hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
45,539 Commits 1,741 Branches 165 Tags
245be44eacfa3b950ced71869eaec2ebbd618066
Commit Graph

5 Commits

Author SHA1 Message Date
Henry Mercer
5a3daa9e3f JS: Add CWE tags for ML-powered queries 
- Cross-site scripting: CWE-79
- Path injection: CWE-22, CWE-23, CWE-36, CWE-73, CWE-99
- NoSQL injection: CWE-943
- SQL injection: CWE-89
 2022-02-21 16:18:33 +00:00
Henry Mercer
84907f91f1 JS: Fix copy/paste error in XSS ML-powered queries results patterns 
We didn’t catch this because our unit tests test only library code due
to the previous difficulty of running queries with an ML model (the ML
models in packs work should fix that), and because the end-to-end
evaluation runs separate queries that have different result patterns.

Going forward we should create unit tests for the queries themselves,
which will require using the ML model in tests. We should also be able
to catch this type of error using DCA.
 2022-01-21 15:17:52 +00:00
Henry Mercer
ffa4135cbe JS: Update alert messages for ML-powered queries 2022-01-17 17:19:49 +00:00
Henry Mercer
e9bb9f5294 JS: Update names, IDs, and tags for ML-powered queries 2022-01-13 17:45:40 +00:00
Henry Mercer
4d7a8285ad JS: Initial commit of Adaptive Threat Modeling 2021-10-18 17:24:24 +01:00