hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-20 22:27:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
39,707 Commits 1,758 Branches 167 Tags
2771d3471bdbcd488d8c7d91c13994e236ba2749
Commit Graph

7577 Commits

Author SHA1 Message Date
tombolton
2771d3471b update XssThroughDom with Eriks recent changes 2022-05-25 14:44:14 +01:00
tombolton
07251ac35c replace StoredXss with CodeInjection in alert counting query 2022-05-25 14:44:14 +01:00
tombolton
c397a98922 remove additional XssThroughDom import 2022-05-25 14:44:14 +01:00
tombolton
dadfbb886a fix case in ExtractEndpointData.qll 2022-05-25 14:44:13 +01:00
tombolton
27f50d6118 update docstrings of CodeInjection and XssThroughDom queries 2022-05-25 14:44:13 +01:00
tombolton
a71f10494f explicitly include individual boosted queries in the ATM suite 2022-05-25 14:44:13 +01:00
tombolton
63626fdc67 add XssThroughDomATM.ql 2022-05-25 14:44:13 +01:00
tombolton
be6f6f5298 use new module names based on depreciation warning 2022-05-25 14:44:12 +01:00
tombolton
9ef4bf5441 fix case in CodeInjectionATM.qll 2022-05-25 14:44:12 +01:00
tombolton
a7d385cf99 add XssThroughDom and CodeInjection to mapping query 2022-05-25 14:44:12 +01:00
tombolton
adb4fc324f add XssThroughDom and CodeInjection to ExtractEndpointData.qll 2022-05-25 14:44:12 +01:00
tombolton
5f5e86c2b2 add XssThroughDom and CodeInjection to Queries.qll 2022-05-25 14:44:11 +01:00
tombolton
0c4dc1a143 add CodeInjection sink to the endpoint types 2022-05-25 14:44:11 +01:00
tombolton
de1bc89099 add CodeInjection extraction and evaluation queries 2022-05-25 14:44:11 +01:00
tombolton
f2f6379054 fix docstrings in XssThroughDom queries 2022-05-25 14:44:10 +01:00
tombolton
f2a0c38232 add XssThroughDom extraction and evaluation queries 2022-05-25 14:44:10 +01:00
tombolton
91fa17a05e simplify imports in counting queries 2022-05-24 15:02:26 +01:00
tombolton
7e32614c25 refactor counting code into a library 2022-05-24 15:02:26 +01:00
tombolton
33964383d7 add individual per-security-query counting queries 2022-05-24 15:02:26 +01:00
Erik Krogh Kristensen
b2d3a7dca5 add change-note for the public renamed predicate 2022-05-24 11:20:08 +02:00
Erik Krogh Kristensen
a404a8c61a use more set literals instead of big disjunctions 2022-05-24 11:09:10 +02:00
Erik Krogh Kristensen
b48806968c delete redundant import 2022-05-24 11:02:41 +02:00
Erik Krogh Kristensen
395ec106b9 remove unused field 2022-05-24 11:02:18 +02:00
Erik Krogh Kristensen
d58fe8e193 add explicit this 2022-05-24 10:59:13 +02:00
Erik Krogh Kristensen
d1ad08ecb5 fix misspellings in predicate names 2022-05-24 10:57:13 +02:00
Erik Krogh Kristensen
aa01cf11c2 Merge pull request #9125 from erik-krogh/exportObj 
JS: recognize functions that return object of methods as library input
 2022-05-23 19:57:34 +02:00
Erik Krogh Kristensen
0c10927adc Merge pull request #9261 from erik-krogh/passport 
JS: remove support for passport in the session-fixation query
 2022-05-23 19:56:42 +02:00
Erik Krogh Kristensen
aadbc989ce fix typo in comment 
Co-authored-by: Asger F <asgerf@github.com>
 2022-05-23 15:07:29 +02:00
Erik Krogh Kristensen
ba844aa0ab Merge branch 'main' into exportObj 2022-05-23 14:18:31 +02:00
Asger F
0929f5eb49 JS: Update test assertions to new syntax 2022-05-23 13:12:52 +02:00
Asger Feldthaus
33dac5e95f JS: API graph support for accessors (and classes) 2022-05-23 13:12:52 +02:00
Erik Krogh Kristensen
7a3bbede1b remove support for passport in the session-fixation query 2022-05-23 12:55:11 +02:00
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Mathias Vorreiter Pedersen
1280d43e36 Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2 
Post-release preparation for codeql-cli-2.9.2
 2022-05-17 10:01:37 +01:00
Erik Krogh Kristensen
2550988006 change @id from js/actions/injection to js/actions/command-injection 2022-05-17 09:25:05 +02:00
Nick Rolfe
c518150b49 Merge pull request #9132 from github/nickrolfe/misspelling 
QL for QL: generalise non-US spelling query
 2022-05-16 16:03:36 +01:00
Erik Krogh Kristensen
23981cb323 Merge pull request #7626 from erik-krogh/CWE-377 
JS: add query for detecting insecure temporary files
 2022-05-16 15:25:17 +02:00
github-actions[bot]
b7cbd8fd75 Post-release preparation for codeql-cli-2.9.2 2022-05-12 18:21:38 +00:00
Nick Rolfe
1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Nick Rolfe
2ed42c327c JS: fix typos in comments 2022-05-12 16:02:19 +01:00
Erik Krogh Kristensen
762f7bf7fe Merge pull request #9115 from erik-krogh/fileAndFolder 
JS: resolve main module when there is a folder with the same name as the main file
 2022-05-12 14:55:28 +02:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Erik Krogh Kristensen
4bef451156 Merge pull request #9021 from erik-krogh/actions 
JS: promote `js/actions/injection` out of experimental
 2022-05-12 14:38:38 +02:00
Nick Rolfe
234a36ff61 Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes 
Fix non-US spellings and the corresponding query
 2022-05-12 12:29:14 +01:00
Erik Krogh Kristensen
fef4455ccc apply suggestion from doc review 
Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>
 2022-05-12 13:28:45 +02:00
github-actions[bot]
ee9980b31c Release preparation for version 2.9.2 2022-05-12 10:17:28 +00:00
Tom Hvitved
0a7892797e Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens 
Ruby: Introduce `With(out)Element` MaD input tokens
 2022-05-12 11:49:51 +02:00
Erik Krogh Kristensen
9050f9999c recognize functions that return object of methods as library input 2022-05-12 09:56:19 +02:00