hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-02 20:30:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,817 Commits 1,773 Branches 168 Tags
8adbdf542e2e5714ff224aefd536fa25b6353b81
Commit Graph

32817 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
8adbdf542e Revert "JS: Recognize DomSanitizer from @angular/core" 
This reverts commit ff1d0cc4c7.
 2022-02-28 15:47:51 +00:00
Henry Mercer
d477160bae Remove NoSQL sinks since September 2018 2022-02-28 15:47:51 +00:00
Esben Sparre Andreasen
d3a048ac94 Remove additional Xss sinks 2022-02-28 15:47:51 +00:00
Esben Sparre Andreasen
561f86707f Remove additional SQL sinks 2022-02-28 15:47:51 +00:00
Esben Sparre Andreasen
45869fec68 Remove additional path-injection sinks 2022-02-28 15:47:51 +00:00
Esben Sparre Andreasen
7225494c7f Add benjamin-button.md 2022-02-28 15:47:51 +00:00
Esben Sparre Andreasen
ee2e1284b6 Remove pseudo-properties 2022-02-28 15:47:51 +00:00
Esben Sparre Andreasen
ebc8c14154 Remove 2020 sinks from SqlInjection.ql 2022-02-28 15:47:51 +00:00
Esben Sparre Andreasen
6b5b5ea038 Remove 2020 sinks from Xss.ql 2022-02-28 15:47:51 +00:00
Esben Sparre Andreasen
74f2ca0c12 Remove 2020 sinks from TaintedPath.ql 2022-02-28 15:47:51 +00:00
annarailton
f423d312b5 Add boosted and unboosted evaluation versions of StoredXss and XssThroughDom 2022-02-28 15:45:31 +00:00
annarailton
da3826f85a Add ATMLite versions of StoredXss and XssThroughDom 2022-02-28 15:34:48 +00:00
Esben Sparre Andreasen
66ea3a1548 Boost StoredXss and XssThroughDomATM 
Produced with:
```
javascript/ql$tb boost src/Security/CWE-079/StoredXss.ql XssSink
javascript/ql$ tb boost src/Security/CWE-079/XssThroughDom.ql XssSink
```
 2022-02-28 15:34:10 +00:00
Erik Krogh Kristensen
b6b93065ff Merge pull request #8157 from erik-krogh/lodash-clone 
JS: add lodash.{clone, cloneDeep} as a clone step
 2022-02-22 18:12:10 +01:00
Erik Krogh Kristensen
c487bb73a7 Merge pull request #8143 from erik-krogh/pred-ql-style 
QL: add ql-for-ql query for detecting bad predicate qldoc
 2022-02-22 17:49:12 +01:00
Jeroen Ketema
aecc17c49b Merge pull request #7928 from jketema/structured-bindings-db-scheme 
C++: Add table that identifies C++ structured bindings
 2022-02-22 17:34:26 +01:00
Geoffrey White
31d214d5ee Merge pull request #8170 from geoffw0/typos 
C++: Fix Spelling Typos.
 2022-02-22 15:09:50 +00:00
Mathias Vorreiter Pedersen
894992d403 Merge pull request #8169 from MathiasVP/fix-spelling-in-post-dominance-frontier 
C++/C#: Fix spelling of 'postDominanceFrontier'
 2022-02-22 14:54:39 +00:00
Geoffrey White
4908eaf5ec C++: Typos. 2022-02-22 14:33:11 +00:00
Mathias Vorreiter Pedersen
b6740ed4a1 C++/C#: Fix spelling of 'postDominanceFrontier'. 2022-02-22 13:48:13 +00:00
Pierre
5ee96121fc Merge pull request #8162 from github/turbo-no-glibc-no 
Docs: Add note about muslc incompatibility
 2022-02-22 13:06:28 +01:00
Henry Mercer
4f7604f0dd Merge pull request #8151 from github/henrymercer/separate-atm-model-pack 2022-02-22 11:47:35 +00:00
Pierre
1d81f90260 Update docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-02-22 12:47:31 +01:00
Erik Krogh Kristensen
08c703f605 exclude private predicates 2022-02-22 12:34:16 +01:00
Erik Krogh Kristensen
8ff2992b56 have each case on a separate line 2022-02-22 11:40:26 +01:00
Erik Krogh Kristensen
addb27c80e deduplicate "%" 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-02-22 11:34:59 +01:00
Pierre
