hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-07 08:06:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
29659647eaee68fb010ec4d55e06f7320a85ebf9
codeql/javascript/ql/lib/semmle/javascript/security
History
Asger F 29659647ea JS: Fix barrier guards for ServerSideUrlRedirect 
The barrier guards for ServerSideUrlRedirect were lost when it was ported to ConfigSig, and the aforementioned spurious alert was a result of that.

The query had two guards: a proper barrier guard and a heuristic one for functions named 'isLocalURL'. We should move away from the heuristic name-based sanitiser guards, so I'm only reinstating the proper barrier guard.

Therefore updating the test to test the real barrier guard.
2025-02-28 13:28:43 +01:00
..
dataflow
JS: Fix barrier guards for ServerSideUrlRedirect
2025-02-28 13:28:43 +01:00
domains
Moved new query to 'experimental'
2024-07-09 16:38:01 +01:00
internal
Sync identical files.
2025-01-10 10:26:13 +00:00
regexp
JS: Provide more precise related locations
2025-02-11 14:12:03 +01:00
CommonFlowState.qll
JS: Migrate TaintedObject to a CommonFlowState
2024-12-13 10:08:08 +01:00
CryptoAlgorithms.qll
JS, Python, Ruby: Make implicit this receivers explicit
2023-05-03 13:51:51 +02:00
FunctionalityFromUntrustedSource.qll
Formatting of QLL
2024-07-09 18:16:37 +01:00
IncompleteBlacklistSanitizer.qll
JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged.
2024-11-28 11:26:36 +01:00
IncompleteMultiCharacterSanitizationQuery.qll
fix FP by requiring that the regular expression mention on of the chars important in the prefix
2023-07-01 20:30:09 +02:00
IncompleteMultiCharacterSanitizationSpecific.qll
use RegExpTreeView insteaed of RegexTreeView in JS
2022-11-22 12:55:48 +01:00
PasswordInConfigurationFileQuery.qll
rename more acronyms
2022-08-25 20:52:27 +02:00
SensitiveActions.qll
JS: do fewer regexp matches in SensitiveActions
2024-04-23 15:31:38 +01:00
TaintedObject.qll
JS: Mass rename to node1,state1,node2,state2 naming convention
2024-12-16 15:35:46 +01:00
TaintedObjectCustomizations.qll
JS: Migrate TaintedObject to a CommonFlowState
2024-12-13 10:08:08 +01:00
TaintedUrlSuffix.qll
JS: Use flow state in barrier and step relations
2024-12-13 10:08:02 +01:00
TaintedUrlSuffixCustomizations.qll
JS: Model query-string parsers that strip off ? or #
2025-02-11 10:41:23 +01:00
UselessUseOfCat.qll
Py/JS/RB: Use instanceof in more places
2022-12-12 16:06:57 +01:00