hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 23:56:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
682a71176d15d3baa6ce1625f464768766272633
codeql/javascript/ql/src/Security
History
Asger Feldthaus 682a71176d JS: Make TaintedFormatString have same severity as LogInjection 
The CWE number for this query is associated with buffer overflows
from printf/scanf-style functions in C++, which has likely determined
its derived security score.

But in JavaScript, a tainted format string is unlikely to lead to
anything worse than log injection so we're manually update its score
to reflect this.
2021-10-05 10:10:01 +02:00
..
CWE-020
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-022
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-073
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-078
JS: Lower security-severity of queries with speculative threat model
2021-10-05 10:10:01 +02:00
CWE-079
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-089
JS: Remove use of deprecated API
2021-08-12 09:30:43 +02:00
CWE-094
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-116
making it more explicit what character class matching is used for
2021-08-23 08:30:50 +02:00
CWE-117
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-134
JS: Make TaintedFormatString have same severity as LogInjection
2021-10-05 10:10:01 +02:00
CWE-200
add some fitting CWEs to existing queries
2021-09-14 14:59:24 +02:00
CWE-201
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-209
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-295
use the correct cwe tags
2021-09-14 14:42:23 +02:00
CWE-312
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-313
add some fitting CWEs to existing queries
2021-09-14 14:59:24 +02:00
CWE-327
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-338
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-346
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-352
Update security-severity scores
2021-06-15 13:25:17 +01:00
CWE-400
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-451
Update security-severity scores
2021-06-15 13:25:17 +01:00
CWE-502
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-506
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-601
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-611
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-640
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-643
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-730
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-754
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-770
Update security-severity scores
2021-06-15 13:25:17 +01:00
CWE-776
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-798
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-807
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-829
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-834
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-843
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-912
JS: Lower security-severity of queries with speculative threat model
2021-10-05 10:10:01 +02:00
CWE-915
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-916
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00
CWE-918
JS: Migrate to *Query.qll convention
2021-08-12 09:30:18 +02:00