hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,673 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

48 Commits

Author SHA1 Message Date
Jean Helie
9e6f9c2705 Merge pull request #11709 from github/jhelie/add-shell-command-injection 
ATM: add boosted version for `ShellCommandInjectionFromEnvironment` query
 2023-01-20 16:03:30 +01:00
Jean Helie
13aaa22df5 add bosted version of ShellCommandInjectionFromEnvironment 2023-01-17 12:20:17 +01:00
Tony Torralba
3b6dae41cd JavaScript: Remove omittable exists variables 2023-01-10 13:37:21 +01:00
Jean Helie
98923cee94 ATM: update missing .qll 2022-12-01 18:47:36 +01:00
Jean Helie
880548bafc Merge branch 'main' into tiferet/boost-xss-through-dom 2022-12-01 18:13:27 +01:00
Jean Helie
f388703a3d ATM: update further files following the addition of XssThroughDom query 2022-12-01 17:45:07 +01:00
tiferet
a0a742eb82 Rename predicates to fit style guide: 
- `getEndpoints` → `appliesToEndpoint`
- `getImplications` → `hasImplications`
- `getAlerts` → `hasAlert`
 2022-11-30 17:01:56 -08:00
tiferet
b885249d9d Add a boosted version of XssThroughDOM 2022-11-29 17:40:20 -08:00
tiferet
c5184d37e7 Suggestion from code review: 
Name the query configuration e.g. `NosqlInjectionATMConfig` rather than `Configuration`.
 2022-11-29 15:46:05 -08:00
tiferet
50291c7b7c AtmConfig inherits from TaintTracking::Configuration. 
That way the specific configs which inherit from `AtmConfig` also inherit from `TaintTracking::Configuration`.

This removes the need for two separate config classes for each query.
 2022-11-29 13:20:47 -08:00
Tiferet Gazit
f375b0cc1b Merge pull request #11281 from github/tiferet/endpoint-filters 
ATM: Implement the current endpoint filters as EndpointCharacteristics
 2022-11-29 12:38:12 -08:00
tiferet
eab270eb84 Move the definitions of isEffectiveSink and getAReasonSinkExcluded to the base class. 
They can now be implemented generically for all sink types.
 2022-11-16 11:47:24 -08:00
erik-krogh
9eaeaf7322 ATM: convert some block-comments that could be QLDoc to QLDoc 2022-11-16 13:41:52 +01:00
tiferet
13cb0ab554 Fix CodeQL warning 2022-11-15 17:32:30 -08:00
tiferet
cf4e37a0ab Implement the standard endpoint filters as EndpointCharacteristics 2022-11-15 17:20:20 -08:00
tiferet
fc078a47fd Apply suggestion from code review 2022-11-15 11:14:01 -08:00
Tiferet Gazit
092e019de9 Apply suggestions from code review 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-11-15 10:48:32 -08:00
tiferet
9ecff0723c Fix non-ascii character in docs 2022-11-14 16:34:24 -08:00
tiferet
6b7612fed7 Fix import errors in DebugResultInclusion.ql 2022-11-14 15:33:46 -08:00
tiferet
b47723d607 Delete ExtractEndpointData. 
Also remove the associated test files.
 2022-11-14 14:57:59 -08:00
tiferet
9d7e7735d5 Extract training data: 
Implement the new query that selects data for training. For now we include clauses that implement logic that is identical to the old queries.

Include a temporary wrapper query that converts the resulting data into the format expected by the endpoint pipeline.

Move the small pieces of `ExtractEndpointData` that are still needed into `ExtractEndpointDataTraining.qll`.
 2022-11-14 14:33:08 -08:00
Henry Mercer
c0ac7ad7db Remove query for worsening-based classifier evaluation 2022-10-14 15:35:43 +01:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Erik Krogh Kristensen
ed80089d7c fix some QL-for-QL warnings in JS 2022-07-14 09:45:44 +02:00
Erik Krogh Kristensen
b74d1fdb1a Merge pull request #8783 from erik-krogh/jsAbstractBi 
JS: don't initialize sanitizer-guards in the standard library
 2022-04-29 11:12:16 +02:00
Anna Railton
1f1ef22f90 Update TaintedPathInjection -> TaintedPath 
Lines up with usual naming in https://github.com/github/ml-ql-adaptive-threat-modeling-backend
 2022-04-27 11:27:43 +01:00
Anna Railton
eacfceb6ce Merge pull request #8605 from github/annarailton/new-query-label-mappings 
Experimental (ATM): update query label mappings
 2022-04-26 16:39:06 +01:00
annarailton
9c25da20a4 Update queryNames 2022-04-22 13:42:29 +01:00
Erik Krogh Kristensen
81ce8ac715 ATM: fix compiler warnings about unused variables 2022-04-20 18:10:59 +02:00
Erik Krogh Kristensen
c1c66a0200 refactor CountAlertAndEndpoints to not refer to deprecated files 2022-04-20 18:10:56 +02:00
Jean Helie
f87cd164ce ML: add defensive check to ensure Unknown endpoints cannot also be NotASink 2022-04-13 18:14:16 +02:00
annarailton
8ae905aef9 Update endpointTypeEncoded -> label 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1821
 2022-04-08 10:22:13 +01:00
annarailton
4808eb9926 Change encoding -> label and description -> labelName 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1820
 2022-04-08 10:22:13 +01:00
Anna Railton
739d94e8f9 Add docstring to ExtractEndpointMapping.ql 2022-03-15 12:50:51 +00:00
Henry Mercer
8b1b2af2d8 JS: Remove isEffectiveSinkWithOverridingScore 
This was previously used in the ATM external API query, but is now dead
code.
 2022-03-14 14:25:36 +00:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
tombolton
2ffa6771ff replace endpoint type name with encoding in mapping query 2022-03-04 11:00:31 +00:00
tombolton
bd9e845aea update column names and remove encoding value 2022-03-03 15:59:10 +00:00
tombolton
f1f1526237 add query-sink mapping query 2022-03-03 15:20:06 +00:00
Tom Bolton
8dfc0d25d1 Merge pull request #8232 from github/tombolton/use-updated-counting-query 
Add new xss queries to result counting query
 2022-02-24 16:38:53 +00:00
tombolton
d80ef6566d add new xss queries to result counting query 2022-02-24 13:31:40 +00:00
Erik Krogh Kristensen
c487bb73a7 Merge pull request #8143 from erik-krogh/pred-ql-style 
QL: add ql-for-ql query for detecting bad predicate qldoc
 2022-02-22 17:49:12 +01:00
tombolton
e02319be9f add end to end predicate to result counting query 2022-02-21 14:35:58 +00:00
Erik Krogh Kristensen
1407b49a8f fix some instances of ql/pred-doc-style for JS 2022-02-21 15:02:21 +01:00
Henry Mercer
7018f6ad40 JS: Add missing @id for endpoint types query 2022-02-02 13:15:15 +00:00
Henry Mercer
14601316a5 JS: Autoformat 2022-02-01 17:08:21 +00:00
Henry Mercer
368839edfc JS: Fix QLDoc style in ExtractMisclassifiedEndpointFeatures.ql 2022-02-01 15:39:15 +00:00
Henry Mercer
db0b4fc463 JS: Add model building pack for ML-powered queries 
Tests are currently still internal. They will be migrated to
`github/codeql` in a subsequent PR.
 2022-02-01 15:03:26 +00:00