hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
699d3a0a0aa3aa83672c6267c124a32e8d81fd03
codeql/javascript/ql/test/query-tests/Security
History
Asger F 699d3a0a0a JS: Update a RegExp injection test 
RegExpInjection does not use client-side sources, but one of its tests was using postMessage events
as the taint source. Updating the test to use a different taint source.
2024-08-16 14:20:34 +02:00
..
CWE-020
remove an FP in overly-large-range for [@-Z]
2024-01-25 14:15:06 +01:00
CWE-022
Apply suggestions from code review
2023-11-21 10:07:11 +00:00
CWE-073
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-078
require arguments to be shell interpreted to be flagged by indirect-command-injection
2023-05-17 11:07:45 +02:00
CWE-079
allow more flow through .filter()
2024-03-13 12:03:00 +01:00
CWE-089
use consistent indentation in mongoose.js
2023-06-12 16:40:42 +02:00
CWE-094
Adapt Webix modeling to support HTML use-cases
2023-06-28 15:26:30 +02:00
CWE-116
fix FP by requiring that the regular expression mention on of the chars important in the prefix
2023-07-01 20:30:09 +02:00
CWE-117
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-134
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-178
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-200
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-201
JavaScript: Remove references to LGTM
2022-12-19 15:15:17 +00:00
CWE-209
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-295
add test for https.createServer in DisablingCertificateValidation.ql
2023-03-30 14:15:25 +02:00
CWE-300
add js/http-dependency query
2022-01-19 10:05:39 +01:00
CWE-312
JS: Replace ClearTextLogging::isSanitizerEdge with a node
2023-07-11 14:20:17 +02:00
CWE-313
remove some FPs in js/password-in-configuration-file
2022-10-26 11:51:56 +02:00
CWE-326
don't include mode-of-operation into the algorithm names
2021-11-03 14:54:50 +01:00
CWE-327
Address review comment.
2023-10-27 10:19:28 +01:00
CWE-338
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-346
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-347
update expected output
2022-01-28 12:21:33 +01:00
CWE-352
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-367
fix that js/file-system-race could have FPs related to loops
2022-10-11 13:41:51 +02:00
CWE-377
add query for detecting insecure temprary files
2022-01-18 14:54:56 +01:00
CWE-384
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-400
update expected output
2024-02-22 13:21:11 +01:00
CWE-451
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
CWE-502
JS: Add tests
2023-04-26 12:46:20 +02:00
CWE-506
make the alert messages of taint-tracking queries more consistent
2022-09-05 14:04:52 +02:00
CWE-522-DecompressionBombs
comments improvement,separate module file, fix tests
2023-10-07 12:02:39 +02:00
CWE-598
fix wrong comment
2022-05-31 08:38:03 +02:00
CWE-601
Make suggestion to replace example.com more explicit.
2023-09-12 16:54:05 +01:00
CWE-611
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-614
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-640
make the alert messages of taint-tracking queries more consistent
2022-09-05 14:04:52 +02:00
CWE-643
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-693
Fixed expected test results for Helmet query
2024-06-26 11:31:57 +01:00
CWE-730
JS: Update a RegExp injection test
2024-08-16 14:20:34 +02:00
CWE-754
Fix associated test
2022-12-20 12:51:13 +09:00
CWE-770
Move test files into right directory.
2023-10-26 12:16:52 +01:00
CWE-776
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-798
apply changes from @erik-krogh
2024-08-01 20:14:36 +02:00
CWE-807
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-829
recognize sensitive files by file-system writes
2020-06-25 15:19:42 +02:00
CWE-830
Moved from experimental into default queries
2024-07-11 11:44:01 +01:00
CWE-834
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-843
JS: Expand test case
2022-09-07 14:18:01 +02:00
CWE-862
add a js/empty-password-in-configuration-file query
2022-01-19 10:48:45 +01:00
CWE-912
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-915
Adapt Webix modeling to support HTML use-cases
2023-06-28 15:26:30 +02:00
CWE-916
JavaScript: Update expected output.
2019-10-29 15:36:24 +00:00
CWE-918
add encodeURIComponent as a sanitizer for request-forgery
2023-01-23 13:53:53 +01:00
CWE-1004
add session{key,id} as sensitive info
2021-10-26 13:46:59 +02:00
CWE-1275
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00