hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 12:50:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,517 Commits 1,773 Branches 168 Tags
598d7f8be1feac2273ee120d06f0f600a09e2248
Commit Graph

6706 Commits

Author SHA1 Message Date
Henry Mercer
598d7f8be1 Remove NoSQL sinks since September 2018 2022-04-10 08:33:33 +00:00
Esben Sparre Andreasen
61d467ca0b Remove additional Xss sinks 2022-04-10 08:33:33 +00:00
Esben Sparre Andreasen
210cb98f1c Remove additional SQL sinks 2022-04-10 08:33:33 +00:00
Esben Sparre Andreasen
dff54e4563 Remove additional path-injection sinks 2022-04-10 08:33:32 +00:00
Esben Sparre Andreasen
b63d0455bd Remove pseudo-properties 2022-04-10 08:33:32 +00:00
Esben Sparre Andreasen
a24bd4f999 Remove 2020 sinks from SqlInjection.ql 2022-04-10 08:33:32 +00:00
Esben Sparre Andreasen
c3a0587e86 Remove 2020 sinks from Xss.ql 2022-04-10 08:33:32 +00:00
Esben Sparre Andreasen
d5f9cae577 Remove 2020 sinks from TaintedPath.ql 2022-04-10 08:33:32 +00:00
Esben Sparre Andreasen
ea13a999cc address review comments 2022-04-07 15:01:45 +02:00
Esben Sparre Andreasen
ea88253501 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-04-07 15:01:45 +02:00
Esben Sparre Andreasen
e2ad791983 fix semantic merge conflict 2022-04-07 15:01:45 +02:00
Esben Sparre Andreasen
a4a95f0cda rename new features 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
e6e06b9530 add more features 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
5ca8509759 improve feature documentation 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
a201b77b11 improve feature tests with more cases 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
afd10e3949 improve access path strings 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
510a394307 support import in getSimpleAccessPath 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
e0ea4c4ccb support await in getSimpleAccessPath 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
d4f3f6516c avoid using new feautes by default 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
b84e5af050 add CompareFeatures.ql 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
57812c6934 add generic tests for features 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
22bbe9cc5d Document EndpointFeatures.qll 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
62667f431c add ParameterAccessPathSimpleFromArgumentTraversal 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
8de583b51b improve getSimpleAccessPath 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
a1a93ec9ae refactor calleeAccessPath feature to class 2022-04-07 15:01:44 +02:00
Stephan Brandauer
ccf76c9567 refactor getACallBasedTokenFeature to class-use 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
31c5c97b7d Add CalleeAccessPathSimpleFromArgumentTraversal 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
c6fb05636e refactor EndpointFeatures.ql to use classes 2022-04-07 15:01:44 +02:00
Erik Krogh Kristensen
943af17d10 Merge pull request #8619 from erik-krogh/atmSteps 
JS-ML: fix isKnownStepSrc such that it recognizes taint-steps
 2022-04-06 12:56:53 +02:00
Asger F
de169277cb Merge pull request #8576 from asgerf/js/decorated-method-or-class 
JS: Add decorator edges in API graphs and corresponding MaD tokens
 2022-04-04 12:49:28 +02:00
Tom Hvitved
46d69cf544 Regex: Further tweaks to concretise computations 2022-03-31 12:52:43 +02:00
Tom Hvitved
5181544790 Sync shared files 2022-03-31 12:52:42 +02:00
Tom Hvitved
0fb28f4bc9 Sync shared files 2022-03-31 12:52:42 +02:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization 
Incomplete url string sanitization
 2022-03-31 10:59:51 +02:00
Erik Krogh Kristensen
67e1ffdd3e fix isKnownStepSrc such that it actually includes taint/dataflow-steps 2022-03-31 09:46:01 +02:00
Erik Krogh Kristensen
e038baed36 add .gitignore ignoring test dbs 2022-03-31 09:45:28 +02:00
Chuan-kai Lin
48015e5a2e Merge pull request #8597 from cklin/run-js-ml-tests 
JS: Fix expected test output for ATM queries
 2022-03-30 13:10:02 -07:00
Chuan-kai Lin
a8dabb238d JS: Fix expected test output for ATM queries 2022-03-30 11:35:17 -07:00
Arthur Baars
031d183bdf Merge pull request #8532 from aibaars/regex-refactor-2 
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
 2022-03-30 16:38:47 +02:00
Erik Krogh Kristensen
979fa2386a autoformat 2022-03-29 22:38:23 +02:00
Asger Feldthaus
8bb58a3222 Merge branch 'js/decorated-method-or-class' of github.com:asgerf/codeql into js/decorated-method-or-class 2022-03-29 16:13:54 +02:00
Asger Feldthaus
75a84378ac JS: Do not generate def-nodes for decorated parameters 2022-03-29 16:13:45 +02:00
Asger Feldthaus
ca145f21b0 JS: Add test showing why parameter-sinks wont actually work well in JS 2022-03-29 16:06:53 +02:00
Asger Feldthaus
3bcfca421f JS: Add test case for decorated parameter sinks 2022-03-29 15:55:43 +02:00
Asger F
6e630cccc2 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-03-29 15:41:20 +02:00
Asger Feldthaus
cf596a1856 JS: Add decorator edges in API graphs and corresponding MaD tokens 2022-03-28 15:34:40 +02:00
Asger Feldthaus
e152416317 JS: write all CSV rows as literals 2022-03-28 15:30:18 +02:00
Asger F
e5f2b830f3 Merge pull request #8577 from asgerf/fix-mad-warning 
JS/Ruby: Fix regexp in MaD checking
 2022-03-28 15:29:16 +02:00
Asger F
f22df765ed Merge pull request #8533 from asgerf/mad-receiver-token 
JS/Ruby: Represent non-positional arguments with Argument/Parameter tokens
 2022-03-28 15:28:52 +02:00
Asger Feldthaus
7e6206ed36 JS: Fix the regexp for valid MaD token arguments 2022-03-28 12:43:43 +02:00