hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

8639 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
c5b1588096 update the SQL/NoSQL models to use dataflow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
4d0534352e refactor a use of MethodCallExpr in ClientSideUrlRedirectCustomizations.qll 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
e0e8085b95 update the cryptoLibraries to use dataflow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
5ebea8c75a fix express in the POI test 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
aa9261f1b1 convert the AngularJS model to use DataFlow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
9bea110d24 convert the DOM model to use DataFlow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
2f429e7d29 convert some leftovers to use dataflow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
136124fbaa convert the remaining Koa models to DataFlow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
fc54ba823b update the existing expression based Express models 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
8266b083d7 update the predicates on Express::RouteHandler to use dataflow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
4cfbf15d18 deprecate RouteHandlerExpr and make RouteHandlerNode instead 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
3da34ca7a0 update Express::RouteExpr to a DataFlow::Node 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
3eb486610b update Express::RouterDefinition to a DataFlow::InvokeNode 2022-09-05 16:11:51 +02:00
Erik Krogh Kristensen
92240384a9 update the tests to reflect the extra DataFlow::Nodes 2022-09-05 15:47:38 +02:00
Erik Krogh Kristensen
dfb7782be0 replace getA?RouteHandlerExpr with getA?RouteHandlerNode 2022-09-05 15:46:27 +02:00
Erik Krogh Kristensen
288230d7cf update tests to reflect the extra DataFlow::Nodes from ResponseNode and RequestNode 2022-09-05 15:46:27 +02:00
Erik Krogh Kristensen
30d929909c deprecate RequestExpr and ResponseExpr and use ResponseNode and RequestNode instead 2022-09-05 15:46:25 +02:00
Erik Krogh Kristensen
9cb7522bc1 change RouteSetup to a DataFlow::Node 2022-09-05 15:45:31 +02:00
Erik Krogh Kristensen
d98028be1a change ServerDefinition to a DataFlow::Node 2022-09-05 15:44:56 +02:00
Erik Krogh Kristensen
ced4843dd7 change CookieDefinition to a DataFlow::Node 2022-09-05 15:44:13 +02:00
Erik Krogh Kristensen
24b845589d change ResponseBody to a DataFlow::Node 2022-09-05 15:44:13 +02:00
Erik Krogh Kristensen
19e808186d refactor definesExplicitly to use DataFlow::Node 2022-09-05 15:44:13 +02:00
Erik Krogh Kristensen
ce0175a046 don't use astNode in StandardHeaderDefinition 2022-09-05 15:44:13 +02:00
Erik Krogh Kristensen
d4ccc75ce1 refactor RedirectInvocation to a DataFlow::Node 2022-09-05 15:44:13 +02:00
Erik Krogh Kristensen
a03e6a800d deprecate the HTTP flowsTo predicates to avoid confusion with SourceNode::flowsTo 2022-09-05 15:44:12 +02:00
erik-krogh
aa56ca37ae make the alert messages of taint-tracking queries more consistent 2022-09-05 14:04:52 +02:00
erik-krogh
a86a940df7 add getRepr() and toString() on RelevantState 2022-09-05 13:27:34 +02:00
erik-krogh
3f1cb04f3e sync files 2022-09-05 11:22:34 +02:00
Asger F
56bbba2241 JS: Sync with JS 2022-09-03 13:51:02 +02:00
Asger F
55fdf84d15 Ruby+JS: change LabelEntryPoint.toString() 
fixup Ruby entry point tests
 2022-09-03 13:24:45 +02:00
erik-krogh
c38062ce93 convert RelevantState to a class in the PrefixConstruction module 2022-09-02 20:26:31 +02:00
Edoardo Pirovano
8f332714f4 Merge pull request #10260 from github/edoardo/3.7-mergeback 
Merge `rc/3.7` into `main`
 2022-09-01 15:44:17 +01:00
Stephan Brandauer
81d02cc963 optimize performance of a helper-predicate 2022-09-01 16:05:36 +02:00
Stephan Brandauer
cdbab187ca remove unused code 2022-09-01 16:05:36 +02:00
Stephan Brandauer
f59c48ebb9 autoformatter 2022-09-01 16:05:36 +02:00
Stephan Brandauer
caf39592d4 better documentation 2022-09-01 16:05:36 +02:00
Stephan Brandauer
b9cb60c2cb Review comments 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-09-01 16:05:36 +02:00
Stephan Brandauer
ac097d5f2a fix now-broken tests 2022-09-01 16:05:35 +02:00
Stephan Brandauer
068a948c05 fix ql-for-ql warnings 2022-09-01 16:05:35 +02:00
Stephan Brandauer
3aa4e29dae remove obsolete features 2022-09-01 16:05:35 +02:00
Stephan Brandauer
ed75080072 add stringConcatenatedWith feature to help the model learn that string concatenation leaves are usually not sinks 2022-09-01 16:05:35 +02:00
Stephan Brandauer
9468f62620 add assignedToPropName feature to let the model improve number of false positives for XSS query 2022-09-01 16:05:35 +02:00
Stephan Brandauer
db73a62bc2 fix bug in InputArgumentIndex feature 2022-09-01 16:05:34 +02:00
Stephan Brandauer
67500f85ba performance fixes 2022-09-01 16:05:34 +02:00
Stephan Brandauer
96919eea80 use ? for unknown parameternames 2022-09-01 16:05:34 +02:00
Stephan Brandauer
f8b3c27210 add documentations and rename a feature 2022-09-01 16:05:34 +02:00
Stephan Brandauer
3422bdee92 add functionInterfacesInFile and surroundingFunctionParameters features 2022-09-01 16:05:34 +02:00
Stephan Brandauer
3e860762e7 documentation for calleeImports ATM feature 2022-09-01 16:05:33 +02:00
Stephan Brandauer
93aa279b31 documentation for new feature 2022-09-01 16:05:33 +02:00
Stephan Brandauer
25db666087 ATM: new feature to list all imports in an endpoint's file 2022-09-01 16:05:33 +02:00