8b7f899883 Update getting-started-with-the-codeql-cli.rst 2022-02-22 11:34:49 +01:00
Pierre
6f936942fa Add note about non-glibc systems 2022-02-22 11:29:51 +01:00
Erik Krogh Kristensen
e8df6a14ca add lodash.{clone, cloneDeep} as a clone step 2022-02-21 22:27:29 +01:00
Henry Mercer
e42f759f6b Merge pull request #8153 from github/henrymercer/atm-add-cwe-tags 
JS: Add CWE tags for ML-powered queries
 2022-02-21 17:24:02 +00:00
Henry Mercer
5a3daa9e3f JS: Add CWE tags for ML-powered queries 
- Cross-site scripting: CWE-79
- Path injection: CWE-22, CWE-23, CWE-36, CWE-73, CWE-99
- NoSQL injection: CWE-943
- SQL injection: CWE-89
 2022-02-21 16:18:33 +00:00
Henry Mercer
02cce623a6 JS: Install pack dependencies in ML CI jobs 2022-02-21 16:10:15 +00:00
Henry Mercer
a89882c14e JS: Update lockfiles for ML-powered queries packs 2022-02-21 16:03:05 +00:00
Henry Mercer
25f6ac3ec4 JS: Remove ML model pack from default workspace 
We only want to put the checked out version of the model pack to test a
custom model.
Given that the repo doesn't contain any models by default, most users
won't want the local checkout of the model pack to override the one
downloaded from the package registry.
 2022-02-21 15:06:30 +00:00
Henry Mercer
6fb9895367 JS: Separate the ML-powered queries model into its own pack 
This allows users to more easily get started with development. Running
`codeql pack install` from the `-queries` pack will now install the ML
model.
 2022-02-21 15:05:57 +00:00
Tom Bolton
0108642464 Merge pull request #8148 from github/tombolton/modify-counting-query 
Update counting query to match end-to-end results
 2022-02-21 15:02:43 +00:00
tombolton
e02319be9f add end to end predicate to result counting query 2022-02-21 14:35:58 +00:00
Erik Krogh Kristensen
1407b49a8f fix some instances of ql/pred-doc-style for JS 2022-02-21 15:02:21 +01:00
Erik Krogh Kristensen
11bbd872f3 add ql-for-ql query for detecting bad predicate qldoc 2022-02-21 15:02:15 +01:00
Asger F
02c4966109 Merge pull request #7878 from asgerf/dot-separated-access-paths 
Shared: Switch to dot-separated access paths in summary specs
 2022-02-21 13:29:09 +01:00
Alex Ford
9196b64d6e Merge pull request #8138 from github/ruby/file-write 
Ruby: Implement `FileSystemWriteAccess` concept
 2022-02-21 10:13:27 +00:00
Alex Ford
746290d903 Merge pull request #7713 from github/ruby/clear-text-logging 
Ruby: Add `rb/clear-text-logging-sensitive-data` query
 2022-02-21 10:12:33 +00:00
Jeroen Ketema
fc91c82777 Add change note 2022-02-21 10:48:46 +01:00
Jeroen Ketema
e05af1e1d1 Use underlyingElement in isStructuredBinding 
Accodring to the documentation in `Element.qll`, `underlyingElement` is
supposed to be used here and not `unresolveElement`.
 2022-02-21 10:46:29 +01:00
Esben Sparre Andreasen
1d437dd722 Merge pull request #8043 from github/esbena/sharpen-hardcoded-credentials 
JS: Sharpen hardcoded credentials
 2022-02-21 10:02:58 +01:00
Erik Krogh Kristensen
5f9bd7a4a1 Merge pull request #7984 from erik-krogh/fix-ql-for-ql-js 
JS: fix most ql-for-ql warnings
 2022-02-21 09:15:06 +01:00
Asger Feldthaus
7848fcec80 Shared: sync AccessPathSyntax.qll 2022-02-21 08:21:53 +01:00
Asger Feldthaus
d7f07167ac Shared: Remove getLastToken again 2022-02-21 08:21:53 +01:00
Asger Feldthaus
2c2a82a070 Shared: allow spaces between arguments in a token 2022-02-21 08:21:53 +01:00
Asger Feldthaus
55ac5cb012 Shared: auto format 2022-02-21 08:21:53 +01:00