hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

10105 Commits

Author SHA1 Message Date
Daniel Santos
64da2cec50 removed unnecessary getACall and fixed formatting 2022-10-26 12:02:55 -05:00
erik-krogh
0f9b4334cc remove some FPs in js/password-in-configuration-file 2022-10-26 11:51:56 +02:00
erik-krogh
21e7e27e1f push more context into load/store steps from the exploratory flow-analysis 2022-10-26 10:52:47 +02:00
Asger F
414bd40c41 JS: Do not track returned values out of the enclosing function 2022-10-26 09:29:49 +02:00
tyage
7a19744cf2 add change note 2022-10-26 15:17:50 +09:00
tyage
95dca7c3ed update comment 2022-10-26 15:13:59 +09:00
tyage
09f8ca8cc0 add query in comment 2022-10-26 15:13:03 +09:00
tyage
232893aafa make query parameters in ServerSideProps and next/router 
as a RemoteFlowSource
 2022-10-26 14:41:07 +09:00
tyage
1f4fc7fc2d add params, query to test 2022-10-26 10:53:11 +09:00
tyage
06925681b0 add test for context.params 2022-10-26 10:53:11 +09:00
Daniel Santos
f7ace6f801 Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-25 14:27:03 -05:00
Daniel Santos
feece6f7b4 Merge branch 'github:main' into main 2022-10-25 10:43:20 -05:00
Daniel Santos
5b080481aa TokenBuiltFromUuid formatting 2022-10-25 09:51:48 -05:00
Daniel Santos
375edf7455 TokenAssignmentValueSink refactor 2022-10-25 09:50:04 -05:00
Alvaro Muñoz
9830d2bebc Format Restify.qll 2022-10-25 12:53:44 +02:00
Henry Mercer
1dc14bcaee Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.6 2022-10-25 10:54:08 +01:00
Alvaro Muñoz
a80b691358 Remove unnecessary TaggedTemplateEntryPoint 2022-10-25 11:44:45 +02:00
Alvaro Muñoz
37ea3f23f1 Refactored ReplySource to ReplyCall. Got rid of unnecessary ref() 2022-10-25 11:42:48 +02:00
github-actions[bot]
caf3a098c8 JS: Bump version of ML-powered library and query packs to 0.3.7 2022-10-25 09:12:00 +00:00
github-actions[bot]
5d100c8036 JS: Bump patch version of ML-powered library and query packs 2022-10-25 09:00:40 +00:00
Daniel Santos
a2ad924376 Minor formatting fixes 2022-10-24 09:38:17 -05:00
Alvaro Muñoz
742e4aa471 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-24 16:17:11 +02:00
Daniel Santos
066ffb7520 Tokens built from predictable UUIDs 2022-10-22 11:15:43 -05:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
Josh Soref
ff6676e59b spelling: normalize 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
Josh Soref
c5c9f4d746 spelling: dependencies 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Alvaro Muñoz
c7ac237968 Update test results after merging new XSS improvements 2022-10-19 23:41:37 +02:00
Alvaro Muñoz
c10087b9a3 Merge branch 'restify_improvements' of https://github.com/pwntester/codeql into restify_improvements 2022-10-19 22:18:29 +02:00
Alvaro Muñoz
009403b61e Add QLDoc for FormatterSetup.getAFormatterHandler 2022-10-19 22:18:13 +02:00
Alvaro Muñoz
2ad5a70cf1 Merge branch 'main' into restify_improvements 2022-10-19 21:57:37 +02:00
Alvaro Muñoz
245be44eac Merge branch 'main' into javascript_xss_improvements 2022-10-19 18:18:19 +02:00
Alvaro Muñoz
976dd7f99f Fix format errors 2022-10-19 18:14:25 +02:00
Alvaro Muñoz
31d271b8e1 Fix format errors 2022-10-19 17:32:34 +02:00
Henry Mercer
6a12d676b8 Merge pull request #10878 from jsoref/spelling-ml 
Spelling ml
 2022-10-19 16:28:06 +01:00
Henry Mercer
3afb9c1b3b Merge pull request #10845 from github/henrymercer/remove-worsening-queries 
ATM: Remove worsening-based queries
 2022-10-19 10:05:53 +01:00
Josh Soref
d722448796 spelling: injection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:27:37 -04:00
Josh Soref
a4beafbe44 spelling: classifier 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:27:37 -04:00
Alvaro Muñoz
b79f7f3e95 Address code review comments 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-18 21:42:15 +02:00
Alvaro Muñoz
6ab62da015 Add Restify/Spife support 2022-10-18 21:41:34 +02:00
github-actions[bot]
fa274e4375 ATM: Update ML model to 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d 2022-10-18 11:53:42 +00:00
Erik Krogh Kristensen
71135da7ff Merge pull request #10768 from erik-krogh/fixFileLoops 
JS: fix that js/file-system-race could have FPs related to loops
 2022-10-17 12:01:55 +02:00
Henry Mercer
c0ac7ad7db Remove query for worsening-based classifier evaluation 2022-10-14 15:35:43 +01:00
Henry Mercer
63ab295a46 Remove queries for worsening-based evaluation 2022-10-14 15:18:19 +01:00
erik-krogh
a6c83a7b14 add change-note 2022-10-14 09:20:33 +02:00
Alvaro Muñoz
41fea776e8 Do not discard XSS sinks when non-content-type headers are local to the sendArgument expression 2022-10-13 17:50:43 +02:00
Josh Soref
45d1e3f9b2 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
124c5544cf spelling: predicates 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
52a3e3c2fd spelling: heuristic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
5d94733078 spelling: ambiguously 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:51:25 -04:00