hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-06 05:57:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,345 Commits 1,777 Branches 169 Tags
cf9d289df56cebc64d4fbd71f1e161bcce0460d0
Commit Graph

7335 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
cf9d289df5 Remove 2020 sinks from SqlInjection.ql 2022-04-01 18:00:36 +00:00
Esben Sparre Andreasen
209744e83a Remove 2020 sinks from Xss.ql 2022-04-01 18:00:36 +00:00
Esben Sparre Andreasen
2feed51e00 Remove 2020 sinks from TaintedPath.ql 2022-04-01 18:00:36 +00:00
Esben Sparre Andreasen
11944625ac address review comments 2022-04-01 14:33:30 +02:00
Esben Sparre Andreasen
c7873ac3de Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-04-01 14:08:58 +02:00
Esben Sparre Andreasen
ba350116f3 fix semantic merge conflict 2022-04-01 09:31:49 +02:00
Esben Sparre Andreasen
602ea4aa0b rename new features 2022-04-01 09:06:01 +02:00
Esben Sparre Andreasen
76e965211f add more features 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
1a8abeec06 improve feature documentation 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
278e325026 improve feature tests with more cases 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
d1f8eb408f improve access path strings 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
71211841b8 support import in getSimpleAccessPath 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
51062dd8a7 support await in getSimpleAccessPath 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
125fe7f506 avoid using new feautes by default 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
a50aa3554f add CompareFeatures.ql 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
94f2b1db19 add generic tests for features 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
232230c81c Document EndpointFeatures.qll 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
a9bd191f85 add ParameterAccessPathSimpleFromArgumentTraversal 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
4d1ceda93a improve getSimpleAccessPath 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
0ab7da0550 refactor calleeAccessPath feature to class 2022-04-01 08:51:29 +02:00
Stephan Brandauer
b27c9ce47c refactor getACallBasedTokenFeature to class-use 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
1510d6c501 Add CalleeAccessPathSimpleFromArgumentTraversal 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
9b97fc4562 refactor EndpointFeatures.ql to use classes 2022-04-01 08:51:29 +02:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization 
Incomplete url string sanitization
 2022-03-31 10:59:51 +02:00
Chuan-kai Lin
48015e5a2e Merge pull request #8597 from cklin/run-js-ml-tests 
JS: Fix expected test output for ATM queries
 2022-03-30 13:10:02 -07:00
Chuan-kai Lin
a8dabb238d JS: Fix expected test output for ATM queries 2022-03-30 11:35:17 -07:00
Arthur Baars
031d183bdf Merge pull request #8532 from aibaars/regex-refactor-2 
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
 2022-03-30 16:38:47 +02:00
Asger Feldthaus
e152416317 JS: write all CSV rows as literals 2022-03-28 15:30:18 +02:00
Asger F
e5f2b830f3 Merge pull request #8577 from asgerf/fix-mad-warning 
JS/Ruby: Fix regexp in MaD checking
 2022-03-28 15:29:16 +02:00
Asger F
f22df765ed Merge pull request #8533 from asgerf/mad-receiver-token 
JS/Ruby: Represent non-positional arguments with Argument/Parameter tokens
 2022-03-28 15:28:52 +02:00
Asger Feldthaus
7e6206ed36 JS: Fix the regexp for valid MaD token arguments 2022-03-28 12:43:43 +02:00
Arthur Baars
b103679d8a JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll 2022-03-28 12:17:26 +02:00
Erik Krogh Kristensen
cf94c93b1a Merge pull request #8481 from erik-krogh/schemeChain 
JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check
 2022-03-25 11:13:10 +01:00
Arthur Baars
65f8f56095 Merge branch 'main' into incomplete-url-string-sanitization 2022-03-24 11:27:30 +01:00
Asger Feldthaus
b0b795dbbb JS: Autoformat 2022-03-23 19:15:01 +01:00
Asger Feldthaus
95122b2b6c JS: Support Argument[this] token 2022-03-23 18:06:12 +01:00
Asger Feldthaus
d476f976fe JS: Support Parameter[this] token 2022-03-23 18:06:12 +01:00
CodeQL CI
ac29d5f51b Merge pull request #8523 from asgerf/js/api-graph-receiver-label 
Approved by erik-krogh
 2022-03-23 15:31:12 +00:00
github-actions[bot]
1e620c99c6 JS: Bump patch version of ML-powered library and query packs post-release 2022-03-23 11:53:34 +00:00
github-actions[bot]
dc0c8374d2 JS: Bump minor version of ML-powered library and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
2b42d84ccd JS: Bump patch version of ML-powered model pack post-release 2022-03-23 11:47:53 +00:00
github-actions[bot]
6fbc0e6e32 JS: Bump ML model pack dependency of ML-powered model building and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
8d13662315 JS: Bump minor version of ML-powered model pack 2022-03-23 11:47:08 +00:00
Asger Feldthaus
f2285709bd JS: Change note 2022-03-23 10:42:51 +01:00
Asger Feldthaus
59d5c54432 JS: Update test output from knex 2022-03-23 10:42:51 +01:00
Asger Feldthaus
73071bdc08 JS: Change getAParameter to not return the receiver 2022-03-23 10:42:51 +01:00
Asger Feldthaus
6bef5a70b3 JS: Add dedicated API graph label for receiver, instead of parameter -1 2022-03-23 10:42:51 +01:00
Rasmus Wriedt Larsen
bbf60b875e Merge pull request #8476 from RasmusWL/shared-concepts-scaffolding 
Python/JS/Ruby: Shared concepts scaffolding
 2022-03-23 10:22:42 +01:00
Erik Krogh Kristensen
8ae04e04d4 Merge pull request #8509 from erik-krogh/fpXss 
JS: filter away reads of .src that end in a URL sink for js/xss-through-dom
 2022-03-22 14:51:17 +01:00
Rasmus Wriedt Larsen
311cbb4e13 Merge branch 'main' into shared-concepts-scaffolding 2022-03-22 10:36:33 +01:00