hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3e96fe60c5250b92d03a45ba4519c92aa371725b
codeql/javascript/ql/src/Security
History
Tony Torralba 3e96fe60c5 Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query 
All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous
2023-06-16 08:52:44 +02:00
..
CWE-020
JS: Make implicit this receivers explicit
2023-05-03 15:31:00 +02:00
CWE-022
Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query
2023-06-16 08:52:44 +02:00
CWE-073
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-078
JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input.
2023-05-12 14:42:11 +01:00
CWE-079
JS: add heuristic variants of queries that use RemoteFlowSource
2022-12-19 12:01:22 +01:00
CWE-089
fix nits from doc review
2023-06-05 19:06:07 +02:00
CWE-094
Update javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp
2023-05-09 12:23:52 +02:00
CWE-116
JavaScript: Remove omittable exists variables
2023-01-10 13:37:21 +01:00
CWE-117
JS: add heuristic variants of queries that use RemoteFlowSource
2022-12-19 12:01:22 +01:00
CWE-134
JS: add heuristic variants of queries that use RemoteFlowSource
2022-12-19 12:01:22 +01:00
CWE-178
use RegExpTreeView insteaed of RegexTreeView in JS
2022-11-22 12:55:48 +01:00
CWE-200
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-201
JavaScript: Remove references to LGTM
2022-12-19 15:15:17 +00:00
CWE-209
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-295
Added check to disabling certificate validation query
2023-03-27 12:16:20 -04:00
CWE-300
patch upper-case acronyms to be PascalCase
2022-03-11 11:10:33 +01:00
CWE-312
Update javascript/ql/src/Security/CWE-312/CleartextLogging.qhelp
2023-02-02 11:12:44 -05:00
CWE-313
remove some FPs in js/password-in-configuration-file
2022-10-26 11:51:56 +02:00
CWE-326
add qhelp
2021-11-02 14:45:33 +01:00
CWE-327
JS: add a missing space in alert message for js/weak-cryptographic-algorithm
2023-03-22 11:12:13 +00:00
CWE-338
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-346
JS: add heuristic variants of queries that use RemoteFlowSource
2022-12-19 12:01:22 +01:00
CWE-347
add missing severities to JS queries
2022-03-16 10:40:34 +01:00
CWE-352
JS: recognize tiny-csrf
2022-12-14 12:30:15 +01:00
CWE-367
fix that js/file-system-race could have FPs related to loops
2022-10-11 13:41:51 +02:00
CWE-377
fix leftover todo in js/insecure-temporary-file
2022-09-06 10:05:50 +02:00
CWE-384
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-400
JS: add heuristic variants of queries that use RemoteFlowSource
2022-12-19 12:01:22 +01:00
CWE-451
ensure consistent casing of names
2022-09-09 10:34:14 +02:00
CWE-502
JS: add heuristic variants of queries that use RemoteFlowSource
2022-12-19 12:01:22 +01:00
CWE-506
make the alert messages of taint-tracking queries more consistent
2022-09-05 14:04:52 +02:00
CWE-598
ensure consistent casing of names
2022-09-09 10:34:14 +02:00
CWE-601
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-611
JS: add heuristic variants of queries that use RemoteFlowSource
2022-12-19 12:01:22 +01:00
CWE-614
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-640
make the alert messages of taint-tracking queries more consistent
2022-09-05 14:04:52 +02:00
CWE-643
JS: add heuristic variants of queries that use RemoteFlowSource
2022-12-19 12:01:22 +01:00
CWE-730
add process.env and process.argv etc. as source for js/regex-injection
2023-02-14 14:21:53 +01:00
CWE-754
Fix javascript
2022-12-20 12:45:59 +09:00
CWE-770
Updated express-rate-limit example to match implementation examples found on packages README
2023-01-18 14:42:40 -05:00
CWE-776
JS: add heuristic variants of queries that use RemoteFlowSource
2022-12-19 12:01:22 +01:00
CWE-798
ignore deliberately hardcoded password strings
2022-02-16 09:47:01 +01:00
CWE-807
JavaScript: Use gender-neutral language in qhelp for js/user-controlled-bypass
2023-05-12 14:21:40 +01:00
CWE-829
spelling: executables
2022-10-11 00:23:36 -04:00
CWE-830
rename more acronyms
2022-08-25 20:52:27 +02:00
CWE-834
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-843
Apply suggestions from code review
2022-01-04 10:07:34 +00:00
CWE-862
update the empty-password-in-config-file qhelp
2022-01-24 13:39:54 +01:00
CWE-912
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-915
add another example of how to fix the prototype pollution issue
2023-05-15 17:24:02 +02:00
CWE-916
Update InsufficientPasswordHash.qhelp
2023-04-17 13:18:47 -04:00
CWE-918
Update RequestForgeryBad.js
2022-12-02 14:17:37 +01:00
CWE-1004
fix good/bad mixup in ClientExposedCookie qhelp
2022-01-24 15:34:30 +01:00
CWE-1275
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00