hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-05 21:47:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,346 Commits 1,777 Branches 169 Tags
1129200e07a2ce8cd292d819705d02541c473312
Commit Graph

7336 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
1129200e07 Remove pseudo-properties 2022-04-01 18:00:36 +00:00
Esben Sparre Andreasen
cf9d289df5 Remove 2020 sinks from SqlInjection.ql 2022-04-01 18:00:36 +00:00
Esben Sparre Andreasen
209744e83a Remove 2020 sinks from Xss.ql 2022-04-01 18:00:36 +00:00
Esben Sparre Andreasen
2feed51e00 Remove 2020 sinks from TaintedPath.ql 2022-04-01 18:00:36 +00:00
Esben Sparre Andreasen
11944625ac address review comments 2022-04-01 14:33:30 +02:00
Esben Sparre Andreasen
c7873ac3de Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-04-01 14:08:58 +02:00
Esben Sparre Andreasen
ba350116f3 fix semantic merge conflict 2022-04-01 09:31:49 +02:00
Esben Sparre Andreasen
602ea4aa0b rename new features 2022-04-01 09:06:01 +02:00
Esben Sparre Andreasen
76e965211f add more features 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
1a8abeec06 improve feature documentation 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
278e325026 improve feature tests with more cases 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
d1f8eb408f improve access path strings 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
71211841b8 support import in getSimpleAccessPath 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
51062dd8a7 support await in getSimpleAccessPath 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
125fe7f506 avoid using new feautes by default 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
a50aa3554f add CompareFeatures.ql 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
94f2b1db19 add generic tests for features 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
232230c81c Document EndpointFeatures.qll 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
a9bd191f85 add ParameterAccessPathSimpleFromArgumentTraversal 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
4d1ceda93a improve getSimpleAccessPath 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
0ab7da0550 refactor calleeAccessPath feature to class 2022-04-01 08:51:29 +02:00
Stephan Brandauer
b27c9ce47c refactor getACallBasedTokenFeature to class-use 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
1510d6c501 Add CalleeAccessPathSimpleFromArgumentTraversal 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
9b97fc4562 refactor EndpointFeatures.ql to use classes 2022-04-01 08:51:29 +02:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization 
Incomplete url string sanitization
 2022-03-31 10:59:51 +02:00
Chuan-kai Lin
48015e5a2e Merge pull request #8597 from cklin/run-js-ml-tests 
JS: Fix expected test output for ATM queries
 2022-03-30 13:10:02 -07:00
Chuan-kai Lin
a8dabb238d JS: Fix expected test output for ATM queries 2022-03-30 11:35:17 -07:00
Arthur Baars
031d183bdf Merge pull request #8532 from aibaars/regex-refactor-2 
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
 2022-03-30 16:38:47 +02:00
Asger Feldthaus
e152416317 JS: write all CSV rows as literals 2022-03-28 15:30:18 +02:00
Asger F
e5f2b830f3 Merge pull request #8577 from asgerf/fix-mad-warning 
JS/Ruby: Fix regexp in MaD checking
 2022-03-28 15:29:16 +02:00
Asger F
f22df765ed Merge pull request #8533 from asgerf/mad-receiver-token 
JS/Ruby: Represent non-positional arguments with Argument/Parameter tokens
 2022-03-28 15:28:52 +02:00
Asger Feldthaus
7e6206ed36 JS: Fix the regexp for valid MaD token arguments 2022-03-28 12:43:43 +02:00
Arthur Baars
b103679d8a JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll 2022-03-28 12:17:26 +02:00
Erik Krogh Kristensen
cf94c93b1a Merge pull request #8481 from erik-krogh/schemeChain 
JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check
 2022-03-25 11:13:10 +01:00
Arthur Baars
65f8f56095 Merge branch 'main' into incomplete-url-string-sanitization 2022-03-24 11:27:30 +01:00
Asger Feldthaus
b0b795dbbb JS: Autoformat 2022-03-23 19:15:01 +01:00
Asger Feldthaus
95122b2b6c JS: Support Argument[this] token 2022-03-23 18:06:12 +01:00
Asger Feldthaus
d476f976fe JS: Support Parameter[this] token 2022-03-23 18:06:12 +01:00
CodeQL CI
ac29d5f51b Merge pull request #8523 from asgerf/js/api-graph-receiver-label 
Approved by erik-krogh
 2022-03-23 15:31:12 +00:00
github-actions[bot]
1e620c99c6 JS: Bump patch version of ML-powered library and query packs post-release 2022-03-23 11:53:34 +00:00
github-actions[bot]
dc0c8374d2 JS: Bump minor version of ML-powered library and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
2b42d84ccd JS: Bump patch version of ML-powered model pack post-release 2022-03-23 11:47:53 +00:00
github-actions[bot]
6fbc0e6e32 JS: Bump ML model pack dependency of ML-powered model building and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
8d13662315 JS: Bump minor version of ML-powered model pack 2022-03-23 11:47:08 +00:00
Asger Feldthaus
f2285709bd JS: Change note 2022-03-23 10:42:51 +01:00
Asger Feldthaus
59d5c54432 JS: Update test output from knex 2022-03-23 10:42:51 +01:00
Asger Feldthaus
73071bdc08 JS: Change getAParameter to not return the receiver 2022-03-23 10:42:51 +01:00
Asger Feldthaus
6bef5a70b3 JS: Add dedicated API graph label for receiver, instead of parameter -1 2022-03-23 10:42:51 +01:00
Rasmus Wriedt Larsen
bbf60b875e Merge pull request #8476 from RasmusWL/shared-concepts-scaffolding 
Python/JS/Ruby: Shared concepts scaffolding
 2022-03-23 10:22:42 +01:00
Erik Krogh Kristensen
8ae04e04d4 Merge pull request #8509 from erik-krogh/fpXss 
JS: filter away reads of .src that end in a URL sink for js/xss-through-dom
 2022-03-22 14:51:17 +01:00