hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 04:40:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
35,217 Commits 1,773 Branches 168 Tags
4bb956392f4ac0d61f4e98b05d225333bcf5f91d
Commit Graph

7496 Commits

Author SHA1 Message Date
Henry Mercer
4bb956392f Remove NoSQL sinks since September 2018 2022-05-10 14:18:36 +00:00
Esben Sparre Andreasen
7f65578d40 Remove additional Xss sinks 2022-05-10 14:18:36 +00:00
Esben Sparre Andreasen
2e601ad62c Remove additional SQL sinks 2022-05-10 14:18:36 +00:00
Esben Sparre Andreasen
0c52491612 Remove additional path-injection sinks 2022-05-10 14:18:36 +00:00
Esben Sparre Andreasen
f9d8c84534 Remove pseudo-properties 2022-05-10 14:18:36 +00:00
Esben Sparre Andreasen
b1e80ae550 Remove 2020 sinks from SqlInjection.ql 2022-05-10 14:18:36 +00:00
Esben Sparre Andreasen
9ec58b9d0d Remove 2020 sinks from Xss.ql 2022-05-10 14:18:36 +00:00
Esben Sparre Andreasen
3d83bb9b5e Remove 2020 sinks from TaintedPath.ql 2022-05-10 14:18:36 +00:00
Stephan Brandauer
1a467f70ff enable new features for experimentation 2022-05-10 16:08:29 +02:00
Stephan Brandauer
7acef7d886 add stringConcatenatedWith feature to help the model learn that string concatenation leaves are usually not sinks 2022-05-10 16:08:23 +02:00
Stephan Brandauer
d5cc4cce7e add assignedToPropName feature to try to reduce FPs from assignments to obj.innerHTML 2022-05-10 16:02:53 +02:00
Stephan Brandauer
2021ac48a0 fix bug in InputArgumentIndex feature 2022-05-10 16:02:52 +02:00
Stephan Brandauer
69f21e2545 performance fixes 2022-05-10 16:02:52 +02:00
Stephan Brandauer
f529d12c28 use ? for unknown parameternames 2022-05-10 16:02:52 +02:00
Stephan Brandauer
213a54e71e add documentations and rename a feature 2022-05-10 16:02:50 +02:00
Stephan Brandauer
3ce0abd7e9 add functionInterfacesInFile and surroundingFunctionParameters features 2022-05-10 16:01:54 +02:00
Stephan Brandauer
556dbae803 documentation for calleeImports ATM feature 2022-05-10 16:01:17 +02:00
Stephan Brandauer
fe9ba9d2ff ATM: new feature to list all imports that are used in a callee 2022-05-10 16:01:09 +02:00
Stephan Brandauer
a51ef38d31 documentation for new feature 2022-05-10 15:59:55 +02:00
Stephan Brandauer
9e4c1bb492 ATM: new feature to list all imports in an endpoint's file 2022-05-10 15:59:47 +02:00
Esben Sparre Andreasen
a84e317f0a use proper import instead of inlining 2022-04-29 16:58:22 +02:00
Esben Sparre Andreasen
930591801f remove Input_ArgumentIndexAndAccessPathFromCallee 2022-04-29 16:58:22 +02:00
Esben Sparre Andreasen
1064dc4efc add docstring examples 2022-04-29 16:58:22 +02:00
Esben Sparre Andreasen
17ce41165d address review comments 2022-04-29 16:58:22 +02:00
Esben Sparre Andreasen
3ff35e8658 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-04-29 16:58:21 +02:00
Esben Sparre Andreasen
9e2a211b16 fix semantic merge conflict 2022-04-29 16:58:21 +02:00
Esben Sparre Andreasen
437f48c908 rename new features 2022-04-29 16:58:21 +02:00
Esben Sparre Andreasen
a1925b5bd6 add more features 2022-04-29 16:58:21 +02:00
Esben Sparre Andreasen
bf186dd441 improve feature documentation 2022-04-29 16:58:21 +02:00
Esben Sparre Andreasen
f9c7ea1c1d improve feature tests with more cases 2022-04-29 16:58:21 +02:00
Esben Sparre Andreasen
e524792a4d improve access path strings 2022-04-29 16:58:20 +02:00
Esben Sparre Andreasen
daa64dbaff support import in getSimpleAccessPath 2022-04-29 16:58:20 +02:00
Esben Sparre Andreasen
a46a802000 support await in getSimpleAccessPath 2022-04-29 16:58:20 +02:00
Esben Sparre Andreasen
df2ca897cb avoid using new feautes by default 2022-04-29 16:58:20 +02:00
Esben Sparre Andreasen
034218742e add CompareFeatures.ql 2022-04-29 16:58:20 +02:00
Esben Sparre Andreasen
9110fbb77e add generic tests for features 2022-04-29 16:58:19 +02:00
Esben Sparre Andreasen
6c8c2b2044 Document EndpointFeatures.qll 2022-04-29 16:58:19 +02:00
Esben Sparre Andreasen
dde084ca1a add ParameterAccessPathSimpleFromArgumentTraversal 2022-04-29 16:58:19 +02:00
Esben Sparre Andreasen
93551a3145 improve getSimpleAccessPath 2022-04-29 16:58:19 +02:00
Esben Sparre Andreasen
5800c9d83d refactor calleeAccessPath feature to class 2022-04-29 16:58:19 +02:00
Stephan Brandauer
4eb4929a5d refactor getACallBasedTokenFeature to class-use 2022-04-29 16:58:19 +02:00
Esben Sparre Andreasen
8fe5f54cd7 Add CalleeAccessPathSimpleFromArgumentTraversal 2022-04-29 16:58:18 +02:00
Esben Sparre Andreasen
66a5e57e59 refactor EndpointFeatures.ql to use classes 2022-04-29 16:58:18 +02:00
Henry Mercer
d3e92f72c4 JS: Nit: Fix typo in QLDoc 2022-04-29 10:54:07 +01:00
Erik Krogh Kristensen
080271f14f Merge pull request #8221 from erik-krogh/libProto 
JS: recognize more module exports from the factory pattern
 2022-04-29 11:23:53 +02:00
Stephan Brandauer
fa377ac763 Merge pull request #8946 from kaeluka/deepFillIn-FN 
JS: fix a FN for prototype polluting function query
 2022-04-29 10:14:41 +01:00
Erik Krogh Kristensen
b74d1fdb1a Merge pull request #8783 from erik-krogh/jsAbstractBi 
JS: don't initialize sanitizer-guards in the standard library
 2022-04-29 11:12:16 +02:00
Stephan Brandauer
3f13a5e082 fix a FN for prototype polluting function query 2022-04-28 22:00:09 +02:00
Stephan Brandauer
f4104e2b72 Merge pull request #8886 from kaeluka/add-rest-parameter-flowstep 
JS: Add flow step to `...rest` parameters
 2022-04-28 08:39:50 +01:00
Anna Railton
00b74d8b1c Merge pull request #8895 from github/annarailton-patch-1 
ATM: Update `TaintedPathInjection` -> `TaintedPath`
 2022-04-27 16:15:46 +01:00