codeql-queries

codeql-queries copied to clipboard

[JS] - Enhancement to add jose decodeJWT to js/jwt-missing-verification

1

Add additional logic to [JWT Verification query](https://codeql.github.com/codeql-query-help/javascript/js-jwt-missing-verification/) `js/jwt-missing-verification` - https://www.npmjs.com/package/jose - `decodeJWT` - [not secure by itself](https://github.com/panva/jose/blob/main/docs/functions/util_decode_jwt.decodeJwt.md) Reproduction - https://github.com/vulna-felickz/ts-jose-jwtdecode/blob/main/src/index.ts#L4 Detections: - Potential TP: https://github.com/backstage/backstage/blob/6c0867be8dacd8c8a87ac3aa222327ac98f2d370/plugins/auth-backend/src/providers/azure-easyauth/provider.ts#L88-L88 - Potential FP based on...

felickz

CSRF validation missing - enhanced rule forked from main CodeQL queries

1

Improvement from existing `cs/web/missing-token-validation` rule. I also don't want to take the same shortcut checking that at least one other HttpPost is validated before flagging those that aren't, since that...

aegilops

cs/unsafe-deserialization-untrusted-input - deserialization flow steps

1

- [Add csharp debugging query for partial flows](https://github.com/advanced-security/codeql-queries/commit/6c3342356fcf30e5bf4d1b297a2c6174b00d21c2) - WIP: Add flow steps for deserialization flow `cs/unsafe-deserialization-untrusted-input` to [detect this flow](https://github.com/appsecco/dvcsharp-api/blob/e8d3f88aa8e0f018d21641b61644025ecdcb73a0/Controllers/ImportsController.cs#L29-L46) - Queries - csharp/CWE-502/UnsafeDeserialization.ql - csharp/CWE-502/UnsafeDeserializationQuery.qll - Flow Steps...

felickz

Update CWE-798 to new dataflow API

2

Add code to update CWE-798 with tests passing for both old and new version of the code 👍

securingdev

Add CWE 338 test case

1

Add test case for CWE-388; It doesn't not appear that a rewrite for the new dataflow API is required with this query 👍

securingdev