hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,016 Commits 1,671 Branches 157 Tags
50f546043a9ecea98b2bf34e7376ee9ef30a8779
Commit Graph

6972 Commits

Author SHA1 Message Date
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00
Stephan Brandauer
b7690e5e6b Merge pull request #7734 from kaeluka/js-add-node-prefix-to-module-import 
js: add support for the 'node:' prefix for importing internal modules
 2022-01-26 10:15:08 +01:00
Henry Mercer
15aa09fb7a Merge pull request #7744 from github/henrymercer/js-atm-tweak-query-help 
JS: Move experimental notice to the bottom of the ML-powered query help
 2022-01-25 17:44:27 +00:00
Edoardo Pirovano
662675ebf0 Merge pull request #7739 from github/edoardo/3.4-mergeback 
Merge `rc/3.4` into `main`
 2022-01-25 17:44:13 +00:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Henry Mercer
70f7535988 JS: Move experimental notice to the bottom of the ML-powered query help 
The Code Scanning UI shows just the first paragraph of the query help
as a summary, until a user chooses to expand the help.
We decided it was more useful to display the standard query help in this
summary compared to the experimental query notice, since there is
already a notice about experimental queries on the alert show page.
 2022-01-25 15:52:09 +00:00
Stephan Brandauer
4ee290acd3 update test for 'node:' prefix 2022-01-25 14:25:44 +01:00
Stephan Brandauer
20ea825e4a test for 'node:' prefix for importing node modules 2022-01-25 13:43:16 +01:00
Erik Krogh Kristensen
cc527bdecd Merge pull request #7721 from erik-krogh/CWE-1275 
JS: add a js/samesite-none-cookie cookie
 2022-01-25 13:28:08 +01:00
Erik Krogh Kristensen
caaee5e4e5 make a utility predicate for extracting sameSite values 2022-01-25 12:32:04 +01:00
Erik Krogh Kristensen
9f9dee5d18 apply documentation suggestions 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-25 12:14:16 +01:00
Stephan Brandauer
9825136e58 add support for the 'node:' prefix for importing internal modules 2022-01-25 10:55:34 +01:00
Stephan Brandauer
35cc5ff0e2 Merge pull request #7715 from kaeluka/recognize-fs-extra-path-args 
JS: add a predicate to recognize path arguments in calls to the fs-extra lib
 2022-01-25 09:36:59 +01:00
CodeQL CI
8d1e22bc38 Merge pull request #7632 from erik-krogh/CWE-862 
Approved by esbena, felicitymay
 2022-01-24 12:47:16 -08:00
Erik Krogh Kristensen
d4bac887cf add a js/samesite-none-cookie cookie 2022-01-24 21:39:41 +01:00
Erik Krogh Kristensen
75f389749a Merge pull request #7719 from erik-krogh/cwe-219 
JS: add CWE-219 to js/exposure-of-private-files
 2022-01-24 17:06:09 +01:00
Erik Krogh Kristensen
bb786bc557 fix good/bad mixup in ClientExposedCookie qhelp 2022-01-24 15:34:30 +01:00
Erik Krogh Kristensen
148b0c33a9 update the empty-password-in-config-file qhelp 2022-01-24 13:39:54 +01:00
Erik Krogh Kristensen
ab0d67a573 update query name and description 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-24 13:37:25 +01:00
Erik Krogh Kristensen
823cadecd5 add CWE-219 to js/exposure-of-private-files 2022-01-24 13:22:06 +01:00
Erik Krogh Kristensen
ab1bc685bb add CWE-80 to queries that detect bad HTML sanitizers 2022-01-24 11:01:17 +01:00
Stephan Brandauer
02db472209 consistent notation 2022-01-24 10:58:06 +01:00
Stephan Brandauer
8be58fe01e Fix comment to avoid summarizing implementation 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2022-01-24 10:47:28 +01:00
Stephan Brandauer
b277731312 add a predicate to recognize path arguments in calls to the fs-extra lib 2022-01-24 09:40:22 +01:00
Henry Mercer
84907f91f1 JS: Fix copy/paste error in XSS ML-powered queries results patterns 
We didn’t catch this because our unit tests test only library code due
to the previous difficulty of running queries with an ML model (the ML
models in packs work should fix that), and because the end-to-end
evaluation runs separate queries that have different result patterns.

