hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-31 03:21:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
40,967 Commits 1,763 Branches 168 Tags
d04974a12b18db8d5d8ec0f84dbad321b58e315e
Commit Graph

7723 Commits

Author SHA1 Message Date
Stephan Brandauer
d04974a12b add stringConcatenatedWith feature to help the model learn that string concatenation leaves are usually not sinks 2022-06-29 15:15:38 +02:00
Stephan Brandauer
8f9ca33f59 add assignedToPropName feature to let the model improve number of false positives for XSS query 2022-06-29 15:15:38 +02:00
Stephan Brandauer
e1b9945383 fix bug in InputArgumentIndex feature 2022-06-29 15:15:38 +02:00
Stephan Brandauer
c1af1e0cc5 performance fixes 2022-06-29 15:15:38 +02:00
Stephan Brandauer
b1103b7c5a use ? for unknown parameternames 2022-06-29 15:15:38 +02:00
Stephan Brandauer
d2b5cd1a45 add documentations and rename a feature 2022-06-29 15:15:38 +02:00
Stephan Brandauer
05f2bd6f0a add functionInterfacesInFile and surroundingFunctionParameters features 2022-06-29 15:15:38 +02:00
Stephan Brandauer
4d6942cf06 documentation for calleeImports ATM feature 2022-06-29 15:15:38 +02:00
Stephan Brandauer
a35ec612e5 documentation for new feature 2022-06-29 15:15:38 +02:00
Stephan Brandauer
8b0075f2b4 ATM: new feature to list all imports in an endpoint's file 2022-06-29 15:15:38 +02:00
Esben Sparre Andreasen
d30316f1ea use proper import instead of inlining 2022-06-29 15:15:38 +02:00
Esben Sparre Andreasen
6f5bc6c8a6 remove Input_ArgumentIndexAndAccessPathFromCallee 2022-06-29 15:15:38 +02:00
Esben Sparre Andreasen
04dfd0f5f3 add docstring examples 2022-06-29 15:15:38 +02:00
Esben Sparre Andreasen
ac956f93ad address review comments 2022-06-29 15:15:38 +02:00
Esben Sparre Andreasen
006ac2599f Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
c2fc89c96d fix semantic merge conflict 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
d196af4972 rename new features 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
1bba9a557a add more features 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
6eeb8be082 improve feature documentation 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
751b807fbe improve feature tests with more cases 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
0189206af2 improve access path strings 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
7c8549ca2f support import in getSimpleAccessPath 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
553014ac51 support await in getSimpleAccessPath 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
ccdec2fb98 avoid using new feautes by default 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
53b33c0a32 add CompareFeatures.ql 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
9dc8774624 add generic tests for features 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
fdecb35c7c Document EndpointFeatures.qll 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
0ed5785a15 add ParameterAccessPathSimpleFromArgumentTraversal 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
2948f5bc47 improve getSimpleAccessPath 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
e0e6e0eb9e refactor calleeAccessPath feature to class 2022-06-29 15:15:37 +02:00
Stephan Brandauer
2581d183da refactor getACallBasedTokenFeature to class-use 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
2dfa68dd2a Add CalleeAccessPathSimpleFromArgumentTraversal 2022-06-29 15:15:37 +02:00
Esben Sparre Andreasen
dadc99b641 refactor EndpointFeatures.ql to use classes 2022-06-29 15:15:37 +02:00
Erik Krogh Kristensen
b81251865f Merge pull request #9716 from erik-krogh/htmlTypeSan 
JS: sanitize non-strings from html-constructed-from-input
 2022-06-28 17:31:00 +02:00
Erik Krogh Kristensen
112caa3f5d rewrite qldoc based on review 2022-06-28 13:23:44 +02:00
Asger F
cc57cb8af5 Merge branch 'main' into post-release-prep/codeql-cli-2.10.0 2022-06-27 20:37:25 +02:00
Erik Krogh Kristensen
34e7589844 sanitize non-strings from unsafe-html-construction 2022-06-27 13:53:44 +02:00
Asger F
c8b2be616f JS: Bump extractor version string 2022-06-27 13:52:44 +02:00
Asger F
c082578688 JS: Always sniff file type of TypeScript files 2022-06-27 13:48:00 +02:00
github-actions[bot]
d506f448ef Post-release preparation for codeql-cli-2.10.0 2022-06-24 07:36:33 +00:00
Asger F
f5a19a1013 JS: Fix unused variable FP in template placeholders 2022-06-23 19:26:32 +02:00
github-actions[bot]
a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Rasmus Wriedt Larsen
3248f7b423 Merge pull request #9649 from RasmusWL/certificate-modeling 
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
 2022-06-23 12:04:58 +02:00
Asger F
90c2b6e47f JS: Downgrade ast_node_symbol relation 2022-06-23 10:17:28 +02:00
Erik Krogh Kristensen
08e4c8b195 Merge pull request #9634 from erik-krogh/jqueryParam 
JS: add all jquery plugin parameters as source to js/html-constructed-from-input
 2022-06-23 08:57:20 +02:00
Nick Rolfe
d91e8a6309 JS: create downgrades pack 2022-06-22 17:31:49 +01:00
Rasmus Wriedt Larsen
876ba71d9b Python/JS/Ruby: Add change-note 2022-06-22 11:14:05 +02:00
Rasmus Wriedt Larsen
2ce4b7b9fc SensitiveDataHeuristics: sync 2022-06-22 11:05:14 +02:00
Erik Krogh Kristensen
e1c34c11ed add all jquery plugin parameters as source to js/html-constructed-from-input 2022-06-21 13:22:56 +02:00
Erik Krogh Kristensen
dde7e9e2e8 add test for jquery plugin parameters in js/html-constructed-from-input 2022-06-21 13:21:57 +02:00