hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-27 17:41:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,816 Commits 1,762 Branches 168 Tags
bb4d18aa1d5e29814e22bf5e06d7638d6882c14a
Commit Graph

7107 Commits

Author SHA1 Message Date
Henry Mercer
bb4d18aa1d Remove NoSQL sinks since September 2018 2022-02-28 16:33:37 +00:00
Esben Sparre Andreasen
988048e941 Remove additional Xss sinks 2022-02-28 16:33:37 +00:00
Esben Sparre Andreasen
ffaddbc272 Remove additional SQL sinks 2022-02-28 16:33:37 +00:00
Esben Sparre Andreasen
c6827fe9ac Remove additional path-injection sinks 2022-02-28 16:33:37 +00:00
Esben Sparre Andreasen
1708ea0a6c Remove pseudo-properties 2022-02-28 16:33:37 +00:00
Esben Sparre Andreasen
86a308394a Remove 2020 sinks from SqlInjection.ql 2022-02-28 16:33:37 +00:00
Esben Sparre Andreasen
067f8ca295 Remove 2020 sinks from Xss.ql 2022-02-28 16:33:37 +00:00
Esben Sparre Andreasen
9b079ef64b Remove 2020 sinks from TaintedPath.ql 2022-02-28 16:33:37 +00:00
annarailton
a047b63220 Add boosted and unboosted evaluation versions of StoredXss and XssThroughDom 2022-02-28 16:25:33 +00:00
annarailton
da3826f85a Add ATMLite versions of StoredXss and XssThroughDom 2022-02-28 15:34:48 +00:00
Esben Sparre Andreasen
66ea3a1548 Boost StoredXss and XssThroughDomATM 
Produced with:
```
javascript/ql$tb boost src/Security/CWE-079/StoredXss.ql XssSink
javascript/ql$ tb boost src/Security/CWE-079/XssThroughDom.ql XssSink
```
 2022-02-28 15:34:10 +00:00
Erik Krogh Kristensen
b6b93065ff Merge pull request #8157 from erik-krogh/lodash-clone 
JS: add lodash.{clone, cloneDeep} as a clone step
 2022-02-22 18:12:10 +01:00
Erik Krogh Kristensen
c487bb73a7 Merge pull request #8143 from erik-krogh/pred-ql-style 
QL: add ql-for-ql query for detecting bad predicate qldoc
 2022-02-22 17:49:12 +01:00
Henry Mercer
4f7604f0dd Merge pull request #8151 from github/henrymercer/separate-atm-model-pack 2022-02-22 11:47:35 +00:00
Erik Krogh Kristensen
e8df6a14ca add lodash.{clone, cloneDeep} as a clone step 2022-02-21 22:27:29 +01:00
Henry Mercer
5a3daa9e3f JS: Add CWE tags for ML-powered queries 
- Cross-site scripting: CWE-79
- Path injection: CWE-22, CWE-23, CWE-36, CWE-73, CWE-99
- NoSQL injection: CWE-943
- SQL injection: CWE-89
 2022-02-21 16:18:33 +00:00
Henry Mercer
a89882c14e JS: Update lockfiles for ML-powered queries packs 2022-02-21 16:03:05 +00:00
Henry Mercer
6fb9895367 JS: Separate the ML-powered queries model into its own pack 
This allows users to more easily get started with development. Running
`codeql pack install` from the `-queries` pack will now install the ML
model.
