40:12 +02:00
Esben Sparre Andreasen
243e3ad9e3 Merge pull request #3672 from esbena/js/server-crashing-route-handler 
JS: add initial version of ServerCrash.ql
 2020-06-12 08:38:37 +02:00
Erik Krogh Kristensen
5b491313ad add simple query for detecting sensitive files downloaded over unsecure connection 2020-06-11 23:19:28 +02:00
Esben Sparre Andreasen
169c8909df formatting 2020-06-11 13:28:26 +02:00
Esben Sparre Andreasen
bc7f02156b JS: replace class with two predicates (and improve alert message) 2020-06-11 13:20:46 +02:00
Erik Krogh Kristensen
7c7af8d841 less heuristics when flagging division that is rounded 2020-06-11 12:55:13 +02:00
Erik Krogh Kristensen
f1b24ba901 use type inference to detect string concatenations 2020-06-11 12:34:58 +02:00
Esben Sparre Andreasen
2e059376fd JS: add query js/disabling-certificate-validation 2020-06-11 12:32:01 +02:00
Erik Krogh Kristensen
f634c62af5 remove redundant check 2020-06-11 12:18:41 +02:00
Erik Krogh Kristensen
1124816f73 fixing FPs in js/biased-cryptographic-random 2020-06-11 11:06:02 +02:00
Erik Krogh Kristensen
aa3482cbae improve detection of duplicate results with js/code-injection 2020-06-10 22:58:02 +02:00
Erik Krogh Kristensen
5142670138 don't import AdditionalSinks, refactor sink out in new HeuristicSinks instead 2020-06-10 22:30:45 +02:00
Esben Sparre Andreasen
d6ae905eac JS: remove speculative property access sink from js/server-crash 2020-06-10 21:40:12 +02:00
Erik Krogh Kristensen
373a437d71 add query to detect improperly sanitized code 2020-06-10 19:50:12 +02:00
Erik Krogh Kristensen
5c31b94761 autoformat and update expected output 2020-06-10 18:00:56 +02:00
Esben Sparre Andreasen
1d396524a3 JS: add initial version of ServerCrash.ql 2020-06-10 14:25:56 +02:00
Erik Krogh Kristensen
c4f61134f1 include the source of cryptographically random number in alert message 2020-06-10 13:32:46 +02:00
Erik Krogh Kristensen
7e8fd80327 use steps from InsecureRandomness, and use small-steps 2020-06-10 12:27:50 +02:00
Erik Krogh Kristensen
9189f23403 add support for secure-random 2020-06-10 10:39:02 +02:00
Erik Krogh Kristensen
16ec405724 add explanations about modulo by power of 2 2020-06-10 10:38:47 +02:00
Erik Krogh Kristensen
111f6d406c introduce query to detect biased random number generators 2020-06-10 10:00:10 +02:00
Erik Krogh Kristensen
eb00da5b31 improve readability 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-09 20:02:46 +02:00
Erik Krogh Kristensen
be71ddf7bb introduce basic BuildArtifactLeak query 2020-06-09 15:27:55 +02:00
Esben Sparre Andreasen
2d2468463b JS: initial version of IncompleteMultiCharacterSanitization.ql 2020-06-09 08:59:59 +02:00
Erik Krogh Kristensen
167239e745 add query to detect accidential leak of private files 2020-06-08 23:41:14 +02:00
Esben Sparre Andreasen
f9ed64fc45 Merge branch 'master' into js/membershiptest 2020-06-02 08:54:44 +02:00
semmle-qlci
b9ecf1a304 Merge pull request #3447 from erik-krogh/LibCmdInjection 
Approved by asgerf, mchammer01
 2020-05-22 17:10:57 +01:00
Erik Krogh Kristensen
b297837969 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-05-21 14:32:02 +02:00
Erik Krogh Kristensen
b71919299b Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-19 14:03:03 +02:00
Erik Krogh Kristensen
b8ba31aaa0 autoformat 2020-05-18 21:06:19 +02:00
Erik Krogh Kristensen
0f82370f4e rename getHighLight() -> getAlertLocation() 2020-05-18 12:28:28 +02:00
Erik Krogh Kristensen
2b1724291b adjust qhelp to focus on user-controlled data 2020-05-18 12:27:20 +02:00
Erik Krogh Kristensen
d18808698a adjust qhelp to focus on the execFile API 2020-05-18 12:22:46 +02:00
Esben Sparre Andreasen
aa87008775 JS: typo fixups 2020-05-18 12:19:46 +02:00
Erik Krogh Kristensen
9c294513c7 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-18 12:18:20 +02:00
Esben Sparre Andreasen
b3691cd0e9 JS: change MembershipTest to MembershipCandidate 2020-05-18 11:51:00 +02:00
Esben Sparre Andreasen
ddb545c182 JS: introduce MembershipTests.qll and use in two locations 2020-05-18 09:50:00 +02:00
semmle-qlci
135eae9895 Merge pull request #3483 from esbena/js/fix-qhelp-FNs 
Approved by asgerf
 2020-05-18 08:47:05 +01:00
semmle-qlci
0230b79efc Merge pull request #3391 from erik-krogh/SplitFPs 
Approved by esbena
 2020-05-18 08:46:26 +01:00