hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-12 00:11:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4c1a0058bf39a8413b8e4f10c1bc883511a6aa4a
codeql/javascript/ql/src
History
tonghuaroot e93bc11f6f Add experimental JS query for SSRF guards missing IPv6-transition unwrap 
Add javascript/ssrf-ipv6-transition-incomplete-guard, an experimental
@kind problem query that flags hand-rolled SSRF host guards which reject
private/loopback IPv4 ranges but never unwrap IPv6-transition forms
(IPv4-mapped ::ffff:, NAT64 64:ff9b::, 6to4 2002::). Such guards can be
bypassed by wrapping an internal IPv4 address in a transition literal.

Includes a .qhelp with good/bad examples, a change note, and a test pack
with two true-positive fixtures (private-ip package guard and a
hand-written RFC 1918 denylist) and two negative-control fixtures
(ipaddr.js range classifier and an explicit ::ffff: unwrap).

Signed-off-by: tonghuaroot <23011166+tonghuaroot@users.noreply.github.com>
2026-06-06 21:47:24 +08:00
..
.vs
AngularJS
Changed js/angular/dependency-injection-mismatch to reliability and correctness
2025-06-19 17:16:32 +02:00
change-notes
Add experimental JS query for SSRF guards missing IPv6-transition unwrap
2026-06-06 21:47:24 +08:00
codeql-suites
C#/Java/JavaScript: Re-factor query suites to use the new selector.
2025-06-26 14:19:27 +02:00
Comments
JavaScript: Add some medium precision queries to the code-quality-extended suite.
2025-09-09 15:47:03 +02:00
Declarations
JavaScript: Add some medium precision queries to the code-quality-extended suite.
2025-09-09 15:47:03 +02:00
Diagnostics
Renames diagnostic query files and tests
2024-01-29 20:19:20 +00:00
DOM
JavaScript: Add some medium precision queries to the code-quality-extended suite.
2025-09-09 15:47:03 +02:00
Electron
Fix cwe tags to include leading zero
2025-04-30 16:43:03 +01:00
experimental
Add experimental JS query for SSRF guards missing IPv6-transition unwrap
2026-06-06 21:47:24 +08:00
Expressions
JS: Fix bad join in DuplicateProperty.ql
2025-11-13 09:46:08 +01:00
external
JS: Make implicit this receivers explicit
2023-05-03 15:31:00 +02:00
filters
JS: Move ClassifyFiles.qll to library pack
2021-10-06 16:08:06 +01:00
JSDoc
Lower precision for a number of queries.
2020-05-19 13:43:17 +01:00
JSLint/examples
LanguageFeatures
JS: Remove two invalid QHelp links
2025-10-24 08:45:12 +02:00
meta
JS: Remove old metric-meta query TypedExprs.ql
2025-06-23 12:55:12 +02:00
Metrics
Fix invalid link to Ecmascript 2015 specification
2022-08-15 14:44:18 -04:00
NodeJS
Changed js/node/missing-exports-qualifier to reliability and correctness
2025-06-19 19:24:00 +02:00
Performance
JavaScript: Add some medium precision queries to the code-quality-extended suite.
2025-09-09 15:47:03 +02:00
Quality
Java/Javascript: Fix violations.
2025-07-03 11:56:33 +02:00
React
JS: mass add missing quality related tags to relevant queries
2025-06-16 14:05:57 +02:00
RegExp
JavaScript: Add some medium precision queries to the code-quality-extended suite.
2025-09-09 15:47:03 +02:00
Security
CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0
2025-10-22 11:32:33 +00:00
StandardLibrary/examples
Statements
JavaScript: Add some medium precision queries to the code-quality-extended suite.
2025-09-09 15:47:03 +02:00
Summary
Mark LOC queries as debug instead
2024-03-20 21:18:55 +00:00
Vue
JS: mass add missing quality related tags to relevant queries
2025-06-16 14:05:57 +02:00
.project
.qlpath
AlertSuppression.ql
AlertSuppression: move library into util folder
2022-12-21 10:39:57 +01:00
CHANGELOG.md
Release preparation for version 2.25.6
2026-05-29 11:27:54 +00:00
codeql-pack.release.yml
Release preparation for version 2.25.6
2026-05-29 11:27:54 +00:00
definitions.ql
Move definitions.ql back to src
2022-07-15 11:48:15 -07:00
qlpack.lock.yml
Packaging: Rafactor Javascript core libraries
2021-08-25 12:15:56 -07:00
qlpack.yml
Post-release preparation for codeql-cli-2.25.6
2026-05-29 12:04:35 +00:00