hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 13:46:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,551 Commits 1,673 Branches 157 Tags
295152cd324600d9ee78e264e26a484d76452db1
Commit Graph

334 Commits

Author SHA1 Message Date
Henry Mercer
241951f53e Merge branch 'main' into codeql-ci/atm/release-0.4.6 2023-01-23 18:24:36 +00:00
github-actions[bot]
be481d975c JS: Bump version of ML-powered library and query packs to 0.4.7 2023-01-23 18:22:18 +00:00
github-actions[bot]
40a67d61d2 JS: Bump patch version of ML-powered library and query packs 2023-01-23 18:15:56 +00:00
Jean Helie
9e6f9c2705 Merge pull request #11709 from github/jhelie/add-shell-command-injection 
ATM: add boosted version for `ShellCommandInjectionFromEnvironment` query
 2023-01-20 16:03:30 +01:00
Jean Helie
fec7ea6964 ATM: add missing query help files 2023-01-17 12:20:17 +01:00
Jean Helie
b08fa43fdf update tests 2023-01-17 12:20:17 +01:00
Jean Helie
f07984bab2 update test data 2023-01-17 12:20:17 +01:00
Jean Helie
13aaa22df5 add bosted version of ShellCommandInjectionFromEnvironment 2023-01-17 12:20:17 +01:00
Henry Mercer
70f1015fba Merge branch 'main' into codeql-ci/atm/release-0.4.5 2023-01-12 12:32:25 +00:00
github-actions[bot]
76e121e359 JS: Bump version of ML-powered library and query packs to 0.4.6 2023-01-10 21:11:23 +00:00
github-actions[bot]
dc88bdccc7 JS: Bump patch version of ML-powered library and query packs 2023-01-10 21:04:31 +00:00
Tony Torralba
3b6dae41cd JavaScript: Remove omittable exists variables 2023-01-10 13:37:21 +01:00
Jean Helie
938a7e828c update tests 2022-12-16 15:31:43 +01:00
Jean Helie
cd0220b248 update autogenerated data for endpoint_large_scale 2022-12-16 14:03:01 +01:00
Jean Helie
904a4bd48b fix script updating endpoint_large_scale test data 2022-12-16 14:03:00 +01:00
Henry Mercer
6023a1225c Merge pull request #11673 from github/codeql-ci/atm/release-0.4.4 
JS: Bump version numbers of ML-powered packs after 0.4.4 release
 2022-12-14 10:27:00 +00:00
Henry Mercer
423374a7b8 Merge branch 'main' into codeql-ci/atm/release-0.4.4 2022-12-13 14:26:21 +00:00
github-actions[bot]
745823ca60 JS: Bump version of ML-powered library and query packs to 0.4.5 2022-12-13 13:32:52 +00:00
github-actions[bot]
ea13925a92 JS: Bump patch version of ML-powered library and query packs 2022-12-13 13:28:09 +00:00
erik-krogh
b3a9c1ca06 Py/JS/RB: Use instanceof in more places 2022-12-12 16:06:57 +01:00
Henry Mercer
78f15755d7 Merge branch 'main' into codeql-ci/atm/release-0.4.3 2022-12-07 20:49:26 +00:00
github-actions[bot]
d577eeeea8 JS: Bump version of ML-powered library and query packs to 0.4.4 2022-12-07 20:05:30 +00:00
github-actions[bot]
9702ea02fb JS: Bump patch version of ML-powered library and query packs 2022-12-07 20:01:33 +00:00
Tiferet Gazit
1a9dd48a88 Merge pull request #11551 from github/tiferet/endpoint-characteristics-test 
ATM: Test for contradictory endpoint characteristics
 2022-12-06 18:36:41 -08:00
tiferet
cf29cde2e8 Apply suggestions from code review 2022-12-06 18:05:04 -08:00
tiferet
93e3c72c6a Test for contradictory endpoint characteristics 2022-12-02 10:29:39 -08:00
tiferet
d211decfb4 Fix error in last commit 2022-12-02 09:03:44 -08:00
