hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

8639 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
90382c4d1c Merge pull request #11178 from erik-krogh/passcode 
JS/RB/PY: Recognize `passcode` as sensitive
 2022-11-10 17:58:34 +01:00
Erik Krogh Kristensen
724a31b746 fix comment that wasn't updated in test 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-11-10 15:56:44 +01:00
erik-krogh
676327d9e4 Merge branch 'main' into erb 2022-11-10 15:39:58 +01:00
erik-krogh
012fb28e25 only extract .html.erb files instead of all .erb files 2022-11-10 15:38:51 +01:00
Mauro Baluda
53f1985e77 Merge branch 'github:main' into main 2022-11-10 13:27:20 +01:00
Michael Nebel
9c6875ec0f Merge pull request #10777 from michaelnebel/csharp/generatedataextensions 
C#: Generate data extension files
 2022-11-10 13:08:31 +01:00
Mauro Baluda
ee02265ac2 Add property params to RequestInputAccess 2022-11-10 12:24:39 +01:00
tiferet
dbcdc2209e Use names constants for confidence levels 2022-11-09 14:25:08 -08:00
tiferet
b6532fa9a0 Fix QLDoc style warning 2022-11-09 13:10:54 -08:00
tiferet
243980ef73 Documentation improvements 2022-11-09 13:04:16 -08:00
Tiferet Gazit
6cb01a210f Apply suggestions from code review 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-11-09 12:53:52 -08:00
Asger F
83291f378b Merge pull request #11157 from asgerf/js/yaml-locations 
JS: fix issue with zero-column yaml locations
 2022-11-09 15:57:54 +01:00
erik-krogh
ad7fc34efd extract .erb files as html 2022-11-09 12:43:19 +01:00
Erik Krogh Kristensen
c537c80ed6 Merge pull request #11095 from erik-krogh/exportRead 
JS: recognize more re-exported values as exported
 2022-11-09 12:39:41 +01:00
erik-krogh
23add8a72b recognize passcode as sensitive 2022-11-09 11:30:57 +01:00
erik-krogh
e0bcfe2afb add failing test 2022-11-09 11:30:31 +01:00
Erik Krogh Kristensen
138a16f0b3 use getImportedModuleNode() 
Co-authored-by: Asger F <asgerf@github.com>
 2022-11-09 09:53:23 +01:00
Asger F
694d987365 JS: Update test output 2022-11-09 09:36:03 +01:00
tiferet
ac14b6d685 Create EndpointCharacteristics to replace all existing NotASinkReasons and LikelyNotASinkReasons 2022-11-08 13:37:49 -08:00
tiferet
fadbdc1f63 Documentation improvements suggested by Andrew 2022-11-08 11:45:33 -08:00
Mauro Baluda
8e546e8496 Add req.url.origin to RequestInputAccess 2022-11-08 16:14:10 +01:00
Erik Krogh Kristensen
e01cbb2ffa Merge pull request #10378 from erik-krogh/aliasFlow 
JS: expand localFieldStep to use access-paths, and build access-paths in more cases
 2022-11-08 14:26:12 +01:00
Asger F
69f5879384 JS: Update TRAP test output 2022-11-08 13:02:26 +01:00
Asger F
44e94f6615 JS: Change note 2022-11-08 11:51:26 +01:00
Asger F
fef922e417 JS: Bump extractor version string 2022-11-08 11:44:40 +01:00
Asger F
92e8f059c8 JS: Avoid emitting column zero in yaml files 2022-11-08 11:38:26 +01:00
Mauro Baluda
8b33e6d175 Improved Hapi support 
- server defined by Glue
 2022-11-07 16:29:44 +01:00
Asger F
a887ff4f09 JS: Add test cases to include results with column-zero end locations 2022-11-07 15:13:25 +01:00
Stephan Brandauer
577f1a588b Merge pull request #11143 from github/codeql-ci/atm/release-0.4.0 
JS: Bump version numbers of ML-powered packs after 0.4.0 release
 2022-11-07 15:03:24 +01:00
Erik Krogh Kristensen
d67235b3c1 Merge pull request #11071 from erik-krogh/fixCanon 
ReDoS: fix canonicalization in NfaUtils
 2022-11-07 14:10:50 +01:00
github-actions[bot]
69df9f9daa JS: Bump version of ML-powered library and query packs to 0.4.1 2022-11-07 13:06:46 +00:00
github-actions[bot]
82277d8f56 JS: Bump minor version of ML-powered library and query packs 2022-11-07 13:00:28 +00:00
github-actions[bot]
268a990aa6 JS: Bump version of ML-powered model pack to 0.3.1 2022-11-07 13:00:28 +00:00
github-actions[bot]
a1e0bf022e ATM: Update model pack dependency of ML-powered model building and query packs 2022-11-07 13:00:27 +00:00
github-actions[bot]
be808deb59 JS: Bump minor version of ML-powered model pack 2022-11-07 12:59:44 +00:00
erik-krogh
fc38bf0429 Merge branch 'main' into aliasFlow 2022-11-07 09:46:48 +01:00
erik-krogh
40032f295a treat arrays that gets executed with shell:true as a sink for js/shell-command-constructed-from-input 2022-11-07 09:19:05 +01:00
erik-krogh
bc5b7455cf add failing test 2022-11-07 09:14:52 +01:00
Dave Bartolomeo
b8e1aa67d8 Merge pull request #11134 from github/post-release-prep/codeql-cli-2.11.3 
Post-release preparation for codeql-cli-2.11.3
 2022-11-05 13:54:49 -04:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
Dave Bartolomeo
013b7eff1c Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-04 18:46:32 -04:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
tiferet
833041c62e Fix QLDoc style errors 2022-11-04 09:30:31 -07:00
tiferet
2aa4651534 Remove predicates not yet used from the current PR 2022-11-04 09:30:31 -07:00
tiferet
74c8bfff4f Minor changes from code review 2022-11-04 09:30:31 -07:00
tiferet
e60c016fc6 Format fixes 2022-11-04 09:30:31 -07:00
tiferet
cbf81b8839 Improve the import structure 2022-11-04 09:30:31 -07:00
tiferet
300456cd3e Enforce the abstraction over characteristics: 
Make the implementations of specific `EndpointCharacteristic`s private.
 2022-11-04 09:30:31 -07:00
tiferet
c0cc754fb5 Rename ClassificationReasons 
Change the name to EndpointCharacteristics.
 2022-11-04 09:30:30 -07:00
tiferet
a4939b91e7 Generalize the definition of a known sink: 
If the list of reasons includes positive indicators with maximal confidence for this class, it's a known sink for the class.

This negates the need for each query config to define the isKnownSink predicate individually.
 2022-11-04 09:30:29 -07:00