hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-31 11:31:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
40,945 Commits 1,763 Branches 168 Tags
553014ac5171bc5487202435ddd612d1f685e648
Commit Graph

7701 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
553014ac51 support await in getSimpleAccessPath 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
ccdec2fb98 avoid using new feautes by default 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
53b33c0a32 add CompareFeatures.ql 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
9dc8774624 add generic tests for features 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
fdecb35c7c Document EndpointFeatures.qll 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
0ed5785a15 add ParameterAccessPathSimpleFromArgumentTraversal 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
2948f5bc47 improve getSimpleAccessPath 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
e0e6e0eb9e refactor calleeAccessPath feature to class 2022-06-29 15:15:37 +02:00
Stephan Brandauer
2581d183da refactor getACallBasedTokenFeature to class-use 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
2dfa68dd2a Add CalleeAccessPathSimpleFromArgumentTraversal 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
dadc99b641 refactor EndpointFeatures.ql to use classes 2022-06-29 15:15:37 +02:00
Erik Krogh Kristensen
b81251865f Merge pull request #9716 from erik-krogh/htmlTypeSan 
JS: sanitize non-strings from html-constructed-from-input
 2022-06-28 17:31:00 +02:00
Erik Krogh Kristensen
112caa3f5d rewrite qldoc based on review 2022-06-28 13:23:44 +02:00
Asger F
cc57cb8af5 Merge branch 'main' into post-release-prep/codeql-cli-2.10.0 2022-06-27 20:37:25 +02:00
Erik Krogh Kristensen
34e7589844 sanitize non-strings from unsafe-html-construction 2022-06-27 13:53:44 +02:00
Asger F
c8b2be616f JS: Bump extractor version string 2022-06-27 13:52:44 +02:00
Asger F
c082578688 JS: Always sniff file type of TypeScript files 2022-06-27 13:48:00 +02:00
github-actions[bot]
d506f448ef Post-release preparation for codeql-cli-2.10.0 2022-06-24 07:36:33 +00:00
Asger F
f5a19a1013 JS: Fix unused variable FP in template placeholders 2022-06-23 19:26:32 +02:00
github-actions[bot]
a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Rasmus Wriedt Larsen
3248f7b423 Merge pull request #9649 from RasmusWL/certificate-modeling 
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
 2022-06-23 12:04:58 +02:00
Asger F
90c2b6e47f JS: Downgrade ast_node_symbol relation 2022-06-23 10:17:28 +02:00
Erik Krogh Kristensen
08e4c8b195 Merge pull request #9634 from erik-krogh/jqueryParam 
JS: add all jquery plugin parameters as source to js/html-constructed-from-input
 2022-06-23 08:57:20 +02:00
Nick Rolfe
d91e8a6309 JS: create downgrades pack 2022-06-22 17:31:49 +01:00
Rasmus Wriedt Larsen
876ba71d9b Python/JS/Ruby: Add change-note 2022-06-22 11:14:05 +02:00
Rasmus Wriedt Larsen
2ce4b7b9fc SensitiveDataHeuristics: sync 2022-06-22 11:05:14 +02:00
Erik Krogh Kristensen
e1c34c11ed add all jquery plugin parameters as source to js/html-constructed-from-input 2022-06-21 13:22:56 +02:00
Erik Krogh Kristensen
dde7e9e2e8 add test for jquery plugin parameters in js/html-constructed-from-input 2022-06-21 13:21:57 +02:00
Edoardo Pirovano
70dbd92e25 Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano
ad02b85efa Merge branch main into rc/3.6 2022-06-21 11:15:25 +01:00
Asger F
b46ba896dd Merge pull request #9616 from asgerf/js/without-prop-step-await 
JS: Add withoutPropStep and model raw 'await' step with it
 2022-06-21 09:06:01 +02:00
Erik Krogh Kristensen
79696c6c5f Merge pull request #9572 from erik-krogh/heuristicSteps 
JS: add heuristic taint-step for potentially unmodelled libraries
 2022-06-21 09:00:58 +02:00
Asger F
835c9bb0b9 JS: Add test 2022-06-20 20:16:07 +02:00
Asger F
a0d3a6b5b1 JS: Add withoutPropStep and model 'await' steps with it 2022-06-20 20:16:07 +02:00
Asger F
15278fe94f JS: Remove debug println 2022-06-17 14:57:03 +02:00
Asger F
6a4b3a190d JS: Bump extractor version 2022-06-17 14:40:22 +02:00
Asger F
ed4c39bbb4 JS: Upgrade script 2022-06-17 14:40:22 +02:00
Asger F
5610f654e9 JS: Add PackageJson.getTypingsModule 2022-06-17 14:40:22 +02:00
Asger F
a3204f6d74 JS: Trim whitespace in dbscheme 2022-06-17 14:40:22 +02:00
Asger F
608de70568 JS: Associate symbols with external module decls 2022-06-17 14:40:22 +02:00
Asger F
5faff5609d JS: Map symbol base types to their actual type 2022-06-17 14:40:22 +02:00
Asger F
3b4b56be28 JS: Add meta query for measuring library inputs 2022-06-16 11:57:33 +02:00
Erik Krogh Kristensen
ce323e215b add heuristic taint-step for potentially unmodelled libraries, and meta query for counting potential unmodelled steps 2022-06-15 20:27:49 +02:00
github-actions[bot]
1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
github-actions[bot]
104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
Asger F
db0ac7b3b3 JS: Fix cartesian product in TypeConfusionThroughParameterTampering 2022-06-01 11:37:23 +02:00
Anders Schack-Mulligen
9abd2259d3 Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
Asger F
f70f769bb6 Merge pull request #9266 from asgerf/js/madman-prep 
JS: Some fixes to support proper analysis of d.ts files
 2022-05-31 15:43:40 +02:00