Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Commit faf43ef

Browse files
smowtonsmowton
committed
Promote OAuth2 constant-state query to mainline
1 parent 0ee7bbb commit faf43ef

13 files changed

Lines changed: 3 additions & 1 deletion

File tree

change-notes/2020-08-18-oauth2.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
lgtm,codescanning
2+
* The query "Use of constant `state` value in OAuth 2.0 URL" (`go/constant-oauth2-state`) has been promoted from experimental status. This checks for use of a constant state value in generating an OAuth2 redirect URL, which may open the way for a CSRF attack.

ql/src/experimental/CWE-352/ConstantOauth2State.qhelp renamed to ql/src/Security/CWE-352/ConstantOauth2State.qhelp

File renamed without changes.

ql/src/experimental/CWE-352/ConstantOauth2State.ql renamed to ql/src/Security/CWE-352/ConstantOauth2State.ql

File renamed without changes.

ql/src/experimental/CWE-352/ConstantOauth2StateBad.go renamed to ql/src/Security/CWE-352/ConstantOauth2StateBad.go

File renamed without changes.

ql/src/experimental/CWE-352/ConstantOauth2StateBetter.go renamed to ql/src/Security/CWE-352/ConstantOauth2StateBetter.go

File renamed without changes.

ql/test/experimental/CWE-352/ConstantOauth2State.qlref

Lines changed: 0 additions & 1 deletion
This file was deleted.

ql/test/experimental/CWE-352/ConstantOauth2State.expected renamed to ql/test/query-tests/Security/CWE-352/ConstantOauth2State.expected

File renamed without changes.

ql/test/experimental/CWE-352/ConstantOauth2State.go renamed to ql/test/query-tests/Security/CWE-352/ConstantOauth2State.go

File renamed without changes.

ql/test/query-tests/Security/CWE-352/ConstantOauth2State.qlref

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Security/CWE-352/ConstantOauth2State.ql

ql/test/experimental/CWE-352/go.mod renamed to ql/test/query-tests/Security/CWE-352/go.mod

File renamed without changes.

0 commit comments

Comments
 (0)