hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

7497 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
2bffe56580 update expected output 2022-01-20 16:06:57 +01:00
Erik Krogh Kristensen
3155114e36 use more set literals 2022-01-20 16:06:34 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Erik Krogh Kristensen
5780161b2c fix most issues found by ql/class-doc-style in JS 2022-01-20 15:10:16 +01:00
Erik Krogh Kristensen
7167e856fe move electron sink to the customizations file 2022-01-20 14:07:23 +01:00
Erik Krogh Kristensen
548fb47603 JS: move ExternalArtifact.qll into lib/ folder to fix ql/db-type-outside-core 2022-01-20 14:00:57 +01:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00
CodeQL CI
cfa670c123 Merge pull request #7651 from erik-krogh/CWE-471 
Approved by asgerf, esbena
 2022-01-20 01:47:39 -08:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
Erik Krogh Kristensen
b8f1fb3954 JS: fix ql/field-only-used-in-charpred within JavaScript 2022-01-20 09:41:13 +01:00
github-actions[bot]
4ce8ccc52b Release preparation for version 2.7.6 2022-01-20 08:21:18 +00:00
Henry Mercer
c134e6c9ef JS: Bump ML-powered query packs to v0.0.6 2022-01-19 14:40:42 +00:00
Erik Krogh Kristensen
cb9e14f544 add cwe-471 to js/prototype-pollution 2022-01-19 14:54:57 +01:00
Erik Krogh Kristensen
e4203a4109 add CWE-471 to the prototype-pollution queries 2022-01-19 14:26:34 +01:00
Henry Mercer
d467725ccd JS: Bump ML-powered query packs to v0.0.5 2022-01-19 12:08:33 +00:00
Erik Krogh Kristensen
ef2eacebce add a js/empty-password-in-configuration-file query 2022-01-19 10:48:45 +01:00
Erik Krogh Kristensen
b7a0b8765e add js/http-dependency query 2022-01-19 10:05:39 +01:00
Henry Mercer
63672ca394 Merge pull request #7616 from github/henrymercer/js-atm-add-query-help 
JS: Add query help for ML-powered queries
 2022-01-18 18:11:53 +00:00
Henry Mercer
be0c26f83d Merge pull request #7617 from github/henrymercer/js-atm-update-alert-messages 
JS: Update alert messages for ML-powered queries
 2022-01-18 11:37:02 +00:00
Henry Mercer
1893b9f7a9 Merge pull request #7376 from github/henrymercer/js-atm-absent-features-optimization 
JS: Update featurization for absent features optimization
 2022-01-18 10:15:53 +00:00
Henry Mercer
ffa4135cbe JS: Update alert messages for ML-powered queries 2022-01-17 17:19:49 +00:00
Henry Mercer
e9128466d4 JS: Add query help for ML-powered queries 
Query help is identical to the original query, except for a new
paragraph prepended to the overview explaining that the queries are
experimental.

We add Markdown query help since only Markdown query help is embedded in
SARIF via `--sarif-add-query-help`.
 2022-01-17 16:34:50 +00:00
Henry Mercer
568d37e9b9 JS: Update definition of ATM query suite 
It's simpler to just run all the queries in the pack instead of
specifying the IDs.
 2022-01-17 16:34:50 +00:00
Asger Feldthaus
79f799066a JS: Update test output 2022-01-17 16:27:57 +01:00
Andrew Eisenberg
fbb5d7196f Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:23:43 -08:00
Ian Lynagh
bba8e45e74 Merge pull request #7602 from igfoo/igfoo/typos 
Fix a couple of typos: clases / clasess
 2022-01-14 15:56:04 +00:00
Henry Mercer
ed28b7f174 Merge pull request #7575 from github/henrymercer/atm-remove-code-to-features 
JS: Remove ATM `CodeToFeatures` library
 2022-01-14 15:31:34 +00:00
Ian Lynagh
22dc24629f Fix a couple of typos: clases / clasess 2022-01-14 14:28:29 +00:00
Henry Mercer
d55e6d1ca7 Merge pull request #7594 from github/henrymercer/js-atm-rename-queries 
JS: Update names, IDs, and tags for ML-powered queries
 2022-01-14 10:28:24 +00:00
Edoardo Pirovano
f2818ebb5e Merge pull request #7489 from edoardopirovano/fix-example 
Fix example in JavaScript query
 2022-01-14 08:58:28 +00:00
Henry Mercer
e9bb9f5294 JS: Update names, IDs, and tags for ML-powered queries 2022-01-13 17:45:40 +00:00
Henry Mercer
8e9d8c112d JS: Improve comments in FunctionBodyFeatures.qll 2022-01-13 17:20:42 +00:00
Henry Mercer
2aea3257cb JS: Improve documentation for getTokenizedAstNode 2022-01-13 17:20:41 +00:00
Andrew Eisenberg
4ffd8c62ac Merge pull request #7579 from github/aeisenberg/changenote-upgrades-removal 
Changenotes: Add changenotes for upgrades refactoring
 2022-01-13 09:09:06 -08:00
Henry Mercer
92d6fecc73 Optimize performance of body tokens 
The refactoring to remove the `CodeToFeatures` AST reintroduced a
performance problem. This commit resolves it by pushing size
restrictions into intermediate predicates.
 2022-01-13 16:29:04 +00:00
Asger Feldthaus
708408a458 JS: Recognize "sql" option as a query string 2022-01-13 13:04:41 +01:00
Stephan Brandauer
40ad88ba53 Merge pull request #7474 from kaeluka/db-reads-as-taint-sources 
JS: DB reads as taint sources
 2022-01-13 12:06:48 +01:00
Erik Krogh Kristensen
89bab6ae12 Merge pull request #7097 from erik-krogh/railsReDoS 
JS/PY/RB: support a limited number of ranges for ReDoS analysis
 2022-01-13 11:04:36 +01:00
Stephan Brandauer
93507a2d71 combine two implementations for database-accesses as remote flow sources 2022-01-13 10:53:58 +01:00
Stephan Brandauer
63aaf24063 base implementation of Sequelize model on models-as-data 2022-01-13 09:41:25 +01:00
Andrew Eisenberg
e435a3e9c3 Changenotes: Add changenotes for upgrades refactoring 2022-01-12 11:36:31 -08:00
Stephan Brandauer
09a28c428c base implementation of Spanner model on models-as-data 2022-01-12 17:07:16 +01:00
Henry Mercer
9abc3411a4 JS: Bump ATM pack versions to 0.0.4 2022-01-12 15:19:13 +00:00
github-actions[bot]
8a2d92badc Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:43 +00:00
Henry Mercer
7f61738a23 Use US English spelling 2022-01-12 13:07:09 +00:00
Henry Mercer
6e37a65e84 Remove CodeToFeatures AST library 2022-01-12 12:47:28 +00:00
Henry Mercer
957e34d8a7 Make function body features library independent of CodeToFeatures AST 2022-01-12 12:47:28 +00:00
Henry Mercer
9e50ce873d Move function body features into their own file 2022-01-12 12:47:28 +00:00
Henry Mercer
865fb5d0ef Migrate representative entity -> representative function 2022-01-12 12:47:27 +00:00
Henry Mercer
0e5b493d0e Remove CodeToFeatures AST consistency checks 
We no longer use the `CodeToFeatures` AST, therefore these checks are
defunct.
 2022-01-12 12:47:27 +00:00