hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-21 22:57:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
51,324 Commits 1,757 Branches 167 Tags
ec5425d952cfdb41b39875a014d242cefc3ee3ab
Commit Graph

7999 Commits

Author SHA1 Message Date
tiferet
cf289d57e9 Go back to the prompt of https://github.com/github/codeql-dca-main/issues/9475 2023-03-14 12:49:26 -07:00
tiferet
459050151a Give more explicit instructions in the codex prompt, but don't solicit rare sink types. 2023-03-14 12:49:26 -07:00
tiferet
01979aeb62 Give more explicit instructions in the codex prompt. 2023-03-14 12:49:26 -07:00
tiferet
ef95f4c419 Minor prompt improvements: 
- Tell codex explicitly that this is JavaScript code
- Replace "Dataflow node" with "Code snippet"
 2023-03-14 12:49:26 -07:00
tiferet
ac5434b3f3 Minor prompt improvements: 
Remove spaces that break the code syntax or make for strange code styling.
 2023-03-14 12:49:26 -07:00
tiferet
ce17d94f80 In-line predicates that are costing a lot of compute time 2023-03-14 12:49:26 -07:00
tiferet
bcc4cdd376 Add a test that can be used to determine the alerts codex will surface for each query. 2023-03-14 12:49:25 -07:00
tiferet
9aba7a0bca Bug fixes for things that interfere with using the codex model 2023-03-14 12:49:25 -07:00
tiferet
9a21539fca Add a test that can be used to determine how well codex reproduces the manual modeling for each sink type. 2023-03-14 12:49:25 -07:00
tiferet
d76d11bd27 Fix endpointScores 2023-03-14 12:49:25 -07:00
tiferet
4603a66411 Bug fix in selecting a node's location: 
Locations only exist where there are locatable structures in the DB. Thus, select the largest location that contains the node and at most `neighborhoodSize` lines before and after the node.
 2023-03-14 12:49:25 -07:00
tiferet
b130b2e82f Give endpoint types more intuitive names and then use those names directly in composing the codex prompt. 2023-03-14 12:49:25 -07:00
tiferet
94676ed713 Further improve the structure of endpoint scoring 2023-03-14 12:49:25 -07:00
tiferet
4ed57e71db Remove tokens from the prompt that the Java side can't handle 2023-03-14 12:49:25 -07:00
tiferet
12def779e6 Change the prompt to use sink names defined in EndpointType 2023-03-14 12:49:25 -07:00
tiferet
a6c01042eb Improve the structure of endpoint scoring 2023-03-14 12:49:25 -07:00
tiferet
fa36fc838b Pull in the prompt work from branch tiferet/codex-prompt 2023-03-14 12:49:25 -07:00
tiferet
09bf2218d4 Merge in aeisenberg/atm-codex 2023-03-14 12:49:24 -07:00
Asger F
feb7c49006 Merge pull request #12382 from asgerf/js/import-assertion 
JS: Support import assertions
 2023-03-14 14:56:32 +01:00
Asger F
d953ad63fe Merge pull request #12445 from asgerf/js/react-forward-ref 
JS: Handle forwardRef in React
 2023-03-14 13:21:16 +01:00
Asger F
8ab3f39b5e Merge pull request #12423 from asgerf/js/trusted-types-global-flow 
JS: Track trusted types policy callbacks
 2023-03-14 13:09:50 +01:00
Erik Krogh Kristensen
060c37b6a2 Merge pull request #12345 from erik-krogh/delOldDeps 
delete old deprecations
 2023-03-13 12:48:24 +01:00
Asger F
5461f94c6c Merge pull request #12424 from asgerf/js/html-sanitizer-for-sql 
JS: Add html sanitizers as a taint step in a few queries
 2023-03-13 11:36:19 +01:00
Asger F
41dd63adc7 Handle forwardRef in React 2023-03-13 11:30:18 +01:00
erik-krogh
6c1ebd999e Merge branch 'main' into delOldDeps 2023-03-13 11:00:29 +01:00
Anders Schack-Mulligen
8d97fe9ed3 JavaScript: Autoformat 2023-03-10 09:41:20 +01:00
Henry Mercer
079451142e Merge branch 'main' into codeql-ci/atm/release-0.4.9 2023-03-09 16:08:22 +00:00
github-actions[bot]
a82aaea514 JS: Bump version of ML-powered library and query packs to 0.4.10 2023-03-09 15:54:49 +00:00
github-actions[bot]
f0bb25bfce JS: Bump patch version of ML-powered library and query packs 2023-03-09 15:46:31 +00:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Arthur Baars
942cd7c275 Merge pull request #12113 from erik-krogh/diagnostics 
JS: Implement diagnostics
 2023-03-09 12:57:06 +01:00
Arthur Baars
7ab0f88f78 JS: add link to docs to parse error diagnostic 2023-03-08 16:47:43 +01:00
Arthur Baars
e5be8ab1e5 JS: add integration test for diagnostic messages 2023-03-08 16:04:49 +01:00
Asger F
05b5aea477 JS: Changenote 2023-03-07 13:15:44 +01:00
Asger F
856b50735d JS: Expand test case 2023-03-07 13:04:26 +01:00
Asger F
0affd898de JS: Track trusted type policy callbacks 2023-03-07 10:22:26 +01:00
Asger F
4f0e17bf97 JS: Add step to a few other queries 2023-03-07 09:39:40 +01:00
Asger F
d4b4d22378 JS: Step through HTML sanitizers in SQL injection query 2023-03-06 15:10:26 +01:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
Dave Bartolomeo
b342e93989 Move change note to appropriate pack 2023-03-03 14:43:00 -05:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Asger F
37999eaea0 JS: Fix implicit this 2023-03-03 13:43:17 +01:00
Asger F
f4b13e0955 JS: Update printAst expected output 2023-03-03 13:42:42 +01:00
Erik Krogh Kristensen
d94e51aaf6 Merge pull request #12377 from erik-krogh/jHtml 
JS: add the html argument to the jQuery functions as an XSS sink
 2023-03-03 13:19:38 +01:00
Asger F
7f96fe725b JS: Change note 2023-03-03 12:21:20 +01:00
Asger F
7a55b003d2 JS: Fix location of assert clause 2023-03-03 12:21:20 +01:00
Asger F
38194c6ae7 JS: Extract import assertions to DB 2023-03-03 12:21:20 +01:00
erik-krogh
a6c9af4182 add the html argument to the jQuery functions as an XSS sink 2023-03-03 11:09:53 +01:00
erik-krogh
94870b838f add failing test 2023-03-03 11:08:33 +01:00
erik-krogh
a928f4c9ef add change-notes 2023-03-03 09:23:10 +01:00