hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,039 Commits 1,703 Branches 162 Tags
fa7295f0a100fac4b3f3c4958ae36eba8a201ffe
Commit Graph

1112 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
2d1ba59e6d Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-06 21:55:30 +02:00
Erik Krogh Kristensen
7ef641e7b2 add qhelp 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
e86a3b5e57 add js/html-constructed-from-input query 2021-05-06 11:04:49 +02:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Erik Krogh Kristensen
172d6139e2 support all ClientRequests in js/disabling-certificate-validation 2021-04-12 15:06:10 +02:00
Erik Krogh Kristensen
3b6b40489f Merge branch 'main' into topPack 2021-03-25 09:58:15 +01:00
Asger Feldthaus
f8f3770a58 JS: BadRandomness can just use type-tracking now 2021-03-23 14:53:14 +00:00
Erik Krogh Kristensen
d998d06b94 add link to source in alert-message for js/shell-command-constructed-from-input 2021-03-18 13:37:18 +01:00
Asger Feldthaus
96c6e4d8d8 JS: Update with new AdditionalTaintStep subclasses 2021-03-17 13:29:16 +00:00
Erik Krogh Kristensen
b039267b76 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-15 12:39:56 +01:00
Erik Krogh Kristensen
70b8cdee9b add qhelp 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
b30484dd69 behaviour preserving refactorization into modules 2021-03-09 16:17:29 +01:00
Erik Krogh Kristensen
caf1dbdc46 move TemplateObjectInjection out of experimental 2021-03-09 11:29:45 +01:00
Marcono1234
5a8ffa5a85 Use .inc.qhelp extension for included help files 2021-03-04 22:04:48 +01:00
Asger Feldthaus
d916118ea4 JS: Move ExceptionXss source into Xss.qll 2021-03-02 13:16:10 +00:00
Asger Feldthaus
7afa755597 JS: Add ajv error as source of ExceptionXss 2021-03-02 12:39:04 +00:00
Asger Feldthaus
24199a5499 JS: Add query for resource exhaustion from deep object handling 2021-03-02 12:39:04 +00:00
CodeQL CI
527c41520e Merge pull request #4951 from esbena/js/reintroduce-server-crash 
Approved by erik-krogh
 2021-01-22 06:37:50 -08:00
Esben Sparre Andreasen
3f3962f7a9 Update javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-B.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-22 14:03:21 +01:00
Esben Sparre Andreasen
718f6eb3fd JS: update and prettify examples 2021-01-22 13:17:38 +01:00
Esben Sparre Andreasen
9e3cc3b1b2 JS: add qhelp and changenotes for js/server-crash 2021-01-21 08:43:13 +01:00
Esben Sparre Andreasen
3015dcd310 JS: reformulate js/server-crash. Support promises and shorter paths. 2021-01-19 09:08:52 +01:00
CodeQL CI
fc2fe6cccb Merge pull request #4928 from esbena/js/rewrite-multi-sanitization 
Approved by asgerf
 2021-01-18 05:11:42 -08:00
CodeQL CI
4229f556cb Merge pull request #4751 from erik-krogh/logInjection 
Approved by asgerf, mchammer01
 2021-01-14 00:32:46 -08:00
Esben Sparre Andreasen
12b985be87 Update javascript/ql/src/Security/CWE-730/ServerCrash.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-13 14:49:29 +01:00
Erik Krogh Kristensen
c98dacf842 changes based on doc review 2021-01-13 10:38:19 +01:00
Esben Sparre Andreasen
d591c519a8 JS: reformulate js/server-crash as a path problem 2021-01-13 00:08:28 +01:00
Esben Sparre Andreasen
847687974f JS: only select non-nullable terms in the broken sanitizer 2021-01-12 08:50:19 +01:00
Esben Sparre Andreasen
40cfbab335 JS: address review feedback 2021-01-12 08:49:08 +01:00
Esben Sparre Andreasen
2dbd762bd9 JS: reintroduce reverted js/server-crash 
This reverts commit 0a8d15ccc4.
 2021-01-11 14:13:41 +01:00
Esben Sparre Andreasen
580a24e982 JS: rewrite js/incomplete-multi-character-sanitization 2021-01-11 11:26:45 +01:00
Erik Krogh Kristensen
f7f88689c4 use strings in isTypeofGard 2020-12-22 13:55:32 +01:00
Erik Krogh Kristensen
6eb88b9e41 introduce and use TaintTracking::isTypeofGuard 2020-12-22 09:42:12 +01:00
CodeQL CI
9ff6d68a9b Merge pull request #4778 from asgerf/js/more-prototype-pollution 
Approved by erik-krogh, mchammer01
 2020-12-11 13:58:09 -08:00
Asger F
ed729a1963 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-12-09 09:59:55 +00:00
Asger Feldthaus
fd293d07d7 JS: Address doc review 2020-12-09 09:58:52 +00:00
CodeQL CI
8129d0c0ac Merge pull request #4762 from asgerf/js/template-sinks-in-code-injection 
Approved by erik-krogh, mchammer01
 2020-12-07 04:35:11 -08:00
Asger Feldthaus
f96c425a72 JS: Deny -> block 2020-12-07 10:50:01 +00:00
Asger Feldthaus
355cfaaf42 JS: Autoformat 2020-12-07 10:16:39 +00:00
Asger Feldthaus
f132b4a279 JS: Add type confusion sink for prototype pollution checks 2020-12-07 10:16:38 +00:00
Asger Feldthaus
479dcf56ad JS: Update to use more inclusive language 2020-12-07 10:16:38 +00:00
Asger Feldthaus
ca38a1c8b9 JS: Update CWE tags 2020-12-07 10:16:38 +00:00
Asger Feldthaus
25161ed338 JS: Move all prototype pollution queries to CWE-915 2020-12-07 10:16:38 +00:00
Asger Feldthaus
877b4b0752 JS: Move and rename other prototype pollution queries 2020-12-07 10:16:38 +00:00
Asger Feldthaus
972c4d61e5 JS: Add PrototypePollutingAssignment 2020-12-07 10:16:38 +00:00
Asger Feldthaus
f0516dd9e0 JS: Address review comments 2020-12-04 09:07:44 +00:00
CodeQL CI
edbbc846d0 Merge pull request #4753 from max-schaefer/js/more-nosql-query-args 
Approved by asgerf, mchammer01
 2020-12-03 08:46:47 +00:00
Asger Feldthaus
412939d071 JS: Autoformat 2020-12-02 13:08:32 +00:00
Asger Feldthaus
5561e8f1f6 JS: Delete old query and update qhelp 2020-12-01 17:05:48 +00:00
Asger Feldthaus
1459d9197d JS: Adjust alert message for template sinks 2020-12-01 17:05:48 +00:00