hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-23 23:57:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
40,156 Commits 1,758 Branches 168 Tags
65aa1e6f6b32b3a8bf6eb8c82471252276fbe3d3
Commit Graph

7684 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
65aa1e6f6b Remove 2020 sinks from Xss.ql 2022-06-13 12:38:47 +00:00
Esben Sparre Andreasen
d7d4f88e7b Remove 2020 sinks from TaintedPath.ql 2022-06-13 12:38:46 +00:00
Stephan Brandauer
9613f73116 enable new features for experimentation 2022-06-13 14:04:47 +02:00
Stephan Brandauer
fd4f509615 add stringConcatenatedWith feature to help the model learn that string concatenation leaves are usually not sinks 2022-06-13 14:04:47 +02:00
Stephan Brandauer
4ba7243b1f add assignedToPropName feature to let the model improve number of false positives for XSS query 2022-06-13 14:04:46 +02:00
Stephan Brandauer
5346ade995 fix bug in InputArgumentIndex feature 2022-06-13 14:04:46 +02:00
Stephan Brandauer
ebedeaf543 performance fixes 2022-06-13 14:04:45 +02:00
Stephan Brandauer
ea1e44b035 use ? for unknown parameternames 2022-06-13 14:04:45 +02:00
Stephan Brandauer
250ed0831c add documentations and rename a feature 2022-06-13 14:04:44 +02:00
Stephan Brandauer
314333f7ed add functionInterfacesInFile and surroundingFunctionParameters features 2022-06-13 14:04:44 +02:00
Stephan Brandauer
3f6d663105 documentation for calleeImports ATM feature 2022-06-13 14:04:43 +02:00
Stephan Brandauer
962ed4a51b documentation for new feature 2022-06-13 14:04:43 +02:00
Stephan Brandauer
2f1882bd3a ATM: new feature to list all imports in an endpoint's file 2022-06-13 14:04:42 +02:00
Esben Sparre Andreasen
6505ad1724 use proper import instead of inlining 2022-06-13 14:00:37 +02:00
Esben Sparre Andreasen
e53ba21387 remove Input_ArgumentIndexAndAccessPathFromCallee 2022-06-13 14:00:36 +02:00
Esben Sparre Andreasen
ec1dc985ef add docstring examples 2022-06-13 14:00:36 +02:00
Esben Sparre Andreasen
008024b3bb address review comments 2022-06-13 14:00:35 +02:00
Esben Sparre Andreasen
5c4043dacb Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-06-13 14:00:35 +02:00
Esben Sparre Andreasen
874da9d81c fix semantic merge conflict 2022-06-13 14:00:34 +02:00
Esben Sparre Andreasen
8e0781d78a rename new features 2022-06-13 14:00:34 +02:00
Esben Sparre Andreasen
937d6b1f3e add more features 2022-06-13 14:00:33 +02:00
Esben Sparre Andreasen
7d4125010c improve feature documentation 2022-06-13 14:00:33 +02:00
Esben Sparre Andreasen
a8dd55fe0f improve feature tests with more cases 2022-06-13 14:00:32 +02:00
Esben Sparre Andreasen
57c88d5fd6 improve access path strings 2022-06-13 14:00:32 +02:00
Esben Sparre Andreasen
026dfaec97 support import in getSimpleAccessPath 2022-06-13 14:00:31 +02:00
Esben Sparre Andreasen
c523c4f96e support await in getSimpleAccessPath 2022-06-13 14:00:31 +02:00
Esben Sparre Andreasen
ef5148bb80 avoid using new feautes by default 2022-06-13 14:00:30 +02:00
Esben Sparre Andreasen
13264e1119 add CompareFeatures.ql 2022-06-13 14:00:30 +02:00
Esben Sparre Andreasen
1e299e9bb8 add generic tests for features 2022-06-13 14:00:29 +02:00
Esben Sparre Andreasen
f322aaf344 Document EndpointFeatures.qll 2022-06-13 14:00:29 +02:00
Esben Sparre Andreasen
3c9e70341b add ParameterAccessPathSimpleFromArgumentTraversal 2022-06-13 14:00:28 +02:00
Esben Sparre Andreasen
cfe20810bf improve getSimpleAccessPath 2022-06-13 14:00:28 +02:00
Esben Sparre Andreasen
065002ad18 refactor calleeAccessPath feature to class 2022-06-13 14:00:27 +02:00
Stephan Brandauer
7778aa59ea refactor getACallBasedTokenFeature to class-use 2022-06-13 14:00:27 +02:00
Esben Sparre Andreasen
8ef6f59737 Add CalleeAccessPathSimpleFromArgumentTraversal 2022-06-13 14:00:26 +02:00
Esben Sparre Andreasen
b4339e8ac5 refactor EndpointFeatures.ql to use classes 2022-06-13 14:00:26 +02:00
Asger F
db0ac7b3b3 JS: Fix cartesian product in TypeConfusionThroughParameterTampering 2022-06-01 11:37:23 +02:00
Anders Schack-Mulligen
9abd2259d3 Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
Asger F
f70f769bb6 Merge pull request #9266 from asgerf/js/madman-prep 
JS: Some fixes to support proper analysis of d.ts files
 2022-05-31 15:43:40 +02:00
CodeQL CI
9dd20f113d Merge pull request #8603 from github/max-schaefer/better-amd-modelling 
Approved by asgerf, erik-krogh
 2022-05-31 03:10:32 -07:00
github-actions[bot]
ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
Erik Krogh Kristensen
6cfd790cda Merge pull request #9356 from erik-krogh/getRouting 
JS: rewrite js/sensitive-get-query to use routing trees
 2022-05-31 11:08:54 +02:00
Anders Schack-Mulligen
e36c59b285 ReDoS: Sync. 2022-05-31 11:04:42 +02:00
Erik Krogh Kristensen
95fae8155e fix wrong comment 
Co-authored-by: Asger F <asgerf@github.com>
 2022-05-31 08:38:03 +02:00
Erik Krogh Kristensen
6a6a63e1aa Merge pull request #9354 from erik-krogh/jsStages 
JS: collapse a few small stages
 2022-05-30 20:31:54 +02:00
Asger F
c188aa87c7 Merge branch 'main' into js/madman-prep 2022-05-30 15:03:14 +02:00
Rasmus Wriedt Larsen
7a6646dcaf Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00
Asger F
5f42866de3 Merge pull request #9318 from asgerf/js/type-confusion-parmaeter-tampering-barrier 
JS: Fix FP in js/type-confusion-through-parameter-tampering
 2022-05-30 12:52:37 +02:00
Erik Krogh Kristensen
b700972e6f fix bad join in XmlParers::getAResult 2022-05-30 12:37:51 +02:00