hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,584 Commits 1,672 Branches 157 Tags
530b29ccdfb42bcb8173f270e2f89d76bc20c2bc
Commit Graph

8165 Commits

Author SHA1 Message Date
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Alvaro Muñoz
245be44eac Merge branch 'main' into javascript_xss_improvements 2022-10-19 18:18:19 +02:00
Henry Mercer
6a12d676b8 Merge pull request #10878 from jsoref/spelling-ml 
Spelling ml
 2022-10-19 16:28:06 +01:00
Henry Mercer
3afb9c1b3b Merge pull request #10845 from github/henrymercer/remove-worsening-queries 
ATM: Remove worsening-based queries
 2022-10-19 10:05:53 +01:00
Josh Soref
d722448796 spelling: injection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:27:37 -04:00
Josh Soref
a4beafbe44 spelling: classifier 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:27:37 -04:00
github-actions[bot]
fa274e4375 ATM: Update ML model to 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d 2022-10-18 11:53:42 +00:00
Erik Krogh Kristensen
71135da7ff Merge pull request #10768 from erik-krogh/fixFileLoops 
JS: fix that js/file-system-race could have FPs related to loops
 2022-10-17 12:01:55 +02:00
Henry Mercer
c0ac7ad7db Remove query for worsening-based classifier evaluation 2022-10-14 15:35:43 +01:00
Henry Mercer
63ab295a46 Remove queries for worsening-based evaluation 2022-10-14 15:18:19 +01:00
erik-krogh
a6c83a7b14 add change-note 2022-10-14 09:20:33 +02:00
Alvaro Muñoz
41fea776e8 Do not discard XSS sinks when non-content-type headers are local to the sendArgument expression 2022-10-13 17:50:43 +02:00
Josh Soref
45d1e3f9b2 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
124c5544cf spelling: predicates 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
52a3e3c2fd spelling: heuristic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
5d94733078 spelling: ambiguously 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:51:25 -04:00
Alvaro Muñoz
744cea9baa add tests 2022-10-13 15:19:29 +02:00
Alvaro Muñoz
468628525e Change to camelcase 2022-10-13 12:18:07 +02:00
Alvaro Muñoz
ea8edb8408 initial tests 2022-10-13 11:32:21 +02:00
Erik Krogh Kristensen
10aab81f42 Merge pull request #10799 from jsoref/spelling-nfautils 
ReDoS: Spelling nfautils
 2022-10-12 23:09:06 +02:00
Henry Mercer
c3af41b907 Merge pull request #10781 from github/codeql-ci/js/ml-powered-pack-release-0.3.5 
JS: Bump version numbers of ML-powered packs after 0.3.5 release
 2022-10-12 20:20:31 +01:00
Josh Soref
09c8a98761 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:26 -04:00
Josh Soref
bb1ce8973a spelling: repeatable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
adb8860b9b spelling: pattern 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
c7ae0728f3 spelling: javascript 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
98b317d1a5 spelling: escape 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
370da943dc spelling: abcdefghijklmnopqrstuvwxyz 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
9d6ea28448 spelling: the 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
08a79531cf spelling: response 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Henry Mercer
bfa9765a6d Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.5 2022-10-11 19:06:01 +01:00
github-actions[bot]
06bbede92b JS: Bump version of ML-powered library and query packs to 0.3.6 2022-10-11 17:58:33 +00:00
github-actions[bot]
4e3a6e60b2 JS: Bump patch version of ML-powered library and query packs 2022-10-11 17:48:46 +00:00
erik-krogh
7500a31814 fix that js/file-system-race could have FPs related to loops 2022-10-11 13:41:51 +02:00
Alvaro Muñoz
2ab34c85b2 Deprecate previous version 2022-10-11 12:46:01 +02:00
Alvaro Muñoz
15f641893e Deprecate previous version 2022-10-11 12:44:46 +02:00
Alvaro Muñoz
d5520d93c8 Deprecate previous version 2022-10-11 12:43:20 +02:00
Alvaro Muñoz
30958f7cde Deprecate previous version 2022-10-11 12:42:40 +02:00
Alvaro Muñoz
2a1b2db4c3 Deprecate previous version 2022-10-11 12:40:32 +02:00
Alvaro Muñoz
5c412b9363 Use Pascal convention 2022-10-11 11:24:07 +02:00
Alvaro Muñoz
ad80642b18 Consider other XSS unsafe content-types when reasoning about XSS vulnerabilities 2022-10-11 11:13:17 +02:00
Josh Soref
0a4c724b69 spelling: implementation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
e8754967ea spelling: explaining 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
cbea5ec40c spelling: executables 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
6db36616cd spelling: arbitrary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Josh Soref
3358c5f664 spelling: apparent 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Asger F
9bbbece8a7 Merge pull request #10670 from tyage/property-stringify 
JS: Improve detection of XSS when JSON.stringify()
 2022-10-10 18:16:09 +02:00
Asger F
b1a165ee98 JS: Edit change note 2022-10-10 16:08:21 +02:00
Asger F
ecf7ed38e0 JS: Performance tweak 2022-10-10 16:08:21 +02:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
github-actions[bot]
b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00