hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-09 15:41:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
74,208 Commits 1,754 Branches 167 Tags
e382ffc5d23e90d98448f0bd6bb4edbefdbeb015
Commit Graph

1023 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
ab5d9459c7 Update javascript/ql/src/Security/CWE-384/SessionFixation.qhelp 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2021-11-10 08:24:46 +01:00
Erik Krogh Kristensen
330c2c42b5 Merge pull request #7075 from erik-krogh/cwe297 
JS: add cwe-297 to `js/disabling-certificate-validation`
 2021-11-08 14:35:58 +01:00
Erik Krogh Kristensen
a2175a3207 add cwe-297 to js/disabling-certificate-validation 2021-11-08 13:26:53 +01:00
Erik Krogh Kristensen
507c8addb2 add cwe-942 to js/cors-misconfiguration-for-credentials 2021-11-08 13:12:19 +01:00
Erik Krogh Kristensen
3d6a5263e0 improve qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-11-08 12:02:39 +01:00
Erik Krogh Kristensen
02f500b9c2 Merge branch 'main' into htmlReg 2021-11-04 12:58:42 +01:00
Erik Krogh Kristensen
99f5f70345 Merge branch 'main' into protoLib 2021-11-04 12:53:53 +01:00
Erik Krogh Kristensen
bf5e36e9d4 fix docstring 
Co-authored-by: Asger F <asgerf@github.com>
 2021-11-04 12:46:24 +01:00
Erik Krogh Kristensen
4ba5ae09b0 add js/sensitive-get-query query 2021-11-04 12:30:44 +01:00
Erik Krogh Kristensen
264f4ab5ab add js/session-fixation query 2021-11-03 13:04:41 +01:00
Erik Krogh Kristensen
9d99ce12c4 add CWE-497 to js/stack-trace-exposure 2021-11-02 15:43:55 +01:00
Erik Krogh Kristensen
076a3dca1f add qhelp 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
028799deb6 implement a simple InsufficientKeySize query 2021-11-02 14:45:30 +01:00
Erik Krogh Kristensen
54fba2d6a1 Merge pull request #6781 from erik-krogh/ldap 
JS: Move LDAP injection out of experimental
 2021-11-02 13:35:32 +01:00
Erik Krogh Kristensen
7a96b8e9e1 Merge branch 'main' into ldap 2021-11-02 12:47:28 +01:00
Erik Krogh Kristensen
41e7dea943 add cwe-319 "Cleartext Transmission of Sensitive Information" to js/clear-text-cookie 2021-11-02 11:11:38 +01:00
Erik Krogh Kristensen
db40ccae81 add explicit this to all member calls 2021-11-01 09:51:15 +01:00
Erik Krogh Kristensen
6fffdf6101 Merge pull request #6855 from erik-krogh/secCookie 
JS: Move cookie queries out of experimental.
 2021-10-29 10:23:48 +02:00
Erik Krogh Kristensen
cfc5629435 apply all doc fixes 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-10-28 18:19:37 +02:00
Erik Krogh Kristensen
d1238dfd8b update alert message to distinguish between library input and remote flow 2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen
71cca6d644 Merge branch 'main' into ldap 2021-10-27 19:06:06 +02:00
Erik Krogh Kristensen
44afa34e37 Merge branch 'main' of github.com:github/codeql into htmlReg 2021-10-26 14:46:27 +02:00
Erik Krogh Kristensen
5228196f79 fix typos and update docs 2021-10-26 13:47:21 +02:00
Erik Krogh Kristensen
2cb3d2c53f documentation overhaul on client-exposed-cookie (and restricting it to server-side) 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
ab23ffff3d documentation overhaul for clear-text-cookie 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
f36accf3e6 only report clear-text cookies for sensitive cookies 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
53b4337795 combine test files 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
9193984f1b delete the experimental query library for cookie queries 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
6858acc6a9 port experimental cookie models to non-experimental 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
a3c55c2aec use set literal instead of big disjunction of literals 2021-10-26 12:55:25 +02:00
Mathias Vorreiter Pedersen
47a85bbb1d Merge pull request #6869 from MathiasVP/fix-prefix/suffix-equality 
Java/JS/Python: Replace '.prefix'/'.suffix' with '.matches'
 2021-10-14 13:47:03 +01:00
Mathias Vorreiter Pedersen
f3bb0a676e JS: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:23:07 +01:00
CodeQL CI
a0dd3d9e75 Merge pull request #6815 from asgerf/js/adjust-security-severity-scores 
Approved by erik-krogh, esbena
 2021-10-07 02:36:19 -07:00
Asger Feldthaus
3a20ca96c4 JS: Update CWE tags and severity score of code injection query 
The derived security-severity score of the JS code injection query
was much lower than for other languages (6.1 versus 9.3), possibly due
some differences in CWE tags, such as the inclusion of CWE-079.

We also add the more specific CWE-095 ("eval injection") for consistency
with other languages. It is a child of CWE-094 ("code injection") which
was already tagged.
 2021-10-05 10:12:19 +02:00
Asger Feldthaus
c4e8af983a JS: Update score and add CWE-730 to LoopBoundInjection 
This is a denial-of-service query, but was missing the CWE-730 tag
("denial of service") and consequently had a lower score than the
other DoS queries.
 2021-10-05 10:10:01 +02:00
Asger Feldthaus
682a71176d JS: Make TaintedFormatString have same severity as LogInjection 
The CWE number for this query is associated with buffer overflows
from printf/scanf-style functions in C++, which has likely determined
its derived security score.

But in JavaScript, a tainted format string is unlikely to lead to
anything worse than log injection so we're manually update its score
to reflect this.
 2021-10-05 10:10:01 +02:00
Asger Feldthaus
83ca4ef6d9 JS: Lower security-severity of queries with speculative threat model 
In the CVSS calculator we model this by setting 'Attack Complexity' to
High and 'User Interaction' to Low (as opposed to None).

CVSS vector:
  CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
 2021-10-05 10:10:01 +02:00
Erik Krogh Kristensen
8d6cac76cc apply suggestions from asgerf 2021-10-04 12:45:02 +02:00
Erik Krogh Kristensen
51b56a9e28 add cwe 090 (ldap injection) and cwe 943 (Improper Neutralization of Special Elements in Data Query Logic) to SqlInjection.ql 2021-10-01 09:01:29 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen
aafae24ef2 update qhelp 2021-09-28 23:11:02 +02:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
Erik Krogh Kristensen
3f736d3eb8 Merge pull request #6694 from erik-krogh/owasp-fixes 
JS/Java: use the correct cwe tags
 2021-09-15 13:46:35 +02:00
Erik Krogh Kristensen
b936a04826 add some fitting CWEs to existing queries 2021-09-14 14:59:24 +02:00
Erik Krogh Kristensen
6d12c4aab1 use the correct cwe tags 2021-09-14 14:42:23 +02:00
Erik Krogh Kristensen
5fe6671cc5 making it more explicit what character class matching is used for 2021-08-23 08:30:50 +02:00
Erik Krogh Kristensen
4cc2ac9d35 exclude char classes that match everything 2021-08-18 08:59:17 +00:00
Erik Krogh Kristensen
5d4c434d34 restrict char class matches to alpha-numeric chars 2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
59f0a41665 support more regular expressions in js/incomplete-multi-character-sanitization 2021-08-17 15:10:20 +02:00
Asger Feldthaus
cb0075f15a JS: Remove use of deprecated API 2021-08-12 09:30:43 +02:00