hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,671 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

7144 Commits

Author SHA1 Message Date
Andrew Eisenberg
07228672df Merge branch 'main' into aeisenberg/remove-upgrades 2022-01-11 11:25:27 -08:00
Henry Mercer
3f70476c87 ATM: Optimize body tokens by pushing in size limit 
Pushing the restriction to 256 tokens into the `bodyTokens` predicate
means we avoid this predicate blowing up due to very large functions.

This results in a runtime improvement from 1800s+ to 294s as measured
on a problematic repo on my machine (I didn't wait for the query to
finish running).
 2022-01-11 16:16:54 +00:00
Stephan Brandauer
132e0bf4b7 add database accesses as additional (heuristic) remote flow sources 2022-01-11 11:38:41 +01:00
CodeQL CI
d912a98b02 Merge pull request #7171 from asgerf/js/mad 
Approved by erik-krogh
 2022-01-10 13:17:09 +00:00
Erik Krogh Kristensen
f7a63d5ea0 remove duplicated line 2022-01-07 18:38:02 +01:00
Erik Krogh Kristensen
1a8b6d7414 recognize ranges without upper bounds 2022-01-07 18:38:01 +01:00
Erik Krogh Kristensen
acaf294bee support a limited number of regexp ranges 2022-01-07 18:36:30 +01:00
Andrew Eisenberg
6d62227576 Merge pull request #7431 from aeisenberg/aeisenberg/solorigate-publish 
Solorigate: Extract to separate qlpack
 2022-01-06 08:53:32 -08:00
Asger F
c9fcdb8261 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-01-06 11:51:27 +01:00
Asger Feldthaus
a7698b8727 JS: Fix double space 2022-01-05 14:35:02 +01:00
Asger Feldthaus
486beda2fa JS: Factor out common regexp in AccessPathToken 2022-01-05 14:35:02 +01:00
Asger Feldthaus
d33200ea83 JS: Add test for WithArity 2022-01-05 14:35:02 +01:00
Asger Feldthaus
21928bee6c JS: Rename padded -> inversePad 2022-01-05 14:35:01 +01:00
Asger Feldthaus
1989d51942 JS: Update documentation in Impl.qll 2022-01-05 14:35:01 +01:00
Asger Feldthaus
3ced5c9269 JS: Resolve first N tokens instead of constructing each prefix 2022-01-05 14:35:01 +01:00
Asger Feldthaus
772681d249 JS: Initial support for models as data 2022-01-05 14:34:52 +01:00
Dave Bartolomeo
83ceb822aa Move upgrades into standard library packs 
Move upgrade to new location

