Esben Sparre Andreasen
|
3435fc4397
|
XXX make use of resulting model
|
2022-06-29 16:47:51 +02:00 |
|
Stephan Brandauer
|
87c54621d8
|
enable new features for experimentation
|
2022-06-29 15:15:38 +02:00 |
|
Stephan Brandauer
|
d04974a12b
|
add stringConcatenatedWith feature to help the model learn that string concatenation leaves are usually not sinks
|
2022-06-29 15:15:38 +02:00 |
|
Stephan Brandauer
|
8f9ca33f59
|
add assignedToPropName feature to let the model improve number of false positives for XSS query
|
2022-06-29 15:15:38 +02:00 |
|
Stephan Brandauer
|
e1b9945383
|
fix bug in InputArgumentIndex feature
|
2022-06-29 15:15:38 +02:00 |
|
Stephan Brandauer
|
c1af1e0cc5
|
performance fixes
|
2022-06-29 15:15:38 +02:00 |
|
Stephan Brandauer
|
b1103b7c5a
|
use ? for unknown parameternames
|
2022-06-29 15:15:38 +02:00 |
|
Stephan Brandauer
|
d2b5cd1a45
|
add documentations and rename a feature
|
2022-06-29 15:15:38 +02:00 |
|
Stephan Brandauer
|
05f2bd6f0a
|
add functionInterfacesInFile and surroundingFunctionParameters features
|
2022-06-29 15:15:38 +02:00 |
|
Stephan Brandauer
|
4d6942cf06
|
documentation for calleeImports ATM feature
|
2022-06-29 15:15:38 +02:00 |
|
Stephan Brandauer
|
a35ec612e5
|
documentation for new feature
|
2022-06-29 15:15:38 +02:00 |
|
Stephan Brandauer
|
8b0075f2b4
|
ATM: new feature to list all imports in an endpoint's file
|
2022-06-29 15:15:38 +02:00 |
|
Esben Sparre Andreasen
|
d30316f1ea
|
use proper import instead of inlining
|
2022-06-29 15:15:38 +02:00 |
|
Esben Sparre Andreasen
|
6f5bc6c8a6
|
remove Input_ArgumentIndexAndAccessPathFromCallee
|
2022-06-29 15:15:38 +02:00 |
|
Esben Sparre Andreasen
|
04dfd0f5f3
|
add docstring examples
|
2022-06-29 15:15:38 +02:00 |
|
Esben Sparre Andreasen
|
ac956f93ad
|
address review comments
|
2022-06-29 15:15:38 +02:00 |
|
Esben Sparre Andreasen
|
006ac2599f
|
Apply suggestions from code review
Co-authored-by: Henry Mercer <henrymercer@github.com>
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
c2fc89c96d
|
fix semantic merge conflict
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
d196af4972
|
rename new features
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
1bba9a557a
|
add more features
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
6eeb8be082
|
improve feature documentation
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
751b807fbe
|
improve feature tests with more cases
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
0189206af2
|
improve access path strings
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
7c8549ca2f
|
support import in getSimpleAccessPath
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
553014ac51
|
support await in getSimpleAccessPath
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
ccdec2fb98
|
avoid using new feautes by default
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
53b33c0a32
|
add CompareFeatures.ql
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
9dc8774624
|
add generic tests for features
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
fdecb35c7c
|
Document EndpointFeatures.qll
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
0ed5785a15
|
add ParameterAccessPathSimpleFromArgumentTraversal
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
2948f5bc47
|
improve getSimpleAccessPath
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
e0e6e0eb9e
|
refactor calleeAccessPath feature to class
|
2022-06-29 15:15:37 +02:00 |
|
Stephan Brandauer
|
2581d183da
|
refactor getACallBasedTokenFeature to class-use
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
2dfa68dd2a
|
Add CalleeAccessPathSimpleFromArgumentTraversal
|
2022-06-29 15:15:37 +02:00 |
|
Esben Sparre Andreasen
|
dadc99b641
|
refactor EndpointFeatures.ql to use classes
|
2022-06-29 15:15:37 +02:00 |
|
Erik Krogh Kristensen
|
b81251865f
|
Merge pull request #9716 from erik-krogh/htmlTypeSan
JS: sanitize non-strings from html-constructed-from-input
|
2022-06-28 17:31:00 +02:00 |
|
Erik Krogh Kristensen
|
112caa3f5d
|
rewrite qldoc based on review
|
2022-06-28 13:23:44 +02:00 |
|
Asger F
|
cc57cb8af5
|
Merge branch 'main' into post-release-prep/codeql-cli-2.10.0
|
2022-06-27 20:37:25 +02:00 |
|
Erik Krogh Kristensen
|
34e7589844
|
sanitize non-strings from unsafe-html-construction
|
2022-06-27 13:53:44 +02:00 |
|
github-actions[bot]
|
d506f448ef
|
Post-release preparation for codeql-cli-2.10.0
|
2022-06-24 07:36:33 +00:00 |
|
Asger F
|
f5a19a1013
|
JS: Fix unused variable FP in template placeholders
|
2022-06-23 19:26:32 +02:00 |
|
github-actions[bot]
|
a74051c658
|
Release preparation for version 2.10.0
|
2022-06-23 11:17:46 +00:00 |
|
Rasmus Wriedt Larsen
|
3248f7b423
|
Merge pull request #9649 from RasmusWL/certificate-modeling
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
|
2022-06-23 12:04:58 +02:00 |
|
Erik Krogh Kristensen
|
08e4c8b195
|
Merge pull request #9634 from erik-krogh/jqueryParam
JS: add all jquery plugin parameters as source to js/html-constructed-from-input
|
2022-06-23 08:57:20 +02:00 |
|
Rasmus Wriedt Larsen
|
876ba71d9b
|
Python/JS/Ruby: Add change-note
|
2022-06-22 11:14:05 +02:00 |
|
Rasmus Wriedt Larsen
|
2ce4b7b9fc
|
SensitiveDataHeuristics: sync
|
2022-06-22 11:05:14 +02:00 |
|
Erik Krogh Kristensen
|
e1c34c11ed
|
add all jquery plugin parameters as source to js/html-constructed-from-input
|
2022-06-21 13:22:56 +02:00 |
|
Erik Krogh Kristensen
|
dde7e9e2e8
|
add test for jquery plugin parameters in js/html-constructed-from-input
|
2022-06-21 13:21:57 +02:00 |
|
Edoardo Pirovano
|
70dbd92e25
|
Bump minor version of all regularly released packs
|
2022-06-21 11:22:58 +01:00 |
|
Edoardo Pirovano
|
ad02b85efa
|
Merge branch main into rc/3.6
|
2022-06-21 11:15:25 +01:00 |
|