codeql

mirror of https://github.com/github/codeql.git synced 2026-06-03 04:40:14 +02:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	ef1b3e592c	Remove pseudo-properties	2022-03-21 14:55:46 +00:00
Esben Sparre Andreasen	5bab92d1d3	Remove 2020 sinks from SqlInjection.ql	2022-03-21 14:55:46 +00:00
Esben Sparre Andreasen	ecd823169e	Remove 2020 sinks from Xss.ql	2022-03-21 14:55:46 +00:00
Esben Sparre Andreasen	99f09a7490	Remove 2020 sinks from TaintedPath.ql	2022-03-21 14:55:46 +00:00
tombolton	6377a43086	update mapping and encoding queries according to proposal	2022-03-21 12:28:29 +00:00
tombolton	d7bc3e6b34	fix formatting in label encoding query	2022-03-18 10:40:04 +00:00
tombolton	bfa72c0a43	add new Xss queries to extraction code	2022-03-18 10:28:57 +00:00
tombolton	110195c1fa	update column names in encoding query	2022-03-18 10:27:18 +00:00
Esben Sparre Andreasen	3b8e3b9520	Boost StoredXss and XssThroughDomATM Produced with: ``` javascript/ql$tb boost src/Security/CWE-079/StoredXss.ql XssSink javascript/ql$ tb boost src/Security/CWE-079/XssThroughDom.ql XssSink ```	2022-03-18 10:27:17 +00:00
Asger F	929419abba	Merge pull request #8254 from asgerf/ruby/mad-prototype Ruby: initial prototype of models-as-data	2022-03-18 10:48:33 +01:00
Erik Krogh Kristensen	aa8b7c8679	update reference to deprecated class name	2022-03-16 22:32:54 +01:00
Erik Krogh Kristensen	6cdc38748c	update expected output	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	d8a5947a08	simplify TaintedUrlSuffix::source() to only consider window.location based sources	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	b3de5d94a6	move `PrefixStringSanitizer` to the Query.qll file, and have it extend `LabeledSanitizerGuardNode`	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	562dce57e8	rename `isXSSSink` to `isXssSink`	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	f083e87fa1	refactor the `js/xss` query to use three flowlabels and one configuration	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	87842bb8b7	add client-side-url sinks that may execute JavaScript as XSS sinks	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	b471fec149	split `interpretsArgumentsAsURL` out of `interpretsArgumentsAsHTML`, and use it to generalize AttributeUrlSink	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	2576e1f655	add utility predicate to get client-side remote-flow-sources that contain a URL query/fragment	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	67e6a4c716	add a `isXSSSink` predicate to the client-side-url-redirection sinks	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	fc79242674	add tests	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	559f03ebbc	remove unnecessary module qualifier	2022-03-16 22:32:07 +01:00
Erik Krogh Kristensen	2d9d383c55	remove unused import	2022-03-16 22:32:07 +01:00
Asger Feldthaus	e1976da7f9	JS: Autoformat	2022-03-16 15:01:17 +01:00
Asger F	228570129e	Merge branch 'main' into ruby/mad-prototype	2022-03-16 13:50:31 +01:00
Asger Feldthaus	e168da4c5f	Shared: make a predicate private	2022-03-16 13:48:56 +01:00
Asger Feldthaus	e3fbaf5d8f	Shared: prefer exists(var) instead of var = any(string s)	2022-03-16 13:37:08 +01:00
Asger Feldthaus	102540072e	Shared: remove documentation prone to falling out of date	2022-03-16 13:32:55 +01:00
Asger Feldthaus	f140c13261	JS: Sync ApiGraphModels.qll and update accordingly	2022-03-16 12:04:41 +01:00
Asger Feldthaus	d8b4bc81ff	JS: Rename EntryPoint.getNode -> getANode	2022-03-16 12:04:39 +01:00
Erik Krogh Kristensen	f53df255b9	Merge pull request #8459 from erik-krogh/addSeverities JS: add missing @security-severity to JS queries	2022-03-16 12:03:19 +01:00
Erik Krogh Kristensen	cd9d61c1fc	Merge pull request #8450 from erik-krogh/importAs disallow lowercase import-as aliases	2022-03-16 11:32:37 +01:00
Asger Feldthaus	ecf7073bf1	Shared: codeql -> ql in code blocks	2022-03-16 11:00:24 +01:00
Erik Krogh Kristensen	2442beaf9a	add missing severities to JS queries	2022-03-16 10:40:34 +01:00
Erik Krogh Kristensen	b45f56ac08	Merge pull request #8431 from erik-krogh/deadCode Delete dead code	2022-03-15 20:09:06 +01:00
Anna Railton	a08246a2a7	Merge pull request #8448 from github/annarailton-patch-1 Add docstring to `ExtractEndpointMapping.ql`	2022-03-15 14:54:45 +00:00
Erik Krogh Kristensen	b0fc958b32	simplify imports Co-authored-by: Henry Mercer <henry.mercer@me.com>	2022-03-15 15:10:04 +01:00
Erik Krogh Kristensen	89af50f6d5	rename all lower-case import-as statements	2022-03-15 14:40:38 +01:00
Anna Railton	739d94e8f9	Add docstring to `ExtractEndpointMapping.ql`	2022-03-15 12:50:51 +00:00
Erik Krogh Kristensen	3067231b1a	Merge pull request #8253 from erik-krogh/domWrite JS: merge hasDominatingWrite and hasDominatingAssignment	2022-03-15 13:37:00 +01:00
Erik Krogh Kristensen	154d0171d3	Merge pull request #8438 from erik-krogh/apiDisable JS: add some API-nodes to js/disabling-certificate-validation	2022-03-15 12:56:59 +01:00
Henry Mercer	f38b498eed	Merge pull request #8433 from github/henrymercer/js-atm-remove-isEffectiveSinkWithOverridingScore JS: Remove `isEffectiveSinkWithOverridingScore` from ML-powered libraries	2022-03-15 10:04:30 +00:00
Asger Feldthaus	82750638c6	JS: Verify models even if package is not used in database	2022-03-15 10:51:44 +01:00
Asger Feldthaus	a19f06ffc0	JS: Port checks to JS	2022-03-15 10:35:49 +01:00
Asger Feldthaus	97ca1155c3	JS: Sync ApiGraphModels.qll and test	2022-03-15 09:29:34 +01:00
Erik Krogh Kristensen	c7509c4dd3	Merge branch 'main' into deadCode	2022-03-15 09:19:14 +01:00
Jonas Jensen	d89c52f4b0	Merge pull request #8403 from erik-krogh/noUpper Rename all upper-case variables, and all lower-case modules	2022-03-15 09:00:37 +01:00
Erik Krogh Kristensen	195ce9c58a	add some API-nodes to js/disabling-certificate-validation	2022-03-14 21:33:13 +01:00
Arthur Baars	6a74e761c8	Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 Post-release preparation for codeql-cli-2.8.3	2022-03-14 21:05:09 +01:00
Henry Mercer	5102cadf8e	Merge pull request #8404 from github/codeql-ci/js-atm-new-release JS: Bump version numbers of ML-powered packs after 0.1.0 release	2022-03-14 17:32:37 +00:00

1 2 3 4 5 ...

6616 Commits