codeql

mirror of https://github.com/github/codeql.git synced 2026-01-15 23:44:47 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	e75dc2116f	add CWE-184 to incomplete-scheme-check and bad-tag-filter	2022-01-26 16:13:13 +01:00
Erik Krogh Kristensen	cc527bdecd	Merge pull request #7721 from erik-krogh/CWE-1275 JS: add a js/samesite-none-cookie cookie	2022-01-25 13:28:08 +01:00
Erik Krogh Kristensen	9f9dee5d18	apply documentation suggestions Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-01-25 12:14:16 +01:00
CodeQL CI	8d1e22bc38	Merge pull request #7632 from erik-krogh/CWE-862 Approved by esbena, felicitymay	2022-01-24 12:47:16 -08:00
Erik Krogh Kristensen	d4bac887cf	add a js/samesite-none-cookie cookie	2022-01-24 21:39:41 +01:00
Erik Krogh Kristensen	75f389749a	Merge pull request #7719 from erik-krogh/cwe-219 JS: add CWE-219 to js/exposure-of-private-files	2022-01-24 17:06:09 +01:00
Erik Krogh Kristensen	bb786bc557	fix good/bad mixup in ClientExposedCookie qhelp	2022-01-24 15:34:30 +01:00
Erik Krogh Kristensen	148b0c33a9	update the empty-password-in-config-file qhelp	2022-01-24 13:39:54 +01:00
Erik Krogh Kristensen	ab0d67a573	update query name and description Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-01-24 13:37:25 +01:00
Erik Krogh Kristensen	823cadecd5	add CWE-219 to js/exposure-of-private-files	2022-01-24 13:22:06 +01:00
Erik Krogh Kristensen	ab1bc685bb	add CWE-80 to queries that detect bad HTML sanitizers	2022-01-24 11:01:17 +01:00
Erik Krogh Kristensen	f9d5cbf017	update qhelp Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-01-21 11:26:58 +01:00
Erik Krogh Kristensen	5780161b2c	fix most issues found by ql/class-doc-style in JS	2022-01-20 15:10:16 +01:00
Erik Krogh Kristensen	cb9e14f544	add cwe-471 to js/prototype-pollution	2022-01-19 14:54:57 +01:00
Erik Krogh Kristensen	e4203a4109	add CWE-471 to the prototype-pollution queries	2022-01-19 14:26:34 +01:00
Erik Krogh Kristensen	ef2eacebce	add a js/empty-password-in-configuration-file query	2022-01-19 10:48:45 +01:00
Edoardo Pirovano	f2818ebb5e	Merge pull request #7489 from edoardopirovano/fix-example Fix example in JavaScript query	2022-01-14 08:58:28 +00:00
Edoardo Pirovano	081765cbe8	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2022-01-04 10:07:34 +00:00
yoff	5ba70ff3b6	Merge pull request #7369 from RasmusWL/filter-tag-cwe JS/Py/Ruby: Add more CWEs to bad-tag-filter queries	2022-01-04 10:11:03 +01:00
Edoardo Pirovano	a616059761	Fix example in JavaScript query	2021-12-29 12:01:09 +00:00
CodeQL CI	39ec7132af	Merge pull request #7049 from asgerf/js/routing-trees Approved by erik-krogh	2021-12-17 12:26:38 +00:00
Asger Feldthaus	8aa4d8227e	JS: Rename RouteHandlerInput->RouteHandlerParameter	2021-12-15 16:32:18 +01:00
Asger Feldthaus	218b746f6f	JS: Rename getAUseSite -> getRouteInstallation	2021-12-15 16:21:41 +01:00
Rasmus Wriedt Larsen	1e45fa9ed4	JS/Py/Ruby: Add more CWEs to bad-tag-filter queries CWE-185: Incorrect Regular Expression The software specifies a regular expression in a way that causes data to be improperly matched or compared. https://cwe.mitre.org/data/definitions/185.html CWE-186: Overly Restrictive Regular Expression > A regular expression is overly restrictive, which prevents dangerous values from being detected. > > (...) [this CWE] is about a regular expression that does not match all > values that are intended. (...) https://cwe.mitre.org/data/definitions/186.html From my understanding, CWE-625: Permissive Regular Expression, is not applicable. (since this is about accepting a regex match where there should not be a match).	2021-12-13 10:23:24 +01:00
