hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-13 00:41:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e612db2ec96fd364ce25ca932f96bd1ec26c4307
codeql/javascript/ql/src/Security
History
BazookaMusic e612db2ec9 Promote user prompt injection query to stable security 
Move UserPromptInjection out of experimental into stable JavaScript security locations.

Set js/user-prompt-injection precision to low and remove experimental tagging.

Move supporting dataflow libraries, qhelp/examples, and tests to stable paths and update references.
2026-06-11 11:28:14 +02:00
..
CWE-020
CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0
2025-10-22 11:32:33 +00:00
CWE-022
Merge branch 'main' into js/shared-dataflow-merged
2024-03-13 14:27:16 +01:00
CWE-073
JS: Port TemplateObjectInjection
2023-10-13 13:15:05 +02:00
CWE-078
JS: Port UnsafeShellCommandConstruction
2023-10-13 13:15:06 +02:00
CWE-079
JS: Align DOM XSS query severity with other XSS queries
2025-10-22 11:30:34 +00:00
CWE-089
JS: Port SqlInjection
2023-10-13 13:15:03 +02:00
CWE-094
JS: Remove js/actions/command-injection
2025-06-23 14:41:26 +02:00
CWE-116
javascript: Fix spelling error in documentation
2025-09-15 14:53:22 +01:00
CWE-117
Merge branch 'main' into js/shared-dataflow-merged
2024-03-13 14:27:16 +01:00
CWE-134
JS: Port TaintedFormatString
2023-10-13 13:15:05 +02:00
CWE-178
Update javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
2024-11-25 12:12:12 +01:00
CWE-200
JS: Port FileAccessToHttp
2023-10-13 13:15:04 +02:00
CWE-201
JS: Port PostMessageStar
2023-10-13 13:15:05 +02:00
CWE-209
JS: Port StackTraceExposure
2023-10-13 13:15:05 +02:00
CWE-295
Refactor process.env handling in CleartextLogging and IndirectCommandInjection modules to use ThreatModelSource
2025-05-01 11:14:15 +02:00
CWE-300
patch upper-case acronyms to be PascalCase
2022-03-11 11:10:33 +01:00
CWE-312
JS: Remove js/actions/actions-artifact-leak
2025-06-23 14:39:28 +02:00
CWE-313
Lower the precision of a range of harcoded password queries to remove them from query suites.
2025-05-19 09:26:45 +02:00
CWE-326
add qhelp
2021-11-02 14:45:33 +01:00
CWE-327
Improve qhelp for broken crypto algo queries
2025-10-08 14:10:54 +01:00
CWE-338
Merge branch 'main' into js/shared-dataflow
2024-06-25 11:48:41 +02:00
CWE-346
JS: Port CorsMisconfigurationForCredentials
2023-10-13 13:15:04 +02:00
CWE-347
add missing severities to JS queries
2022-03-16 10:40:34 +01:00
CWE-352
JS: recognize tiny-csrf
2022-12-14 12:30:15 +01:00
CWE-367
fix that js/file-system-race could have FPs related to loops
2022-10-11 13:41:51 +02:00
CWE-377
JS: Port InsecureTemporaryFile
2023-10-13 13:15:05 +02:00
CWE-384
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-400
JS: Port RemotePropertyInjection
2023-10-13 13:15:05 +02:00
CWE-451
ensure consistent casing of names
2022-09-09 10:34:14 +02:00
CWE-502
JS: Port UnsafeDeserialization
2023-10-13 13:15:05 +02:00
CWE-506
JS: Port HardcodedDataInterpretedAsCode
2023-10-13 13:15:04 +02:00
CWE-598
ensure consistent casing of names
2022-09-09 10:34:14 +02:00
CWE-601
JS: Port ClientSideUrlRedirect
2023-10-13 13:15:04 +02:00
CWE-611
JS: Port Xxe
2023-10-13 13:15:06 +02:00
CWE-614
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-640
JS: Port HostHeaderPoisoningInEmailGeneration
2023-10-13 13:15:05 +02:00
CWE-643
JS: Port XpathInjection
2023-10-13 13:15:06 +02:00
CWE-693
Update JS helmet model structure
2024-08-15 16:08:48 -04:00
CWE-730
JS: Port RegExpInjection
2023-10-13 13:15:05 +02:00
CWE-754
JS: Port UnvalidatedDynamicMethodCall
2023-10-13 13:15:06 +02:00
CWE-770
JS: Port ResourceExhaustion
2023-10-13 13:15:05 +02:00
CWE-776
JS: Port XmlBomb
2023-10-13 13:15:06 +02:00
CWE-798
Lower the precision of a range of harcoded password queries to remove them from query suites.
2025-05-19 09:26:45 +02:00
CWE-807
JS: Port ConditionalBypass
2023-10-13 13:15:04 +02:00
CWE-829
JS: Follow naming convention in InsecureModuleFlow module
2024-12-13 11:09:59 +01:00
CWE-830
Added links to eventual location of CUSTOMIZING.md
2024-07-12 14:21:50 +01:00
CWE-834
JS: Port LoopBoundInjection
2023-10-13 13:15:04 +02:00
CWE-843
JS: Port TypeConfusionThroughParameterTampering
2023-10-13 13:15:05 +02:00
CWE-862
update the empty-password-in-config-file qhelp
2022-01-24 13:39:54 +01:00
CWE-912
JS: Port HttpToFileAccess
2023-10-13 13:15:04 +02:00
CWE-915
JS: Simplify config in PrototypePollutingFunction.ql.
2025-02-04 10:47:01 +01:00
CWE-916
JS: Port InsufficientPasswordHash
2023-10-13 13:15:05 +02:00
CWE-918
JS: Port ClientSideRequestForgery
2023-10-13 13:15:03 +02:00
CWE-942
Updated query description and added a sanitizer
2025-09-04 13:16:37 +00:00
CWE-1004
fix good/bad mixup in ClientExposedCookie qhelp
2022-01-24 15:34:30 +01:00
CWE-1275
fix some more style-guide violations in the alert-messages
2022-10-07 11:22:22 +02:00
CWE-1427
Promote user prompt injection query to stable security
2026-06-11 11:28:14 +02:00
trest
Updated SocketClass to use API Graphs.
2025-04-04 08:47:27 +02:00