 2022-02-21 15:05:57 +00:00
Tom Bolton
0108642464 Merge pull request #8148 from github/tombolton/modify-counting-query 
Update counting query to match end-to-end results
 2022-02-21 15:02:43 +00:00
tombolton
e02319be9f add end to end predicate to result counting query 2022-02-21 14:35:58 +00:00
Erik Krogh Kristensen
1407b49a8f fix some instances of ql/pred-doc-style for JS 2022-02-21 15:02:21 +01:00
Asger F
02c4966109 Merge pull request #7878 from asgerf/dot-separated-access-paths 
Shared: Switch to dot-separated access paths in summary specs
 2022-02-21 13:29:09 +01:00
Esben Sparre Andreasen
1d437dd722 Merge pull request #8043 from github/esbena/sharpen-hardcoded-credentials 
JS: Sharpen hardcoded credentials
 2022-02-21 10:02:58 +01:00
Erik Krogh Kristensen
5f9bd7a4a1 Merge pull request #7984 from erik-krogh/fix-ql-for-ql-js 
JS: fix most ql-for-ql warnings
 2022-02-21 09:15:06 +01:00
Asger Feldthaus
d7f07167ac Shared: Remove getLastToken again 2022-02-21 08:21:53 +01:00
Asger Feldthaus
2c2a82a070 Shared: allow spaces between arguments in a token 2022-02-21 08:21:53 +01:00
Asger Feldthaus
7fcbdbeada Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
2907d53e17 Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
c189df2341 Revert "JS: Add support for " of " syntax to help during transition" 
This reverts commit 9bf522b3048c3b11f7e6d734ed797a613614a095.
 2022-02-21 08:21:51 +01:00
Asger Feldthaus
753c557dbe Java: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:54 +01:00
Asger Feldthaus
53935db6c6 JS: Add support for " of " syntax to help during transition 2022-02-21 08:16:54 +01:00
Asger Feldthaus
30254686d8 JS: Move ".."-parsing trick into AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Asger Feldthaus
7c2cff3227 JS: Factor out AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Asger Feldthaus
e2cbf47b16 JS: Fix accidental recursion 2022-02-21 08:16:53 +01:00
Esben Sparre Andreasen
f08a140505 update tests for password patterns 2022-02-16 13:22:19 +01:00
Esben Sparre Andreasen
816d79692b ignore deliberately hardcoded password strings 2022-02-16 09:47:01 +01:00
Esben Sparre Andreasen
78744a0182 add additional tests 2022-02-16 09:44:56 +01:00
Esben Sparre Andreasen
e67c09f9ab change example passwords in test 2022-02-16 08:56:00 +01:00
Arthur Baars
ebb87c4b36 Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1 
Post-release preparation for codeql-cli-2.8.1
 2022-02-15 20:17:35 +01:00
CodeQL CI
8f8621f82c Merge pull request #8022 from asgerf/js/url-parse-qs 
Approved by esbena
 2022-02-15 09:34:21 +01:00
Asger Feldthaus
8b55a24e7c JS: Add url-parse.qs as an alias for the querystringify library 2022-02-14 15:29:50 +01:00
Chuan-kai Lin
9b4dbb9dd8 Merge pull request #7895 from github/cklin/upgrades-initial-dbscheme 
Upgrade scripts testing: set initial dbschemes
 2022-02-11 11:06:12 -08:00
Erik Krogh Kristensen
a1c5724be7 fix most ql-for-ql warnings in JS 2022-02-11 17:57:37 +01:00
github-actions[bot]
21bf29353f Post-release preparation for codeql-cli-2.8.1 2022-02-11 11:07:31 +00:00
Taus
327e0dad72 Merge pull request #7674 from erik-krogh/dbTypeInNonLib 
QL: Use of db-type outside language core.
 2022-02-11 12:00:14 +01:00
Erik Krogh Kristensen
36e02ae9ac Merge pull request #7912 from erik-krogh/moarApi 
JS: convert more type-trackers to API-graphs
 2022-02-11 10:32:45 +01:00
Erik Krogh Kristensen
3791b159fb Merge pull request #7892 from erik-krogh/nanSan 
JS: Add a `isNaN` sanitizer, and use it in queries that already had a typeof check
 2022-02-11 10:13:06 +01:00
Erik Krogh Kristensen
2ffd79d451 Merge pull request #7921 from erik-krogh/snapdragon 
JS: add model for the snapdragon library
 2022-02-11 10:10:55 +01:00
Esben Sparre Andreasen
a4447ce372 Update javascript/ql/lib/semmle/javascript/frameworks/Snapdragon.qll 2022-02-11 08:20:02 +01:00
github-actions[bot]
f25fc70b7c Release preparation for version 2.8.1 2022-02-10 22:08:24 +00:00