hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
46,831 Commits 1,673 Branches 157 Tags
c2035e85d2bef276a8da5d84e88e390fa1ceaf9c
Commit Graph

46831 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
tiferet
c2035e85d2 Be explicit in requiring that each ATM config set its endpoint type. 2022-11-16 11:55:23 -08:00
tiferet
0fd013f9fd Update the reason names in FilteredTruePositives.expected. 
This is needed because we changed the names of three endpoint filters that were all called "not a direct argument to a likely external library call or a heuristic sink" in order to disambiguate them (fc56c5a022).
 2022-11-16 11:54:10 -08:00
tiferet
eab270eb84 Move the definitions of isEffectiveSink and getAReasonSinkExcluded to the base class. 
They can now be implemented generically for all sink types.
 2022-11-16 11:47:24 -08:00
tiferet
fc56c5a022 Implement the type-specific endpoint filters as EndpointCharacteristics. 
Also disambiguate three filters from three different sink types that all have the same name, "not a direct argument to a likely external library call or a heuristic sink".
 2022-11-16 11:14:25 -08:00
tiferet
13cb0ab554 Fix CodeQL warning 2022-11-15 17:32:30 -08:00
tiferet
2ecdfd1ff6 Delete some code that's no longer in use 2022-11-15 17:29:03 -08:00
tiferet
fedb98ddb5 Implement the standard getAReasonSinkExcluded using StandardEndpointFilterCharacteristics 2022-11-15 17:22:00 -08:00
tiferet
cf4e37a0ab Implement the standard endpoint filters as EndpointCharacteristics 2022-11-15 17:20:20 -08:00
tiferet
cb632b3534 Delete the file ExtractEndpointData.expected which was leftover in the last PR 2022-11-15 17:11:34 -08:00
Tiferet Gazit
710b215c38 Merge pull request #11263 from github/tiferet/extract-training-data 
ATM: Extract training data
 2022-11-15 12:08:13 -08:00
tiferet
fc078a47fd Apply suggestion from code review 2022-11-15 11:14:01 -08:00
Tiferet Gazit
092e019de9 Apply suggestions from code review 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-11-15 10:48:32 -08:00
Andrew Eisenberg
2ffb4b6480 Merge pull request #11279 from github/aeisenberg/atm-readme 
Add more information about ATM queries for external users
 2022-11-15 10:46:03 -08:00
Andrew Eisenberg
88750a7000 Add more information about ATM queries for external users 2022-11-15 10:17:56 -08:00
AlexDenisov
f069802abb Merge pull request #11277 from github/redsun82/swift-remove-ipa-from-dbscheme-cpp 
Swift: remove IPA classes from `cppgen`
 2022-11-15 18:34:59 +01:00
AlexDenisov
eb2f1ff559 Merge pull request #11274 from github/redsun82/swift-remove-double-newlines-in-schema 
Swift: remove double newlines in schema
 2022-11-15 18:34:32 +01:00
Erik Krogh Kristensen
6f4fd3ef72 Merge pull request #11175 from erik-krogh/erb 
JS: extract .erb files as html
 2022-11-15 18:21:48 +01:00
Jeroen Ketema
d79c722d95 Merge pull request #11278 from jketema/dataflow-test-typo 
C++: Fix typo in dataflow test comment
 2022-11-15 17:33:06 +01:00
Jeroen Ketema
98176007d8 C++: Fix type in dataflow test comment 2022-11-15 17:18:08 +01:00
erik-krogh
cec5045b52 Merge branch 'main' into erb 2022-11-15 17:16:05 +01:00
Erik Krogh Kristensen
68e513c6a4 Merge pull request #11246 from erik-krogh/java-redosMod 
Java: use the shared regex pack
 2022-11-15 17:12:52 +01:00
Paolo Tranquilli
56b207e41f Swift: remove IPA classes from cppgen 2022-11-15 17:07:52 +01:00
Tony Torralba
89a8ccb828 Merge pull request #11273 from atorralba/atorralba/swift/string-utf8-step 
Swift: Add `AdditionalTaintStep`
 2022-11-15 16:46:26 +01:00
Tony Torralba
0570610765 Merge pull request #11138 from atorralba/atorralba/swift/xxe-query-aexml-sinks 
Swift: Add AEXML sinks to XXE query
 2022-11-15 16:42:17 +01:00
Erik Krogh Kristensen
f7b5a4d170 Merge pull request #11203 from erik-krogh/shouldBePath 
C#: update cs/assembly-path-injection cs/hardcoded-key to path-problems
 2022-11-15 16:24:05 +01:00
Tony Torralba
8ca004fde1 Add AdditionalTaintStep 2022-11-15 16:14:22 +01:00
Paolo Tranquilli
635391eae8 Swift: autopep8 integration tests 2022-11-15 15:43:05 +01:00
Paolo Tranquilli
c2171c01e1 Swift: remove double newlines in schema 
While PEP8 mandates those, they look bad in the schema file.

