hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-28 16:17:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
030af8eac3f1cc331f1f518b5d0e5c7587cf0791
codeql/javascript/ql/lib/semmle/javascript/security
History
BazookaMusic e612db2ec9 Promote user prompt injection query to stable security 
Move UserPromptInjection out of experimental into stable JavaScript security locations.

Set js/user-prompt-injection precision to low and remove experimental tagging.

Move supporting dataflow libraries, qhelp/examples, and tests to stable paths and update references.
2026-06-11 11:28:14 +02:00
..
dataflow
Promote user prompt injection query to stable security
2026-06-11 11:28:14 +02:00
domains
Moved new query to 'experimental'
2024-07-09 16:38:01 +01:00
regexp
JS/PolynomialReDoSQuery
2025-10-28 09:40:16 +01:00
CommonFlowState.qll
JS: Migrate TaintedObject to a CommonFlowState
2024-12-13 10:08:08 +01:00
CorsPermissiveConfigurationCustomizations.qll
Accept MaD sanitizers for queries with MaD sinks
2026-02-17 12:45:24 +00:00
CorsPermissiveConfigurationQuery.qll
Merged config classes
2025-09-04 12:31:24 +00:00
CryptoAlgorithms.qll
JS: Fix import
2025-07-16 14:41:50 +02:00
FunctionalityFromUntrustedSource.qll
Formatting of QLL
2024-07-09 18:16:37 +01:00
IncompleteBlacklistSanitizer.qll
JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged.
2024-11-28 11:26:36 +01:00
IncompleteMultiCharacterSanitizationQuery.qll
fix FP by requiring that the regular expression mention on of the chars important in the prefix
2023-07-01 20:30:09 +02:00
IncompleteMultiCharacterSanitizationSpecific.qll
use RegExpTreeView insteaed of RegexTreeView in JS
2022-11-22 12:55:48 +01:00
PasswordInConfigurationFileQuery.qll
rename more acronyms
2022-08-25 20:52:27 +02:00
SensitiveActions.qll
Use shared SensitiveDataHeuristics
2025-07-14 11:38:47 +02:00
TaintedObject.qll
JS: Mass rename to node1,state1,node2,state2 naming convention
2024-12-16 15:35:46 +01:00
TaintedObjectCustomizations.qll
JS: Migrate TaintedObject to a CommonFlowState
2024-12-13 10:08:08 +01:00
TaintedUrlSuffix.qll
JS: Use flow state in barrier and step relations
2024-12-13 10:08:02 +01:00
TaintedUrlSuffixCustomizations.qll
JS: Fix some Ql4Ql violations.
2025-09-01 15:17:53 +02:00
UselessUseOfCat.qll
Py/JS/RB: Use instanceof in more places
2022-12-12 16:06:57 +01:00