hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
264f4ab5ab8892f8d38930d430ed91920064693d
codeql/javascript/ql/src/Security/CWE-094
History
Asger Feldthaus 3a20ca96c4 JS: Update CWE tags and severity score of code injection query 
The derived security-severity score of the JS code injection query
was much lower than for other languages (6.1 versus 9.3), possibly due
some differences in CWE tags, such as the inclusion of CWE-079.

We also add the more specific CWE-095 ("eval injection") for consistency
with other languages. It is a child of CWE-094 ("code injection") which
was already tagged.
2021-10-05 10:12:19 +02:00
..
examples
JS: Delete old query and update qhelp
2020-12-01 17:05:48 +00:00
CodeInjection.qhelp
JS: Address review comments
2020-12-04 09:07:44 +00:00
CodeInjection.ql
JS: Update CWE tags and severity score of code injection query
2021-10-05 10:12:19 +02:00
ImproperCodeSanitization.qhelp
shorten sentence in qhelp
2020-06-17 17:24:18 +02:00
ImproperCodeSanitization.ql
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
UnsafeDynamicMethodAccess.qhelp
JS: address doc review
2018-11-21 14:19:14 +00:00
UnsafeDynamicMethodAccess.ql
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00