Asger Feldthaus	23480b2d8f	JS: Remove stray TODO	2021-12-07 10:49:14 +01:00
Asger Feldthaus	5f8ea3965d	JS: Do not flag auth endpoints that are immune to Login CSRF	2021-12-07 10:46:17 +01:00
Asger Feldthaus	66b1612e5e	JS: Treat non-cookie based auth as CSRF preventer	2021-12-07 10:46:17 +01:00
Asger Feldthaus	b73219392b	JS: Improve precision of missing CSRF middleware	2021-12-07 10:46:17 +01:00
Asger Feldthaus	5269933461	JS: Port missing rate limiting query	2021-12-07 10:44:19 +01:00
Asger Feldthaus	389a3c9073	JS: Port CSRF query	2021-12-07 10:43:06 +01:00
Rasmus Wriedt Larsen	7ae1047fda	JS: Tag queries with CWE-328 CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html	2021-12-06 14:02:24 +01:00
yoff	e63f9141e5	Merge pull request #7233 from RasmusWL/fix-cleartext-logging-cwes JS/Py: Fix cleartext logging CWEs	2021-11-29 15:58:10 +01:00
Erik Krogh Kristensen	08ce03cd93	Merge branch 'main' into explicit-this	2021-11-24 15:24:58 +01:00
Rasmus Wriedt Larsen	c05ffd4d00	JS/PY: Remove CWE-315 form CleartextLogging Since it is not relevant for this query: CWE-315: Cleartext Storage of Sensitive Information in a Cookie See https://cwe.mitre.org/data/definitions/315.html	2021-11-24 14:59:18 +01:00
Erik Krogh Kristensen	1cca377e7d	Merge pull request #6561 from erik-krogh/htmlReg JS/Py/Ruby: add a bad-tag-filter query	2021-11-18 09:39:13 +01:00
Erik Krogh Kristensen	0ff36cd083	Merge branch 'main' into explicit-this	2021-11-13 21:01:25 +01:00
Erik Krogh Kristensen	eef7709982	Merge pull request #7057 from erik-krogh/cwe598 JS: add js/sensitive-get-query query	2021-11-12 16:03:21 +01:00
Erik Krogh Kristensen	b513033e0f	Merge pull request #7021 from erik-krogh/cwe326 JS: Add insufficient key size query	2021-11-11 12:17:04 +01:00
Erik Krogh Kristensen	891694b50a	Merge pull request #5908 from erik-krogh/protoLib JS: Add library input as source to js/prototype-polluting-assignment	2021-11-11 12:04:05 +01:00
Erik Krogh Kristensen	140a70f9df	Merge pull request #7029 from erik-krogh/cwe384 JS: add js/session-fixation query	2021-11-11 11:59:52 +01:00
Erik Krogh Kristensen	55434653f5	add CWE-532 to the clear-text-logging query	2021-11-10 14:15:49 +01:00
Erik Krogh Kristensen	ab5d9459c7	Update javascript/ql/src/Security/CWE-384/SessionFixation.qhelp Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>	2021-11-10 08:24:46 +01:00
Erik Krogh Kristensen	330c2c42b5	Merge pull request #7075 from erik-krogh/cwe297 JS: add cwe-297 to `js/disabling-certificate-validation`	2021-11-08 14:35:58 +01:00
Erik Krogh Kristensen	a2175a3207	add cwe-297 to `js/disabling-certificate-validation`	2021-11-08 13:26:53 +01:00
Erik Krogh Kristensen	507c8addb2	add cwe-942 to `js/cors-misconfiguration-for-credentials`	2021-11-08 13:12:19 +01:00
Erik Krogh Kristensen	3d6a5263e0	improve qhelp Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-11-08 12:02:39 +01:00
Erik Krogh Kristensen	02f500b9c2	Merge branch 'main' into htmlReg	2021-11-04 12:58:42 +01:00
Erik Krogh Kristensen	99f5f70345	Merge branch 'main' into protoLib	2021-11-04 12:53:53 +01:00
Erik Krogh Kristensen	bf5e36e9d4	fix docstring Co-authored-by: Asger F <asgerf@github.com>	2021-11-04 12:46:24 +01:00
Erik Krogh Kristensen	4ba5ae09b0	add js/sensitive-get-query query	2021-11-04 12:30:44 +01:00

1 2 3 4 5 ...

664 Commits