hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 04:40:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,331 Commits 1,773 Branches 168 Tags
624f254417c63813c0637362cacacc26acc16864
Commit Graph

7328 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
624f254417 add more features 2022-06-30 08:32:45 +02:00
Esben Sparre Andreasen
dc9721db2d improve feature documentation 2022-06-30 08:32:45 +02:00
Esben Sparre Andreasen
6b33c940fe improve feature tests with more cases 2022-06-30 08:32:45 +02:00
Esben Sparre Andreasen
55697c5a3f improve access path strings 2022-06-30 08:32:44 +02:00
Esben Sparre Andreasen
294bcd1117 support import in getSimpleAccessPath 2022-06-30 08:32:44 +02:00
Esben Sparre Andreasen
6f8cafff42 support await in getSimpleAccessPath 2022-06-30 08:32:44 +02:00
Esben Sparre Andreasen
65475c9b2d avoid using new feautes by default 2022-06-30 08:32:43 +02:00
Esben Sparre Andreasen
b524cebdd2 add CompareFeatures.ql 2022-06-30 08:32:43 +02:00
Esben Sparre Andreasen
50cf5e23a8 add generic tests for features 2022-06-30 08:32:43 +02:00
Esben Sparre Andreasen
45a9bb8769 Document EndpointFeatures.qll 2022-06-30 08:32:43 +02:00
Esben Sparre Andreasen
a05c475cc0 add ParameterAccessPathSimpleFromArgumentTraversal 2022-06-30 08:32:42 +02:00
Esben Sparre Andreasen
e21b2f4dc1 improve getSimpleAccessPath 2022-06-30 08:32:42 +02:00
Esben Sparre Andreasen
a676cf62a6 refactor calleeAccessPath feature to class 2022-06-30 08:32:42 +02:00
Stephan Brandauer
e73b50a3f4 refactor getACallBasedTokenFeature to class-use 2022-06-30 08:32:41 +02:00
Esben Sparre Andreasen
e5e3bb4247 Add CalleeAccessPathSimpleFromArgumentTraversal 2022-06-30 08:32:41 +02:00
Esben Sparre Andreasen
592959048e refactor EndpointFeatures.ql to use classes 2022-06-30 08:32:41 +02:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization 
Incomplete url string sanitization
 2022-03-31 10:59:51 +02:00
Chuan-kai Lin
48015e5a2e Merge pull request #8597 from cklin/run-js-ml-tests 
JS: Fix expected test output for ATM queries
 2022-03-30 13:10:02 -07:00
Chuan-kai Lin
a8dabb238d JS: Fix expected test output for ATM queries 2022-03-30 11:35:17 -07:00
Arthur Baars
031d183bdf Merge pull request #8532 from aibaars/regex-refactor-2 
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
 2022-03-30 16:38:47 +02:00
Asger Feldthaus
e152416317 JS: write all CSV rows as literals 2022-03-28 15:30:18 +02:00
Asger F
e5f2b830f3 Merge pull request #8577 from asgerf/fix-mad-warning 
JS/Ruby: Fix regexp in MaD checking
 2022-03-28 15:29:16 +02:00
Asger F
f22df765ed Merge pull request #8533 from asgerf/mad-receiver-token 
JS/Ruby: Represent non-positional arguments with Argument/Parameter tokens
 2022-03-28 15:28:52 +02:00
Asger Feldthaus
7e6206ed36 JS: Fix the regexp for valid MaD token arguments 2022-03-28 12:43:43 +02:00
Arthur Baars
b103679d8a JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll 2022-03-28 12:17:26 +02:00
Erik Krogh Kristensen
cf94c93b1a Merge pull request #8481 from erik-krogh/schemeChain 
JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check
 2022-03-25 11:13:10 +01:00
Arthur Baars
65f8f56095 Merge branch 'main' into incomplete-url-string-sanitization 2022-03-24 11:27:30 +01:00
Asger Feldthaus
b0b795dbbb JS: Autoformat 2022-03-23 19:15:01 +01:00
Asger Feldthaus
95122b2b6c JS: Support Argument[this] token 2022-03-23 18:06:12 +01:00
Asger Feldthaus
d476f976fe JS: Support Parameter[this] token 2022-03-23 18:06:12 +01:00
CodeQL CI
ac29d5f51b Merge pull request #8523 from asgerf/js/api-graph-receiver-label 
Approved by erik-krogh
 2022-03-23 15:31:12 +00:00
github-actions[bot]
1e620c99c6 JS: Bump patch version of ML-powered library and query packs post-release 2022-03-23 11:53:34 +00:00
github-actions[bot]
dc0c8374d2 JS: Bump minor version of ML-powered library and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
2b42d84ccd JS: Bump patch version of ML-powered model pack post-release 2022-03-23 11:47:53 +00:00
github-actions[bot]
6fbc0e6e32 JS: Bump ML model pack dependency of ML-powered model building and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
8d13662315 JS: Bump minor version of ML-powered model pack 2022-03-23 11:47:08 +00:00
Asger Feldthaus
f2285709bd JS: Change note 2022-03-23 10:42:51 +01:00
Asger Feldthaus
59d5c54432 JS: Update test output from knex 2022-03-23 10:42:51 +01:00
Asger Feldthaus
73071bdc08 JS: Change getAParameter to not return the receiver 2022-03-23 10:42:51 +01:00
Asger Feldthaus
6bef5a70b3 JS: Add dedicated API graph label for receiver, instead of parameter -1 2022-03-23 10:42:51 +01:00
Rasmus Wriedt Larsen
bbf60b875e Merge pull request #8476 from RasmusWL/shared-concepts-scaffolding 
Python/JS/Ruby: Shared concepts scaffolding
 2022-03-23 10:22:42 +01:00
Erik Krogh Kristensen
8ae04e04d4 Merge pull request #8509 from erik-krogh/fpXss 
JS: filter away reads of .src that end in a URL sink for js/xss-through-dom
 2022-03-22 14:51:17 +01:00
Rasmus Wriedt Larsen
311cbb4e13 Merge branch 'main' into shared-concepts-scaffolding 2022-03-22 10:36:33 +01:00
Rasmus Wriedt Larsen
414764ccee Concepts: Minor rewrite in qldoc 
As suggested by @hmac
 2022-03-22 10:33:58 +01:00
Rasmus Wriedt Larsen
e50a9421a6 JS: Update dataflow import in ConceptsImports.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-03-22 10:32:20 +01:00
Erik Krogh Kristensen
099d91ba6f update qldoc 2022-03-22 10:27:21 +01:00
Harry Maclean
c2d4bc50c9 Add missing file doc comment 2022-03-22 11:10:09 +13:00
Harry Maclean
91a7e9405c Share HttpToFileAccessQuery between JS and Ruby 
There's so little in this query that it may not be worth sharing, but
it's an interesting exercise in figuring out how we do it nicely.
 2022-03-22 11:10:08 +13:00
Harry Maclean
6c18e1d7ac Merge pull request #8272 from hmac/hmac/tainted-format-string 2022-03-22 08:37:47 +13:00
Erik Krogh Kristensen
c8385a1e80 js/xss-through-dom: filter away reads of .src that end in a URL sink 2022-03-21 16:48:59 +01:00