Remove incorrectly merged files

Fix upgrades section
 2022-01-04 11:30:25 -08:00
github-actions[bot]
1dfcf427aa Release preparation for version 2.7.5 2022-01-04 14:44:56 +00:00
Erik Krogh Kristensen
b9964799f3 Merge pull request #7458 from erik-krogh/modelling 
QL: add "modelling/modeling" to `ql/non-us-spelling`
 2022-01-04 13:33:54 +01:00
Edoardo Pirovano
081765cbe8 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2022-01-04 10:07:34 +00:00
yoff
5ba70ff3b6 Merge pull request #7369 from RasmusWL/filter-tag-cwe 
JS/Py/Ruby: Add more CWEs to bad-tag-filter queries
 2022-01-04 10:11:03 +01:00
Dave Bartolomeo
5f5af4a29e Move change notes to correct location 
A few change notes slipped through the cracks of my previous change. These are now in the proper locations: `old-change-notes` for older notes, and `<lang>\ql\[src|lib]\change-notes` for current change notes.
 2022-01-03 18:21:16 -05:00
Dave Bartolomeo
ded3c52a34 Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa Post-release version bumps 2022-01-03 20:11:15 +00:00
Edoardo Pirovano
a616059761 Fix example in JavaScript query 2021-12-29 12:01:09 +00:00
Alex Ford
3da98ecb73 Bump a date 2021-12-22 16:38:16 +00:00
Alex Ford
a2104de8a0 Move CryptoAlgorithms::AlgorithmsName into a separate internal/CryptoAlgorithmNames.qll 2021-12-22 16:38:15 +00:00
Alex Ford
f16d77615d Remove unused isStrongBlockMode predicate from CryptoAlgorithms.qll 2021-12-22 16:38:15 +00:00
Alex Ford
d3af687767 Add more encryption algorithms and modes to CryptoAlgorithms::AlgorithmNames 
Strong encryption algorithms: ARIA, IDEA, SEED, SM4
Strong block modes: CBC, CFB, CTR, OFB
 2021-12-22 16:38:15 +00:00
Alex Ford
bdb2d8ba16 Ruby: split OpenSSL parts from CryptoALgorithms.qll and sync with JS/Python version 2021-12-22 16:38:15 +00:00
Erik Krogh Kristensen
8019b52838 run the non-us patch with "modelled/modeled" 2021-12-20 17:47:15 +01:00
Erik Krogh Kristensen
d17879e1f9 run the non-us patch 2021-12-20 16:24:41 +01:00
Nick Rolfe
f18492e39b Merge pull request #7443 from github/nickrolfe/behavior 
QL4QL: catch behaviour/behavior in ql/non-us-spelling
 2021-12-20 13:23:53 +00:00
Henry Mercer
144ec8c629 JS: Update featurization for absent features optimization 
Absent features are now represented implicitly by the absence of a row
in the `tokenFeatures` relation, rather than explicitly by an empty
string. This leads to improved runtime performance. To enable this
implicit representation, we pass the set of supported token features to
the `scoreEndpoints` HOP. Requires CodeQL CLI v2.7.4.
 2021-12-17 18:04:42 +00:00
Henry Mercer
bebf4ca8fc Merge pull request #7357 from github/henrymercer/js-atm-only-featurize-with-flow 
JS: Only featurize endpoints that are part of a flow path
 2021-12-17 18:03:40 +00:00
Henry Mercer
055432530f Bump ATM pack version to 0.0.2 2021-12-17 16:49:59 +00:00
Henry Mercer
c1864531cd JS: Push FeaturizationConfig context into more predicates 2021-12-17 16:31:56 +00:00
Henry Mercer
383437c571 JS: Only featurize endpoints that are part of a flow path 2021-12-17 16:31:56 +00:00
Nick Rolfe
28912c508f Fix non-US spelling of 'behavior' 2021-12-17 15:29:31 +00:00
CodeQL CI
de4b655ddb Merge pull request #7327 from asgerf/js/handlebars-more-raw-interpolation 
Approved by erik-krogh
 2021-12-17 14:07:57 +00:00
CodeQL CI
39ec7132af Merge pull request #7049 from asgerf/js/routing-trees 
Approved by erik-krogh
 2021-12-17 12:26:38 +00:00
Asger Feldthaus
89775428b4 JS: Autoformat 2021-12-17 10:32:02 +01:00
Asger Feldthaus
3e6389cad6 JS: Bump extractor version string 2021-12-17 10:32:00 +01:00
Asger Feldthaus
95a93fe033 JS: Change note 2021-12-17 10:31:50 +01:00
Asger Feldthaus
e2c6dd7d56 JS: Recognize {{& ... }} as an XSS sink 2021-12-17 10:31:50 +01:00
Asger Feldthaus
61cc84ba69 JS: Recognize leading/trailing ~ and & in mustache-tags 2021-12-17 10:31:50 +01:00
Asger Feldthaus
ce68a6d1c5 JS: Remove unneeded qualifier in static field access 2021-12-17 10:31:50 +01:00
Andrew Eisenberg
50ee4ab330 Solorigate: Extract to separate qlpack 
Extracts solorigate to separate qlpacks in preparation for
publishing them to the registry.
 2021-12-16 16:09:20 -08:00
Chris Gavin
4a1e2ed408 Add a severity and select the correct number of columns. 2021-12-16 14:02:36 +00:00
Chris Gavin
407c265daf Add kind metadata to example query. 2021-12-16 12:12:36 +00:00