hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 07:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,039 Commits 1,700 Branches 161 Tags
fa7295f0a100fac4b3f3c4958ae36eba8a201ffe
Commit Graph

1112 Commits

Author SHA1 Message Date
aegilops
2aff2a7385 Fixed code markup 2024-07-08 11:31:06 +01:00
aegilops
c003f265b0 Fixed missing li closing tag 2024-07-08 10:58:06 +01:00
aegilops
b4d8c4889a Fixed wrong name for example HTML 2024-07-01 16:58:03 +01:00
aegilops
1744a98017 Added full stop to end of message 2024-07-01 16:53:22 +01:00
aegilops
ceda46e317 Fixed ending <p> tags 2024-07-01 16:52:28 +01:00
aegilops
a1b0703690 Added detection for specific Polyfill.io CDN compromise - edited existing library and added new query and tests 2024-07-01 16:21:34 +01:00
aegilops
fc6fba8d06 Fixed CWE tags 2024-07-01 14:25:47 +01:00
aegilops
d1d082982a More external references 2024-07-01 14:25:29 +01:00
Asger F
ecf418b8f6 Merge branch 'main' into js/shared-dataflow 2024-06-25 11:48:41 +02:00
aegilops
1ecd72727d Renamed README to CUSTOMIZING, removed details from qhelp and referenced md doc instead 2024-06-19 17:59:43 +01:00
aegilops
a07639f4f6 Set severity to 7.0, in line with other configuration queries 2024-06-19 17:43:41 +01:00
aegilops
26f1b36736 Fixed formatting 2024-06-19 17:41:58 +01:00
aegilops
252c9e9416 Added data extension to set defaults, updated help, added README to explain customization 2024-06-19 17:27:17 +01:00
aegilops
d142f830da Change note and changed name of query in .ql file 2024-06-19 12:04:32 +01:00
aegilops
8a3cec4977 Fix formatting for check 2024-06-19 11:38:20 +01:00
aegilops
de96d3951d Renamed to helmetProperty everywhere 2024-06-19 10:15:06 +01:00
aegilops
f4691b1919 Changed to more-modern Dataflow libraries 2024-06-19 10:11:06 +01:00
aegilops
81ef255a87 Change to helmetProperty from helmetSetting variable name 2024-06-19 10:09:50 +01:00
aegilops
da9e1e61a4 Moved examples into separate files 2024-06-18 19:50:06 +01:00
aegilops
975811ae59 Change layout of qhelp example code 2024-06-07 15:50:06 +01:00
aegilops
7136763c37 Formatting 2024-06-07 15:36:39 +01:00
aegilops
465d64a810 Removed br tags 2024-06-07 15:34:45 +01:00
aegilops
29322f5ff0 Merge branch 'aegilops/js/insecure-helmet-middleware' of https://github.com/aegilops/codeql into aegilops/js/insecure-helmet-middleware 2024-06-07 15:32:23 +01:00
aegilops
f5d465f08a Added data extension to allow setting extra required Helmet features 2024-06-07 15:32:11 +01:00
Paul Hodgkinson
65dfd4c860 Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-05-21 14:46:49 +01:00
aegilops
68e21a594a Fixed query help formatting issues 2024-05-21 14:35:18 +01:00
aegilops
83037b1195 Adjust structure to avoid warnings about message 2024-05-21 13:51:13 +01:00
aegilops
3a885eaf9f Insecure Helmet middle configuration - frameguard or CSP to 'false' 2024-05-20 11:58:55 +01:00
erik-krogh
56dff8540f add an example of how to get a floating point value between 0 and 1 2024-05-16 11:15:07 +02:00
erik-krogh
066f3b61a2 RandomSource is deprecated, it's crypto now 2024-05-16 11:14:50 +02:00
erik-krogh
39a8b49222 add qhelp recommendation that you can use an obvious placeholder value 2024-05-03 19:37:31 +02:00
erik-krogh
ff85db36e2 exclude credentials as kind key from hardcoded-credentials when the key looks like a dummy password 2024-05-03 13:58:11 +02:00
Asger F
c408ab9e6a Merge branch 'main' into js/shared-dataflow 2024-05-02 19:43:34 +02:00
erik-krogh
baa31e1469 delete outdated deprecations 2024-04-25 22:19:28 +02:00
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
Felicity Chapman
4cb2f53223 Remove unwanted period from query name 
Our style guide states that names should not end in a period. I'm updating this now to allow us to automate a process for GitHub docs, see: https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#query-name-name
 2023-11-30 14:31:17 +00:00
Max Schaefer
dfffa1e237 Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-11-21 10:07:11 +00:00
Max Schaefer
d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
Remco Vermeulen
52540b42fc Merge branch 'main' into rvermeulen/javascript-adjust-security-severity 2023-11-14 11:21:38 -08:00
Remco Vermeulen
6bd7047e41 Restore XssThroughDom.ql's severity 2023-11-14 11:20:51 -08:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
Max Schaefer
741735cc83 Port changes to JavaScript. 2023-10-26 14:47:24 +01:00
Asger F
b8847dbc5d JS: Port Xxe 2023-10-13 13:15:06 +02:00
Asger F
c2d170b4fd JS: Port XpathInjection 2023-10-13 13:15:06 +02:00
Asger F
03f8c0fc5e JS: Port XmlBomb 2023-10-13 13:15:06 +02:00
Asger F
83095535f9 JS: Port UnvalidatedDynamicMethodCall 2023-10-13 13:15:06 +02:00
Asger F
ba9edb4e54 JS: Port UnsafeShellCommandConstruction 2023-10-13 13:15:06 +02:00
Asger F
d08e4504ff JS: Port UnsafeJQueryPlugin 2023-10-13 13:15:06 +02:00
Asger F
6e3f4bd7d8 JS: Port UnsafeHtmlConstruction 2023-10-13 13:15:06 +02:00
Asger F
7f4d42ddcd JS: Port UnsafeDynamicMethodAccess 2023-10-13 13:15:06 +02:00