codeql

mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00

Files

Chris Smowton 0eb7ac94cc Add stack-trace exposure query

This is a port of `java/stack-trace-exposure`, and does the same job: warn that a stack dump is written to an HTTP response.

2020-10-06 14:42:59 +01:00

CWE-020

Add query spotting probably-bad escapes in regular expressions.

2020-09-23 15:07:22 +01:00

CWE-022

Fix unused variable in test.

2020-05-13 15:28:49 +01:00

CWE-078

Update data-flow libraries.

2019-12-06 12:14:53 +00:00

CWE-079

Reflected XSS query: exclude more uses of encoding/json.Marshal

2020-09-10 16:52:06 +01:00

CWE-089

Provide better strings for map and struct literals

2020-06-12 11:23:58 +01:00

CWE-190

Fix frontend errors in test.

2020-08-28 12:01:33 +01:00

CWE-209

Add stack-trace exposure query

2020-10-06 14:42:59 +01:00

CWE-295/DisabledCertificateCheck

Fix frontend errors in DisabledCertificateCheck tests.

2020-04-14 10:51:29 +01:00

CWE-312

CleartextLogging: sanitize strings.Split(authheader, ":")[0] and similar

2020-09-14 09:46:14 +01:00

CWE-322

Fix tests for InsecureHostKeyCallback.

2020-08-24 17:06:01 +01:00

CWE-327

Move CWE-327 out of experimental

2020-07-28 15:47:44 +01:00

CWE-352

Promote OAuth2 constant-state query to mainline

2020-09-02 15:05:22 +01:00

CWE-601

Add tests for stdlib-http fields that aren't supposed to cause open-redirect alerts

2020-09-21 16:26:46 +01:00

CWE-640

Add test using hashing

2020-06-17 14:33:53 +01:00

CWE-643

Update dependency stubs

2020-05-13 10:07:14 -07:00

CWE-681

Address review comments 7

2020-08-13 18:22:58 +01:00

CWE-798

Autoformat.

2020-01-17 10:25:10 +00:00

CWE-918

Remove accidentally added binary

2020-05-20 09:19:42 -07:00