hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
264f4ab5ab8892f8d38930d430ed91920064693d
codeql/javascript/ql/src/Security/CWE-078
History
Asger Feldthaus 83ca4ef6d9 JS: Lower security-severity of queries with speculative threat model 
In the CVSS calculator we model this by setting 'Attack Complexity' to
High and 'User Interaction' to Low (as opposed to None).

CVSS vector:
  CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
2021-10-05 10:10:01 +02:00
..
examples
add qhelp for js/shell-command-constructed-from-input
2020-05-17 10:32:27 +02:00
CommandInjection.qhelp
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
CommandInjection.ql
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
IndirectCommandInjection.qhelp
JS: add query js/indirect-command-line-injection
2019-07-31 09:24:25 +02:00
IndirectCommandInjection.ql
JS: Lower security-severity of queries with speculative threat model
2021-10-05 10:10:01 +02:00
ShellCommandInjectionFromEnvironment.qhelp
JS: add query js/shell-command-injection-from-environment
2019-10-21 23:31:55 +02:00
ShellCommandInjectionFromEnvironment.ql
JS: Lower security-severity of queries with speculative threat model
2021-10-05 10:10:01 +02:00
UnsafeShellCommandConstruction.qhelp
Apply suggestions from doc review
2020-05-21 14:32:02 +02:00
UnsafeShellCommandConstruction.ql
JS: Lower security-severity of queries with speculative threat model
2021-10-05 10:10:01 +02:00
UselessUseOfCat.qhelp
add link to The Useless Use of Cat Award
2020-03-02 12:28:51 +01:00
UselessUseOfCat.ql
JS: Lower security-severity of queries with speculative threat model
2021-10-05 10:10:01 +02:00