codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	90bebaa5a9	Merge pull request #6960 from erik-krogh/useSetLiteral use set literal instead of big disjunction of literals	2021-10-26 14:06:05 +02:00
Erik Krogh Kristensen	090fb2df10	Merge pull request #6857 from erik-krogh/fixPipes JS: skip pipes and other special files when determining which files to extract	2021-10-26 13:59:40 +02:00
Erik Krogh Kristensen	9c8a51bca6	cache `SensitiveExpr`	2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen	038438edca	assume that setting the secure/httpOnly flag to some unknown value is good	2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen	5228196f79	fix typos and update docs	2021-10-26 13:47:21 +02:00
Erik Krogh Kristensen	311df4d2b7	add test for the `cookie` npm package	2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen	92d59aa11c	refactor most of the `isSensitive` predicates into a common helper predicate	2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen	834d5ec6ad	add session{key,id} as sensitive info	2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen	1e1e549847	update tests so it's clear which cookies are insecure	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	283b8231cb	add more cookie models	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	2cb3d2c53f	documentation overhaul on client-exposed-cookie (and restricting it to server-side)	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	ab23ffff3d	documentation overhaul for clear-text-cookie	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	f36accf3e6	only report clear-text cookies for sensitive cookies	2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen	53b4337795	combine test files	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	9193984f1b	delete the experimental query library for cookie queries	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	6858acc6a9	port experimental cookie models to non-experimental	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	26a24a3895	prepare move to non-experimental	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	44db920f10	refactor, cleanup, and improvements in experimental cookie queries	2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen	a3c55c2aec	use set literal instead of big disjunction of literals	2021-10-26 12:55:25 +02:00
Erik Krogh Kristensen	dbd1148bd6	apply range pattern patch to javascript	2021-10-25 19:38:00 +02:00
Henry Mercer	7e0e35f364	Rename ATM query pack for consistency with other packs	2021-10-25 17:32:25 +01:00
CodeQL CI	b5554da496	Merge pull request #6924 from asgerf/js/skip-files-with-unsupported-encoding Approved by esbena	2021-10-25 14:48:38 +01:00
Asger Feldthaus	bfb1da55d6	JS: Bump extractor version string	2021-10-25 11:49:56 +02:00
Asger Feldthaus	f3e2b0b946	JS: Avoid using non-existent attribute as parent	2021-10-25 11:49:56 +02:00
Asger Feldthaus	ac62379b17	JS: Add TRAP test	2021-10-25 11:49:39 +02:00
Henry Mercer	02b1fe27d2	Merge pull request #6907 from github/henrymercer/add-experimental-atm-libraries JS: [Internal only] Add experimental libraries and queries for adaptive threat modeling	2021-10-22 11:02:09 +01:00
Asger Feldthaus	fa0ce5380b	JS: Skip files with unsupported file encoding	2021-10-20 12:16:50 +02:00
Henry Mercer	548a344d34	JS: Implement suggestions from review Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>	2021-10-19 12:00:40 +01:00
Henry Mercer	4d7a8285ad	JS: Initial commit of Adaptive Threat Modeling	2021-10-18 17:24:24 +01:00
Geoffrey White	a0e501c3a9	Sync identical files.	2021-10-15 14:34:02 +01:00
Geoffrey White	8f30b8b586	Autoformat.	2021-10-14 16:00:23 +01:00
Geoffrey White	f08d2ee759	Merge branch 'main' into setliterals	2021-10-14 14:39:39 +01:00
Geoffrey White	b9cce57db4	JS: Fix mistake.	2021-10-14 14:22:43 +01:00
Geoffrey White	882adc8e50	JS: Set literals.	2021-10-14 14:22:42 +01:00
Anders Schack-Mulligen	8b6baa250c	Merge pull request #6878 from aschackmull/remove-singleton-setliteral C++/C#/Java/JavaScript/Python: Remove singleton set literals.	2021-10-14 14:53:05 +02:00
Mathias Vorreiter Pedersen	47a85bbb1d	Merge pull request #6869 from MathiasVP/fix-prefix/suffix-equality Java/JS/Python: Replace '.prefix'/'.suffix' with '.matches'	2021-10-14 13:47:03 +01:00
Erik Krogh Kristensen	047aee313c	add pragma[noinline] to predicates where the qldoc mentions join-order	2021-10-14 12:34:25 +02:00
Tom Hvitved	f5420333e2	Sync shared files	2021-10-14 11:49:02 +02:00
Anders Schack-Mulligen	57cb300759	C++/C#/Java/JavaScript/Python: Remove singleton set literals.	2021-10-14 11:34:22 +02:00
Mathias Vorreiter Pedersen	a2371370ff	Merge pull request #6865 from MathiasVP/fix-if-none C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction	2021-10-13 19:47:55 +01:00
Mathias Vorreiter Pedersen	4991301f36	JS: Fix incorrect fix.	2021-10-13 19:45:02 +01:00
Andrew Eisenberg	0d1632a5d2	Move tutorial directly into each qlpack Previously, the tutorial was injected during build time. This is much simpler.	2021-10-13 08:37:04 -07:00
Mathias Vorreiter Pedersen	f3bb0a676e	JS: Replace '.prefix'/'.suffix' with '.matches'.	2021-10-13 13:23:07 +01:00
Mathias Vorreiter Pedersen	887849857d	JS: Replace 'if p() then q() else none()' with a conjunction.	2021-10-13 12:13:55 +01:00
Andrew Eisenberg	bbb2637bcc	QlPacks: Add the defaultSuite to query packs that are missing it Also, change some examples pack names from `codeql-lang-examples` to `codeql/lang-examples`. This doesn't affect behaviour since internally, the legacy name is converted to the modern name.	2021-10-12 11:54:50 -07:00
Erik Krogh Kristensen	7d4266aea7	skip pipes and other special files when determining which files to extract	2021-10-12 14:06:41 +02:00
yoff	f6122c8a6c	Merge pull request #6734 from erik-krogh/regBehind JS/PY: do not filter away regular expressions with lookbehinds	2021-10-10 13:54:26 +02:00
Henry Mercer	4b069d41f6	Merge pull request #6818 from github/henrymercer/js/add-classify-files-to-library-pack JS: Move `ClassifyFiles.qll` to library pack	2021-10-07 11:18:20 +01:00
CodeQL CI	a0dd3d9e75	Merge pull request #6815 from asgerf/js/adjust-security-severity-scores Approved by erik-krogh, esbena	2021-10-07 02:36:19 -07:00
Henry Mercer	83cbc86f50	JS: Move `ClassifyFiles.qll` to library pack This allows us to use this library in packs that depend on the `codeql/javascript-all` library pack.	2021-10-06 16:08:06 +01:00

... 4 5 6 7 8 ...

6853 Commits