Going forward we should create unit tests for the queries themselves,
which will require using the ML model in tests. We should also be able
to catch this type of error using DCA.
 2022-01-21 15:17:52 +00:00
Erik Krogh Kristensen
a235f8f023 remove redundant inline type casts 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
f500bccbe4 add explicit this to member call 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
f9d5cbf017 update qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2022-01-21 11:26:58 +01:00
CodeQL CI
b02f1c87a1 Merge pull request #7679 from erik-krogh/ql-doc-style 
Approved by esbena
 2022-01-20 23:43:44 -08:00
CodeQL CI
2287b6e549 Merge pull request #7675 from erik-krogh/move-url-sink-to-customizations 
Approved by esbena
 2022-01-20 23:43:15 -08:00
Erik Krogh Kristensen
15c1ce722a Merge pull request #7678 from erik-krogh/use-set 
JS: use more set literals
 2022-01-20 21:03:48 +01:00
Erik Krogh Kristensen
2bffe56580 update expected output 2022-01-20 16:06:57 +01:00
Erik Krogh Kristensen
3155114e36 use more set literals 2022-01-20 16:06:34 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Erik Krogh Kristensen
5780161b2c fix most issues found by ql/class-doc-style in JS 2022-01-20 15:10:16 +01:00
Erik Krogh Kristensen
7167e856fe move electron sink to the customizations file 2022-01-20 14:07:23 +01:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00
CodeQL CI
cfa670c123 Merge pull request #7651 from erik-krogh/CWE-471 
Approved by asgerf, esbena
 2022-01-20 01:47:39 -08:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
github-actions[bot]
4ce8ccc52b Release preparation for version 2.7.6 2022-01-20 08:21:18 +00:00
Henry Mercer
c134e6c9ef JS: Bump ML-powered query packs to v0.0.6 2022-01-19 14:40:42 +00:00
Erik Krogh Kristensen
cb9e14f544 add cwe-471 to js/prototype-pollution 2022-01-19 14:54:57 +01:00
Erik Krogh Kristensen
e4203a4109 add CWE-471 to the prototype-pollution queries 2022-01-19 14:26:34 +01:00
Henry Mercer
d467725ccd JS: Bump ML-powered query packs to v0.0.5 2022-01-19 12:08:33 +00:00
Erik Krogh Kristensen
ef2eacebce add a js/empty-password-in-configuration-file query 2022-01-19 10:48:45 +01:00
Henry Mercer
63672ca394 Merge pull request #7616 from github/henrymercer/js-atm-add-query-help 
JS: Add query help for ML-powered queries
 2022-01-18 18:11:53 +00:00
Henry Mercer
be0c26f83d Merge pull request #7617 from github/henrymercer/js-atm-update-alert-messages 
JS: Update alert messages for ML-powered queries
 2022-01-18 11:37:02 +00:00
Henry Mercer
1893b9f7a9 Merge pull request #7376 from github/henrymercer/js-atm-absent-features-optimization 
JS: Update featurization for absent features optimization
 2022-01-18 10:15:53 +00:00
Henry Mercer
ffa4135cbe JS: Update alert messages for ML-powered queries 2022-01-17 17:19:49 +00:00
Henry Mercer
e9128466d4 JS: Add query help for ML-powered queries 
Query help is identical to the original query, except for a new
paragraph prepended to the overview explaining that the queries are
experimental.

We add Markdown query help since only Markdown query help is embedded in
SARIF via `--sarif-add-query-help`.
 2022-01-17 16:34:50 +00:00