hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-30 19:11:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
41,841 Commits 1,763 Branches 168 Tags
6f0bc906d72e3b5aa9d7adca84047038dba9cb0d
Commit Graph

7128 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
6f0bc906d7 Remove additional Xss sinks 2022-08-12 14:48:13 +00:00
Esben Sparre Andreasen
bb4b65654f Remove additional SQL sinks 2022-08-12 14:48:13 +00:00
Esben Sparre Andreasen
7460719a60 Remove additional path-injection sinks 2022-08-12 14:48:12 +00:00
Esben Sparre Andreasen
8a374eba54 Remove pseudo-properties 2022-08-12 14:48:12 +00:00
Esben Sparre Andreasen
d6c06e3592 Remove 2020 sinks from SqlInjection.ql 2022-08-12 14:48:12 +00:00
Esben Sparre Andreasen
e9356d840d Remove 2020 sinks from Xss.ql 2022-08-12 14:48:12 +00:00
Esben Sparre Andreasen
54fc0e12ba Remove 2020 sinks from TaintedPath.ql 2022-08-12 14:48:12 +00:00
Stephan Brandauer
c60555d28a Review comments 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-08-12 16:36:49 +02:00
Stephan Brandauer
2c28d2402b fix now-broken tests 2022-08-11 11:48:27 +02:00
Stephan Brandauer
d6d6ee9f9e fix ql-for-ql warnings 2022-08-11 10:53:05 +02:00
Stephan Brandauer
beebbb2a36 remove obsolete features 2022-08-11 10:22:39 +02:00
Stephan Brandauer
96e3aa4188 add stringConcatenatedWith feature to help the model learn that string concatenation leaves are usually not sinks 2022-08-11 09:34:24 +02:00
Stephan Brandauer
4ce01be846 add assignedToPropName feature to let the model improve number of false positives for XSS query 2022-08-11 09:34:24 +02:00
Stephan Brandauer
37c7c430bd fix bug in InputArgumentIndex feature 2022-08-11 09:34:23 +02:00
Stephan Brandauer
3f17544235 performance fixes 2022-08-11 09:34:23 +02:00
Stephan Brandauer
4e1cb75610 use ? for unknown parameternames 2022-08-11 09:34:23 +02:00
Stephan Brandauer
f395cee944 add documentations and rename a feature 2022-08-11 09:34:23 +02:00
Stephan Brandauer
88799b2692 add functionInterfacesInFile and surroundingFunctionParameters features 2022-08-11 09:34:22 +02:00
Stephan Brandauer
f801a393f1 documentation for calleeImports ATM feature 2022-08-11 09:34:22 +02:00
Stephan Brandauer
508358c8ba documentation for new feature 2022-08-11 09:34:22 +02:00
Stephan Brandauer
5196c49ed4 ATM: new feature to list all imports in an endpoint's file 2022-08-11 09:34:22 +02:00
Esben Sparre Andreasen
83d5b52a3d use proper import instead of inlining 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
f6d3703561 remove Input_ArgumentIndexAndAccessPathFromCallee 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
d5dbdb122f add docstring examples 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
6048f8fbf1 address review comments 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
a511489e90 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
295a3f51e1 fix semantic merge conflict 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
769236fc7f rename new features 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
278fef93f2 add more features 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
d52082f41b improve feature documentation 2022-08-11 09:34:19 +02:00
Esben Sparre Andreasen
44340a8ce4 improve feature tests with more cases 2022-08-11 09:34:19 +02:00
Esben Sparre Andreasen
827c55c612 improve access path strings 2022-08-11 09:34:19 +02:00
Esben Sparre Andreasen
6f28d39213 support import in getSimpleAccessPath 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
4f420c72d9 support await in getSimpleAccessPath 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
3c01011b51 avoid using new feautes by default 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
1b32b53205 add CompareFeatures.ql 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
65eba5c01e add generic tests for features 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
5e6b17672d Document EndpointFeatures.qll 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
2e65873488 add ParameterAccessPathSimpleFromArgumentTraversal 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
51ac3c270a improve getSimpleAccessPath 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
88172e1347 refactor calleeAccessPath feature to class 2022-08-11 09:34:16 +02:00
Stephan Brandauer
826267ca9b refactor getACallBasedTokenFeature to class-use 2022-08-11 09:34:16 +02:00
Esben Sparre Andreasen
a6f5487298 Add CalleeAccessPathSimpleFromArgumentTraversal 2022-08-11 09:34:16 +02:00
Esben Sparre Andreasen
386672d4e0 refactor EndpointFeatures.ql to use classes 2022-08-11 09:34:15 +02:00
Esben Sparre Andreasen
0c6f28014c Merge pull request #9821 from erik-krogh/jsQlFix 
JS: fix some QL-for-QL warnings in JS
 2022-08-09 22:06:29 +02:00
Erik Krogh Kristensen
add9e9dac4 Merge pull request #9548 from erik-krogh/exports 
JS: support the "exports" property in a package.json
 2022-08-09 12:16:12 +02:00
Asger F
fdcb1fa115 Merge pull request #9928 from asgerf/js/source-node-type 
JS: Simplify type hierarchy for SourceNode
 2022-08-08 16:53:20 +02:00
Esben Sparre Andreasen
da44340334 formatting 2022-08-08 12:22:41 +02:00
Esben Sparre Andreasen
a3cf81d419 js: add filter taint test (post rebase conflicts) 2022-08-08 11:00:11 +02:00
Evgenii Protsenko
50264547bf make array taint-step better 2022-08-08 11:00:11 +02:00