hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
66,567 Commits 1,741 Branches 166 Tags
ead247469d7d6d90a2afcd04ccb18409b8a55e18
Commit Graph

263 Commits

Author SHA1 Message Date
toufik-airane
ac8991b192 remove JWTMissingSecretOrPublicKeyVerification.qll 2020-06-22 20:09:48 +02:00
toufik-airane
d9ecb7d762 rewrite help 2020-06-22 20:06:17 +02:00
toufik-airane
d65b7be32b rewrite help 2020-06-22 20:00:52 +02:00
Toufik Airane
bb7ba50e23 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 19:27:36 +02:00
toufik-airane
4853b8a281 Try to finish the PR 
- Add help documentation
- Empty qll file
- rename examples
 2020-06-22 13:26:13 +02:00
toufik-airane
7166d5422e add test file for CWE-347 
Add a test file for CWE-347.
The HS256 algorithm is safe, but the none algorithm is unsafe.
 2020-06-20 17:10:35 +02:00
toufik-airane
8a2a33459a Merge branch 'master' of github.com:toufik-airane/codeql 2020-06-20 16:56:27 +02:00
toufik-airane
b0aaca0e1c JWT Missing Secret Or Public Key Verification 
Add an experimental CodeQL query.
 2020-06-20 16:54:41 +02:00
Esben Sparre Andreasen
baaa31665a Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 2020-06-19 09:05:13 +02:00
Alessio Della Libera
eba64dba7c Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:46 +02:00
Alessio Della Libera
c0271b1627 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:44:38 +02:00
Alessio Della Libera
ffc9a449ab Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:45 +02:00
Alessio Della Libera
e84339d5bf Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-18 19:43:36 +02:00
ubuntu
71a7ec593c Use StringOps to identify functions used for verifing the origin 2020-06-18 19:41:07 +02:00
Alessio Della Libera
cc91026873 Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-06-18 19:31:11 +02:00
Alessio Della Libera
b4f255176a Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.help 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-06-18 19:29:34 +02:00
ubuntu
41c029567f Add CodeQL query to detect Log Injection in JS code 2020-06-17 21:16:24 +02:00
ubuntu
c490cfdfa5 Create another branch 2020-06-17 19:51:14 +02:00
ubuntu
4ccfdef71d Add CodeQL query to detect Log Injection in JS code 2020-06-17 19:44:58 +02:00
ubuntu
3104f8a37b Remove Fields in PostMessageEvent 2020-06-16 18:30:00 +02:00
Alessio Della Libera
68b2a6c848 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:27:21 +02:00
Alessio Della Libera
8843522d14 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:26:42 +02:00
Alessio Della Libera
72dc6510b2 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:22:55 +02:00
ubuntu
e8b05b70c4 Added support for detecting unsafe methods used for origin verification 2020-06-10 23:11:03 +02:00
ubuntu
cf3142e083 Updated qhelp with a third example 2020-06-10 23:09:35 +02:00
ubuntu
92f9f320f9 Added new example of an unsafe event.origin verification 2020-06-10 23:07:05 +02:00
ubuntu
ab65ec40c0 Add Codeql to detect missing 'Message.origin' validation when using postMessage API 2020-06-08 20:18:34 +02:00
monkey-junkie
4594aa470d Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 18:18:06 +03:00
monkey-junkie
5ce9e0d0a2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 14:32:55 +03:00
monkey-junkie
122354a81a Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 12:54:50 +03:00
monkey-junkie
3314dd0614 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-06 11:17:41 +03:00
monkey-junkie
560674b670 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:36:11 +03:00
monkey-junkie
758e85dd3e Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:34:57 +03:00
monkey-junkie
a8019705b5 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:24 +03:00
monkey-junkie
0aaa8af3bd Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:10 +03:00
monkey-junkie
056566ecc1 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:05:01 +03:00
monkey-junkie
3a4ea82ae2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:02:46 +03:00
monkey-junkie
8310c96b97 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:59:06 +03:00
monkey-junkie
25df6e1664 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:49 +03:00
monkey-junkie
700a070a15 Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjection.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:40 +03:00
monkey-junkie
d8fb552097 Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjectionSafe.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:28 +03:00
John Doe
337be9c2e0 ssti query and help updated 2020-05-05 03:58:29 +03:00
John Doe
09922e5bb4 Merge branch 'master' of github.com:monkey-junkie/codeql 2020-05-05 03:44:23 +03:00
John Doe
895aa622bf ssti updated 2020-05-05 03:37:43 +03:00
monkey-junkie
cd18842aa5 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 02:15:58 +03:00
monkey-junkie
a60660617f Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 02:15:00 +03:00
John Doe
68b57502f9 JS SSTI CWE-094 2020-05-03 02:42:45 +03:00
Esben Sparre Andreasen
a66b4b55fe Update javascript/ql/src/experimental/poi/PoI.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-23 09:47:21 +02:00
Esben Sparre Andreasen
161c05dced Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-23 08:41:54 +02:00
Esben Sparre Andreasen
a0e6562208 JS: address review feedback 2020-04-22 14:24:35 +02:00