hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-30 11:01:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
41,840 Commits 1,763 Branches 168 Tags
bb4b65654fe85ead9d31b37383fdfd6d87fc4967
Commit Graph

41840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
bb4b65654f Remove additional SQL sinks 2022-08-12 14:48:13 +00:00
Esben Sparre Andreasen
7460719a60 Remove additional path-injection sinks 2022-08-12 14:48:12 +00:00
Esben Sparre Andreasen
8a374eba54 Remove pseudo-properties 2022-08-12 14:48:12 +00:00
Esben Sparre Andreasen
d6c06e3592 Remove 2020 sinks from SqlInjection.ql 2022-08-12 14:48:12 +00:00
Esben Sparre Andreasen
e9356d840d Remove 2020 sinks from Xss.ql 2022-08-12 14:48:12 +00:00
Esben Sparre Andreasen
54fc0e12ba Remove 2020 sinks from TaintedPath.ql 2022-08-12 14:48:12 +00:00
Stephan Brandauer
c60555d28a Review comments 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-08-12 16:36:49 +02:00
Stephan Brandauer
2c28d2402b fix now-broken tests 2022-08-11 11:48:27 +02:00
Stephan Brandauer
d6d6ee9f9e fix ql-for-ql warnings 2022-08-11 10:53:05 +02:00
Stephan Brandauer
beebbb2a36 remove obsolete features 2022-08-11 10:22:39 +02:00
Stephan Brandauer
96e3aa4188 add stringConcatenatedWith feature to help the model learn that string concatenation leaves are usually not sinks 2022-08-11 09:34:24 +02:00
Stephan Brandauer
4ce01be846 add assignedToPropName feature to let the model improve number of false positives for XSS query 2022-08-11 09:34:24 +02:00
Stephan Brandauer
37c7c430bd fix bug in InputArgumentIndex feature 2022-08-11 09:34:23 +02:00
Stephan Brandauer
3f17544235 performance fixes 2022-08-11 09:34:23 +02:00
Stephan Brandauer
4e1cb75610 use ? for unknown parameternames 2022-08-11 09:34:23 +02:00
Stephan Brandauer
f395cee944 add documentations and rename a feature 2022-08-11 09:34:23 +02:00
Stephan Brandauer
88799b2692 add functionInterfacesInFile and surroundingFunctionParameters features 2022-08-11 09:34:22 +02:00
Stephan Brandauer
f801a393f1 documentation for calleeImports ATM feature 2022-08-11 09:34:22 +02:00
Stephan Brandauer
508358c8ba documentation for new feature 2022-08-11 09:34:22 +02:00
Stephan Brandauer
5196c49ed4 ATM: new feature to list all imports in an endpoint's file 2022-08-11 09:34:22 +02:00
Esben Sparre Andreasen
83d5b52a3d use proper import instead of inlining 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
f6d3703561 remove Input_ArgumentIndexAndAccessPathFromCallee 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
d5dbdb122f add docstring examples 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
6048f8fbf1 address review comments 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
a511489e90 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
295a3f51e1 fix semantic merge conflict 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
769236fc7f rename new features 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
278fef93f2 add more features 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
d52082f41b improve feature documentation 2022-08-11 09:34:19 +02:00
Esben Sparre Andreasen
44340a8ce4 improve feature tests with more cases 2022-08-11 09:34:19 +02:00
Esben Sparre Andreasen
827c55c612 improve access path strings 2022-08-11 09:34:19 +02:00
Esben Sparre Andreasen
6f28d39213 support import in getSimpleAccessPath 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
4f420c72d9 support await in getSimpleAccessPath 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
3c01011b51 avoid using new feautes by default 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
1b32b53205 add CompareFeatures.ql 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
65eba5c01e add generic tests for features 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
5e6b17672d Document EndpointFeatures.qll 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
2e65873488 add ParameterAccessPathSimpleFromArgumentTraversal 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
51ac3c270a improve getSimpleAccessPath 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
88172e1347 refactor calleeAccessPath feature to class 2022-08-11 09:34:16 +02:00
Stephan Brandauer
826267ca9b refactor getACallBasedTokenFeature to class-use 2022-08-11 09:34:16 +02:00
Esben Sparre Andreasen
a6f5487298 Add CalleeAccessPathSimpleFromArgumentTraversal 2022-08-11 09:34:16 +02:00
Esben Sparre Andreasen
386672d4e0 refactor EndpointFeatures.ql to use classes 2022-08-11 09:34:15 +02:00
Anders Schack-Mulligen
87461fece4 Merge pull request #10006 from aschackmull/java/sensitive-log-dedup 
Java: Remove SensitiveLoggingQuery results that flow through a source.
 2022-08-11 09:26:33 +02:00
Anders Schack-Mulligen
ced083be61 Merge pull request #10015 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-08-11 09:20:12 +02:00
Michael Nebel
b817bd43ca Merge pull request #10005 from michaelnebel/csharp/constructorsummaries 
C#: Constructor summaries
 2022-08-11 09:16:05 +02:00
Tom Hvitved
e106edc04e Merge pull request #9989 from hvitved/csharp/lua-tracer-improvements2 
C#: Handle `dotnet exec csc.dll` and the likes in the Lua tracer
 2022-08-11 08:55:46 +02:00
github-actions[bot]
33ce9552cb Add changed framework coverage reports 2022-08-11 00:17:52 +00:00
Chris Smowton
cc8e9806c4 Merge pull request #10009 from smowton/smowton/java17-options 
Java: Adapt tests as required by JDK17 extractor upgrade
 2022-08-10 18:46:06 +01:00
Chris Smowton
341241cf43 Use SrcFloatingPointLiteral 2022-08-10 17:28:14 +01:00