hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
37,030 Commits 1,673 Branches 157 Tags
b681a10bfe6d6eec2bc583fdcdd21322b6e2bc64
Commit Graph

28 Commits

Author SHA1 Message Date
github-actions[bot]
1e620c99c6 JS: Bump patch version of ML-powered library and query packs post-release 2022-03-23 11:53:34 +00:00
github-actions[bot]
dc0c8374d2 JS: Bump minor version of ML-powered library and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
6fbc0e6e32 JS: Bump ML model pack dependency of ML-powered model building and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
7ac7657ffc JS: Bump patch version of ML-powered library and query packs post-release 2022-03-11 12:17:13 +00:00
github-actions[bot]
2f6886642c JS: Bump minor version of ML-powered library and query packs 2022-03-11 12:13:03 +00:00
Stephan Brandauer
6a9186cdef update ATM NosqlInjection and SqlInjection query docs 2022-02-22 16:56:18 +01:00
Henry Mercer
4f7604f0dd Merge pull request #8151 from github/henrymercer/separate-atm-model-pack 2022-02-22 11:47:35 +00:00
Henry Mercer
5a3daa9e3f JS: Add CWE tags for ML-powered queries 
- Cross-site scripting: CWE-79
- Path injection: CWE-22, CWE-23, CWE-36, CWE-73, CWE-99
- NoSQL injection: CWE-943
- SQL injection: CWE-89
 2022-02-21 16:18:33 +00:00
Henry Mercer
a89882c14e JS: Update lockfiles for ML-powered queries packs 2022-02-21 16:03:05 +00:00
Henry Mercer
6fb9895367 JS: Separate the ML-powered queries model into its own pack 
This allows users to more easily get started with development. Running
`codeql pack install` from the `-queries` pack will now install the ML
model.
 2022-02-21 15:05:57 +00:00
Henry Mercer
70f7535988 JS: Move experimental notice to the bottom of the ML-powered query help 
The Code Scanning UI shows just the first paragraph of the query help
as a summary, until a user chooses to expand the help.
We decided it was more useful to display the standard query help in this
summary compared to the experimental query notice, since there is
already a notice about experimental queries on the alert show page.
 2022-01-25 15:52:09 +00:00
Henry Mercer
84907f91f1 JS: Fix copy/paste error in XSS ML-powered queries results patterns 
We didn’t catch this because our unit tests test only library code due
to the previous difficulty of running queries with an ML model (the ML
models in packs work should fix that), and because the end-to-end
evaluation runs separate queries that have different result patterns.

Going forward we should create unit tests for the queries themselves,
which will require using the ML model in tests. We should also be able
to catch this type of error using DCA.
 2022-01-21 15:17:52 +00:00
Henry Mercer
c134e6c9ef JS: Bump ML-powered query packs to v0.0.6 2022-01-19 14:40:42 +00:00
Henry Mercer
d467725ccd JS: Bump ML-powered query packs to v0.0.5 2022-01-19 12:08:33 +00:00
Henry Mercer
63672ca394 Merge pull request #7616 from github/henrymercer/js-atm-add-query-help 
JS: Add query help for ML-powered queries
 2022-01-18 18:11:53 +00:00
Henry Mercer
ffa4135cbe JS: Update alert messages for ML-powered queries 2022-01-17 17:19:49 +00:00
Henry Mercer
e9128466d4 JS: Add query help for ML-powered queries 
Query help is identical to the original query, except for a new
paragraph prepended to the overview explaining that the queries are
experimental.

We add Markdown query help since only Markdown query help is embedded in
SARIF via `--sarif-add-query-help`.
 2022-01-17 16:34:50 +00:00
Henry Mercer
568d37e9b9 JS: Update definition of ATM query suite 
It's simpler to just run all the queries in the pack instead of
specifying the IDs.
 2022-01-17 16:34:50 +00:00
Henry Mercer
e9bb9f5294 JS: Update names, IDs, and tags for ML-powered queries 2022-01-13 17:45:40 +00:00
Henry Mercer
9abc3411a4 JS: Bump ATM pack versions to 0.0.4 2022-01-12 15:19:13 +00:00
Andrew Eisenberg
6d62227576 Merge pull request #7431 from aeisenberg/aeisenberg/solorigate-publish 
Solorigate: Extract to separate qlpack
 2022-01-06 08:53:32 -08:00
Henry Mercer
055432530f Bump ATM pack version to 0.0.2 2021-12-17 16:49:59 +00:00
Andrew Eisenberg
50ee4ab330 Solorigate: Extract to separate qlpack 
Extracts solorigate to separate qlpacks in preparation for
publishing them to the registry.
 2021-12-16 16:09:20 -08:00
Henry Mercer
29eb66d772 JS: Add ML models to .gitignore 2021-11-25 17:06:37 +00:00
Henry Mercer
2af509595b JS: Add ML models specification to ATM query pack definition 
This will allow us to resolve the ATM machine learning models that will
be distributed within this pack.
 2021-11-25 16:42:38 +00:00
Henry Mercer
7e0e35f364 Rename ATM query pack for consistency with other packs 2021-10-25 17:32:25 +01:00
Henry Mercer
548a344d34 JS: Implement suggestions from review 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2021-10-19 12:00:40 +01:00
Henry Mercer
4d7a8285ad JS: Initial commit of Adaptive Threat Modeling 2021-10-18 17:24:24 +01:00