Tiferet Gazit
c0aae3d68e Apply suggestions from code review 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-12-02 09:00:45 -08:00
tiferet
d17383d98c Add XssThroughDom 2022-12-02 06:59:32 -08:00
tiferet
2e20abca90 Undo error from previous commit 
Oops, now I see why that wasn't private
 2022-12-02 06:59:31 -08:00
tiferet
294f34bf07 Small improvement 
Not strictly needed, but better to keep things private when possible
 2022-12-02 06:59:31 -08:00
tiferet
a317f2bfe2 Test for endpoints scored at inference time 
Adds a test to detect changes in the endpoints that get scored at inference time.
 2022-12-02 06:59:31 -08:00
Jean Helie
352d1a7e8c ATM: update tests 2022-12-01 19:01:30 +01:00
Jean Helie
98923cee94 ATM: update missing .qll 2022-12-01 18:47:36 +01:00
Jean Helie
ae0d82efd8 ATM: update predicate name 2022-12-01 18:22:33 +01:00
Jean Helie
880548bafc Merge branch 'main' into tiferet/boost-xss-through-dom 2022-12-01 18:13:27 +01:00
Jean Helie
50a3c0d725 ATM: update expected ML test values 2022-12-01 17:53:09 +01:00
Jean Helie
f388703a3d ATM: update further files following the addition of XssThroughDom query 2022-12-01 17:45:07 +01:00
tiferet
4a6de3e444 Apply suggestion from code review 2022-11-30 17:25:19 -08:00
tiferet
a0a742eb82 Rename predicates to fit style guide: 
- `getEndpoints` → `appliesToEndpoint`
- `getImplications` → `hasImplications`
- `getAlerts` → `hasAlert`
 2022-11-30 17:01:56 -08:00
tiferet
b885249d9d Add a boosted version of XssThroughDOM 2022-11-29 17:40:20 -08:00
tiferet
c5184d37e7 Suggestion from code review: 
Name the query configuration e.g. `NosqlInjectionATMConfig` rather than `Configuration`.
 2022-11-29 15:46:05 -08:00
tiferet
6f807e9d43 Doc suggestion from code review 2022-11-29 13:20:47 -08:00
tiferet
75cd7a9ebc Remove code duplication in query .ql files: 
Define the query for finding ATM alerts in the base class `AtmConfig`, and call it from each query's .ql file.
 2022-11-29 13:20:47 -08:00
tiferet
a710b723d1 Move the definition of isSink to the base class: 
Holds if `sink` is a known taint sink or an "effective" sink.
 2022-11-29 13:20:47 -08:00
tiferet
cd24ec88d6 Move the definition of isSource to the base class: 
A long as we're not boosting sources, `isSource` is identical to `isKnownSource`.
 2022-11-29 13:20:47 -08:00
tiferet
50291c7b7c AtmConfig inherits from TaintTracking::Configuration. 
That way the specific configs which inherit from `AtmConfig` also inherit from `TaintTracking::Configuration`.

This removes the need for two separate config classes for each query.
 2022-11-29 13:20:47 -08:00
tiferet
05a943c9b5 Delete StandardEndpointFilters. 
All remaining functionality in `StandardEndpointFilters` is only being used in `EndpointCharacteristics`, so it can be moved there as a small set of helper predicates.
 2022-11-29 13:20:47 -08:00
tiferet
5402f047bf Delete CoreKnowledge. 
All remaining functionality in `CoreKnowledge` is only being used in `EndpointCharacteristics`, so it can be moved there as a small set of helper predicates.
 2022-11-29 13:20:47 -08:00
tiferet
1d4b2ccab4 Merge branch 'main' into tiferet/complexity-reduction 2022-11-29 12:47:18 -08:00