hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-21 14:47:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
39,707 Commits 1,758 Branches 167 Tags
2771d3471bdbcd488d8c7d91c13994e236ba2749
Commit Graph

153 Commits

Author SHA1 Message Date
tombolton
2771d3471b update XssThroughDom with Eriks recent changes 2022-05-25 14:44:14 +01:00
tombolton
07251ac35c replace StoredXss with CodeInjection in alert counting query 2022-05-25 14:44:14 +01:00
tombolton
c397a98922 remove additional XssThroughDom import 2022-05-25 14:44:14 +01:00
tombolton
dadfbb886a fix case in ExtractEndpointData.qll 2022-05-25 14:44:13 +01:00
tombolton
27f50d6118 update docstrings of CodeInjection and XssThroughDom queries 2022-05-25 14:44:13 +01:00
tombolton
a71f10494f explicitly include individual boosted queries in the ATM suite 2022-05-25 14:44:13 +01:00
tombolton
63626fdc67 add XssThroughDomATM.ql 2022-05-25 14:44:13 +01:00
tombolton
be6f6f5298 use new module names based on depreciation warning 2022-05-25 14:44:12 +01:00
tombolton
9ef4bf5441 fix case in CodeInjectionATM.qll 2022-05-25 14:44:12 +01:00
tombolton
a7d385cf99 add XssThroughDom and CodeInjection to mapping query 2022-05-25 14:44:12 +01:00
tombolton
adb4fc324f add XssThroughDom and CodeInjection to ExtractEndpointData.qll 2022-05-25 14:44:12 +01:00
tombolton
5f5e86c2b2 add XssThroughDom and CodeInjection to Queries.qll 2022-05-25 14:44:11 +01:00
tombolton
0c4dc1a143 add CodeInjection sink to the endpoint types 2022-05-25 14:44:11 +01:00
tombolton
de1bc89099 add CodeInjection extraction and evaluation queries 2022-05-25 14:44:11 +01:00
tombolton
f2f6379054 fix docstrings in XssThroughDom queries 2022-05-25 14:44:10 +01:00
tombolton
f2a0c38232 add XssThroughDom extraction and evaluation queries 2022-05-25 14:44:10 +01:00
tombolton
91fa17a05e simplify imports in counting queries 2022-05-24 15:02:26 +01:00
tombolton
7e32614c25 refactor counting code into a library 2022-05-24 15:02:26 +01:00
tombolton
33964383d7 add individual per-security-query counting queries 2022-05-24 15:02:26 +01:00
Erik Krogh Kristensen
b74d1fdb1a Merge pull request #8783 from erik-krogh/jsAbstractBi 
JS: don't initialize sanitizer-guards in the standard library
 2022-04-29 11:12:16 +02:00
Anna Railton
00b74d8b1c Merge pull request #8895 from github/annarailton-patch-1 
ATM: Update `TaintedPathInjection` -> `TaintedPath`
 2022-04-27 16:15:46 +01:00
Erik Krogh Kristensen
e1c7d369be Merge pull request #8796 from erik-krogh/redundantImport 
Remove redundant imports
 2022-04-27 12:39:51 +02:00
Anna Railton
1f1ef22f90 Update TaintedPathInjection -> TaintedPath 
Lines up with usual naming in https://github.com/github/ml-ql-adaptive-threat-modeling-backend
 2022-04-27 11:27:43 +01:00
Anna Railton
eacfceb6ce Merge pull request #8605 from github/annarailton/new-query-label-mappings 
Experimental (ATM): update query label mappings
 2022-04-26 16:39:06 +01:00
Erik Krogh Kristensen
d389012b75 Merge branch 'main' into redundantImport 2022-04-26 14:24:51 +02:00
Jean Helie
47fdb79cf8 Merge pull request #8751 from github/jhelie/add-gitkeep-to-model-resources 
ML: add .gitkeep to resources dir in which ML models are to be found
 2022-04-25 18:08:24 +02:00
annarailton
9c25da20a4 Update queryNames 2022-04-22 13:42:29 +01:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Erik Krogh Kristensen
81ce8ac715 ATM: fix compiler warnings about unused variables 2022-04-20 18:10:59 +02:00
Erik Krogh Kristensen
4bc36d82f6 update expected output for ATM 2022-04-20 18:10:56 +02:00
Erik Krogh Kristensen
c1c66a0200 refactor CountAlertAndEndpoints to not refer to deprecated files 2022-04-20 18:10:56 +02:00
Erik Krogh Kristensen
c5f7df17ee add .actual files to .gitignore for ATM tests 2022-04-20 18:10:56 +02:00
Erik Krogh Kristensen
b1bad271d5 only activate the PrefixString label in Query.qll files 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
8a5b1668f9 move initialization of sanitizer-guards to Query.qll files 2022-04-20 18:10:53 +02:00
Jean Helie
f1f00ccac5 ML: add .gitkeep to resources dir in which ML models are to be found 2022-04-15 12:19:06 +02:00
Jean Helie
d094bbc06d Merge pull request #8546 from github/jhelie/enforce-unknown-incompatibiliy-with-notasink 
ML: add defensive check to ensure Unknown endpoints cannot also be NotASink
 2022-04-14 11:21:18 +02:00
Jean Helie
1e39a9caae ML: update regression test output following fix to getAnUnknown predicate 2022-04-13 18:14:16 +02:00
Jean Helie
f87cd164ce ML: add defensive check to ensure Unknown endpoints cannot also be NotASink 2022-04-13 18:14:16 +02:00
Jean Helie
f2b813a6e7 ML: add regression test for effective sink that is also NotASink 2022-04-13 18:14:16 +02:00
Jean Helie
407a8a7715 ML: fix ATM expected tests outputs 2022-04-13 14:02:12 +02:00
annarailton
8ae905aef9 Update endpointTypeEncoded -> label 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1821
 2022-04-08 10:22:13 +01:00
annarailton
b0ab7218db Add test for query mappings 2022-04-08 10:22:13 +01:00
annarailton
4808eb9926 Change encoding -> label and description -> labelName 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1820
 2022-04-08 10:22:13 +01:00
annarailton
de4e01a8f2 Change NotASinkType to NegativeType 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1819
 2022-04-08 10:22:13 +01:00
Erik Krogh Kristensen
67e1ffdd3e fix isKnownStepSrc such that it actually includes taint/dataflow-steps 2022-03-31 09:46:01 +02:00
Erik Krogh Kristensen
e038baed36 add .gitignore ignoring test dbs 2022-03-31 09:45:28 +02:00
Chuan-kai Lin
a8dabb238d JS: Fix expected test output for ATM queries 2022-03-30 11:35:17 -07:00
github-actions[bot]
1e620c99c6 JS: Bump patch version of ML-powered library and query packs post-release 2022-03-23 11:53:34 +00:00
github-actions[bot]
dc0c8374d2 JS: Bump minor version of ML-powered library and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
2b42d84ccd JS: Bump patch version of ML-powered model pack post-release 2022-03-23 11:47:53 +00:00