hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,700 Commits 1,672 Branches 157 Tags
b18de9e6417c60b51d2371c98394f4033d2683e4
Commit Graph

69 Commits

Author SHA1 Message Date
Kasper Svendsen
ab5e241310 Javascript: Enable implicit this warnings for remaining packs 2023-06-27 11:56:29 +02:00
github-actions[bot]
50c90bbc5c ATM: Update model pack dependency of ML-powered model building and query packs 2023-03-02 17:31:03 +00:00
Jean Helie
b08fa43fdf update tests 2023-01-17 12:20:17 +01:00
Jean Helie
f07984bab2 update test data 2023-01-17 12:20:17 +01:00
Jean Helie
13aaa22df5 add bosted version of ShellCommandInjectionFromEnvironment 2023-01-17 12:20:17 +01:00
Jean Helie
938a7e828c update tests 2022-12-16 15:31:43 +01:00
Jean Helie
cd0220b248 update autogenerated data for endpoint_large_scale 2022-12-16 14:03:01 +01:00
Jean Helie
904a4bd48b fix script updating endpoint_large_scale test data 2022-12-16 14:03:00 +01:00
Tiferet Gazit
1a9dd48a88 Merge pull request #11551 from github/tiferet/endpoint-characteristics-test 
ATM: Test for contradictory endpoint characteristics
 2022-12-06 18:36:41 -08:00
tiferet
cf29cde2e8 Apply suggestions from code review 2022-12-06 18:05:04 -08:00
tiferet
93e3c72c6a Test for contradictory endpoint characteristics 2022-12-02 10:29:39 -08:00
Tiferet Gazit
c0aae3d68e Apply suggestions from code review 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-12-02 09:00:45 -08:00
tiferet
d17383d98c Add XssThroughDom 2022-12-02 06:59:32 -08:00
tiferet
294f34bf07 Small improvement 
Not strictly needed, but better to keep things private when possible
 2022-12-02 06:59:31 -08:00
tiferet
a317f2bfe2 Test for endpoints scored at inference time 
Adds a test to detect changes in the endpoints that get scored at inference time.
 2022-12-02 06:59:31 -08:00
Jean Helie
352d1a7e8c ATM: update tests 2022-12-01 19:01:30 +01:00
Jean Helie
880548bafc Merge branch 'main' into tiferet/boost-xss-through-dom 2022-12-01 18:13:27 +01:00
Jean Helie
50a3c0d725 ATM: update expected ML test values 2022-12-01 17:53:09 +01:00
Jean Helie
f388703a3d ATM: update further files following the addition of XssThroughDom query 2022-12-01 17:45:07 +01:00
tiferet
a0a742eb82 Rename predicates to fit style guide: 
- `getEndpoints` → `appliesToEndpoint`
- `getImplications` → `hasImplications`
- `getAlerts` → `hasAlert`
 2022-11-30 17:01:56 -08:00
tiferet
4580b55673 Oops -- forgot to stage one file in the previous commit :) 2022-11-28 11:34:34 -08:00
tiferet
99de397a5f Remove redundant code 
`isOtherModeledArgument` and `isArgumentToBuiltinFunction` contained the old logic for selecting negative endpoints for training.

These can now be deleted, and replaced by a single base class that collects all EndpointCharacteristics that are currently used to indicate negative training samples: `OtherModeledArgumentCharacteristic`.

This in turn lets us delete code from `StandardEndpointFilters` that effectively said that endpoints that are high-confidence non-sinks shouldn't be scored at inference time, either.
 2022-11-28 11:34:33 -08:00
tiferet
4a1382925e Remove some imports that are no longer used 2022-11-16 14:01:16 -08:00
tiferet
0fd013f9fd Update the reason names in FilteredTruePositives.expected. 
This is needed because we changed the names of three endpoint filters that were all called "not a direct argument to a likely external library call or a heuristic sink" in order to disambiguate them (fc56c5a022).
 2022-11-16 11:54:10 -08:00
tiferet
eab270eb84 Move the definitions of isEffectiveSink and getAReasonSinkExcluded to the base class. 
They can now be implemented generically for all sink types.
 2022-11-16 11:47:24 -08:00
tiferet
cb632b3534 Delete the file ExtractEndpointData.expected which was leftover in the last PR 2022-11-15 17:11:34 -08:00
tiferet
b47723d607 Delete ExtractEndpointData. 
Also remove the associated test files.
 2022-11-14 14:57:59 -08:00
github-actions[bot]
a1e0bf022e ATM: Update model pack dependency of ML-powered model building and query packs 2022-11-07 13:00:27 +00:00
Henry Mercer
3e863a539a ATM: Fix CodeQL pack workspace references 
This fixes the
[ATM PR checks](https://github.com/github/codeql/actions/runs/3392995797/jobs/5639827326)
breaking on main as a result of
https://github.com/github/codeql/pull/11004.
 2022-11-04 14:03:34 +00:00
Henry Mercer
3afb9c1b3b Merge pull request #10845 from github/henrymercer/remove-worsening-queries 
ATM: Remove worsening-based queries
 2022-10-19 10:05:53 +01:00
github-actions[bot]
fa274e4375 ATM: Update ML model to 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d 2022-10-18 11:53:42 +00:00
Henry Mercer
c0ac7ad7db Remove query for worsening-based classifier evaluation 2022-10-14 15:35:43 +01:00
Henry Mercer
e3b54efb68 ATM: Update expected test output 
Update the expected test output given some changes to the JavaScript
libraries which reclassified one of the test endpoints.
 2022-09-28 20:00:40 +01:00
Stephan Brandauer
caf39592d4 better documentation 2022-09-01 16:05:36 +02:00
Stephan Brandauer
ac097d5f2a fix now-broken tests 2022-09-01 16:05:35 +02:00
Stephan Brandauer
ed75080072 add stringConcatenatedWith feature to help the model learn that string concatenation leaves are usually not sinks 2022-09-01 16:05:35 +02:00
Stephan Brandauer
db73a62bc2 fix bug in InputArgumentIndex feature 2022-09-01 16:05:34 +02:00
Stephan Brandauer
96919eea80 use ? for unknown parameternames 2022-09-01 16:05:34 +02:00
Stephan Brandauer
f8b3c27210 add documentations and rename a feature 2022-09-01 16:05:34 +02:00
Stephan Brandauer
3422bdee92 add functionInterfacesInFile and surroundingFunctionParameters features 2022-09-01 16:05:34 +02:00
Stephan Brandauer
93aa279b31 documentation for new feature 2022-09-01 16:05:33 +02:00
Stephan Brandauer
25db666087 ATM: new feature to list all imports in an endpoint's file 2022-09-01 16:05:33 +02:00
Esben Sparre Andreasen
d0faf71113 use proper import instead of inlining 2022-09-01 16:05:33 +02:00
Esben Sparre Andreasen
82069cfb75 remove Input_ArgumentIndexAndAccessPathFromCallee 2022-09-01 16:05:33 +02:00
Esben Sparre Andreasen
548f0286f3 address review comments 2022-09-01 16:05:32 +02:00
Esben Sparre Andreasen
57041aad7c Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-09-01 16:05:32 +02:00
Esben Sparre Andreasen
c95ab031ef rename new features 2022-09-01 16:05:32 +02:00
Esben Sparre Andreasen
6533260614 add more features 2022-09-01 16:05:31 +02:00
Esben Sparre Andreasen
a8c3cb29ec improve feature tests with more cases 2022-09-01 16:05:31 +02:00
Esben Sparre Andreasen
41b35eaa49 add generic tests for features 2022-09-01 16:05:30 +02:00