`autopep8` already ignores those, and they were single newlines at some
point until an overeager IDE has "fixed" them at some point without me
realizing.

Also, the pre-commit configuration was updated to take `schema.py` into
account.
 2022-11-15 15:00:30 +01:00
Asger F
dc440aaee6 Merge pull request #11255 from asgerf/js/dynamic-import-type-expr 
JS: Handle DynamicImport in the context of a type
 2022-11-15 13:31:08 +01:00
Stephan Brandauer
4b9b35d1c2 Merge pull request #11267 from github/atm/fix-non-sink-characteristics-hierarchy 
ATM: remove superfluous class in EndpointCharacteristics hierarchy
 2022-11-15 12:59:42 +01:00
erik-krogh
dff7b475fb make the top-level comment in SuperlinearBackTracking.qll a QLDoc 2022-11-15 11:46:44 +01:00
Nick Rolfe
8d854e0a6b Merge pull request #11252 from github/nickrolfe/active_support_enumerable 
Ruby: add flow summary for Enumerable#index_by
 2022-11-15 10:40:42 +00:00
Stephan Brandauer
ec3578364e remove superfluous class in EndpointCharacteristics hierarchy 2022-11-15 10:17:38 +01:00
tiferet
9ecff0723c Fix non-ascii character in docs 2022-11-14 16:34:24 -08:00
tiferet
6b7612fed7 Fix import errors in DebugResultInclusion.ql 2022-11-14 15:33:46 -08:00
tiferet
b47723d607 Delete ExtractEndpointData. 
Also remove the associated test files.
 2022-11-14 14:57:59 -08:00
tiferet
9d7e7735d5 Extract training data: 
Implement the new query that selects data for training. For now we include clauses that implement logic that is identical to the old queries.

Include a temporary wrapper query that converts the resulting data into the format expected by the endpoint pipeline.

Move the small pieces of `ExtractEndpointData` that are still needed into `ExtractEndpointDataTraining.qll`.
 2022-11-14 14:33:08 -08:00
erik-krogh
b59a9bc95c use instead of a fixed version number 2022-11-14 21:29:41 +01:00
erik-krogh
a4acea9adf add change-note 2022-11-14 21:29:41 +01:00
erik-krogh
c029048306 port the Java regex/redos queries to use the shared pack 2022-11-14 21:29:41 +01:00
erik-krogh
d5b066636f use namespace in PrintAst.qll to avoid conflict with Top 2022-11-14 21:29:41 +01:00
erik-krogh
b737bdbca0 add a Java implementation of RegexTreeViewSig 2022-11-14 21:29:41 +01:00
erik-krogh
20254dfc08 move existing regex-tree into a module 2022-11-14 21:29:41 +01:00
erik-krogh
af1470de07 add codeql/regex as a dependency 2022-11-14 21:29:41 +01:00
Erik Krogh Kristensen
d2857006cf Merge pull request #11247 from erik-krogh/py-redosMod 
Python: use the shared regex pack
 2022-11-14 21:10:43 +01:00
Tiferet Gazit
855eddab80 Merge pull request #11174 from github/tiferet/non-sink-endpoint-characteristics 
Non-sink endpoint characteristics
 2022-11-14 09:37:25 -08:00
Erik Krogh Kristensen
99636ba344 fix typo 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-11-14 17:35:55 +01:00
erik-krogh
324e0e8f90 always sort both by location and by term tostring 2022-11-14 17:33:48 +01:00
Ian Lynagh
7bf55c5846 Merge pull request #11251 from igfoo/igfoo/total 
Kotlin: Add total number of diagnostics to telemetry
 2022-11-14 15:09:57 +00:00
Tony Torralba
5791e8b9a2 Slight renaming 2022-11-14 15:46:44 +01:00