hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-19 13:48:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
31,253 Commits 1,760 Branches 167 Tags
f5a8715528e7b7f2c595ebd0397cd50c3746cc37
Commit Graph

6886 Commits

Author SHA1 Message Date
Max Schaefer
f5a8715528 Revert "JS: Recognize DomSanitizer from @angular/core" 
This reverts commit ff1d0cc4c7.
 2022-01-05 19:46:05 +00:00
Henry Mercer
2c412503e3 Remove NoSQL sinks since September 2018 2022-01-05 19:46:05 +00:00
Esben Sparre Andreasen
cc08eccf05 Remove additional Xss sinks 2022-01-05 19:46:05 +00:00
Esben Sparre Andreasen
5346ab2b2b Remove additional SQL sinks 2022-01-05 19:46:05 +00:00
Esben Sparre Andreasen
7cf073dd9a Remove additional path-injection sinks 2022-01-05 19:46:04 +00:00
Esben Sparre Andreasen
2de58b338b Remove pseudo-properties 2022-01-05 19:46:04 +00:00
Esben Sparre Andreasen
c769ef44cd Remove 2020 sinks from SqlInjection.ql 2022-01-05 19:46:04 +00:00
Esben Sparre Andreasen
e8a21e2f9a Remove 2020 sinks from Xss.ql 2022-01-05 19:46:04 +00:00
Esben Sparre Andreasen
3e1eebd5e3 Remove 2020 sinks from TaintedPath.ql 2022-01-05 19:46:04 +00:00
Henry Mercer
6739fe39ba JS: Update featurization for absent features optimization 
Absent features are now represented implicitly by the absence of a row
in the `tokenFeatures` relation, rather than explicitly by an empty
string. This leads to improved runtime performance. To enable this
implicit representation, we pass the set of supported token features to
the `scoreEndpoints` HOP. Requires CodeQL CLI v2.7.4.
 2022-01-05 19:46:04 +00:00
Tiferet Gazit
869846b306 Test a threshold of 0 
Make sure we get near-perfect recall (ATM-light) and bad precision.
 2022-01-04 16:41:21 -08:00
Tiferet Gazit
6d9a8fad34 Don't hard-code the score cutoff 2022-01-04 15:48:38 -08:00
Tiferet Gazit
e41b9e8776 Experiment with a threshold of 0.65 2022-01-04 15:46:17 -08:00
Tiferet Gazit
dc8711b28f Experiment with a fixed threshold of 0.65 2022-01-04 15:41:51 -08:00
Erik Krogh Kristensen
b9964799f3 Merge pull request #7458 from erik-krogh/modelling 
QL: add "modelling/modeling" to `ql/non-us-spelling`
 2022-01-04 13:33:54 +01:00
yoff
5ba70ff3b6 Merge pull request #7369 from RasmusWL/filter-tag-cwe 
JS/Py/Ruby: Add more CWEs to bad-tag-filter queries
 2022-01-04 10:11:03 +01:00
Dave Bartolomeo
5f5af4a29e Move change notes to correct location 
A few change notes slipped through the cracks of my previous change. These are now in the proper locations: `old-change-notes` for older notes, and `<lang>\ql\[src|lib]\change-notes` for current change notes.
 2022-01-03 18:21:16 -05:00
Dave Bartolomeo
ded3c52a34 Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa Post-release version bumps 2022-01-03 20:11:15 +00:00
Alex Ford
3da98ecb73 Bump a date 2021-12-22 16:38:16 +00:00
Alex Ford
a2104de8a0 Move CryptoAlgorithms::AlgorithmsName into a separate internal/CryptoAlgorithmNames.qll 2021-12-22 16:38:15 +00:00
Alex Ford
f16d77615d Remove unused isStrongBlockMode predicate from CryptoAlgorithms.qll 2021-12-22 16:38:15 +00:00
Alex Ford
d3af687767 Add more encryption algorithms and modes to CryptoAlgorithms::AlgorithmNames 
Strong encryption algorithms: ARIA, IDEA, SEED, SM4
Strong block modes: CBC, CFB, CTR, OFB
 2021-12-22 16:38:15 +00:00
Alex Ford
bdb2d8ba16 Ruby: split OpenSSL parts from CryptoALgorithms.qll and sync with JS/Python version 2021-12-22 16:38:15 +00:00
Erik Krogh Kristensen
8019b52838 run the non-us patch with "modelled/modeled" 2021-12-20 17:47:15 +01:00
Erik Krogh Kristensen
d17879e1f9 run the non-us patch 2021-12-20 16:24:41 +01:00
Nick Rolfe
f18492e39b Merge pull request #7443 from github/nickrolfe/behavior 
QL4QL: catch behaviour/behavior in ql/non-us-spelling
 2021-12-20 13:23:53 +00:00
Henry Mercer
bebf4ca8fc Merge pull request #7357 from github/henrymercer/js-atm-only-featurize-with-flow 
JS: Only featurize endpoints that are part of a flow path
 2021-12-17 18:03:40 +00:00
Henry Mercer
055432530f Bump ATM pack version to 0.0.2 2021-12-17 16:49:59 +00:00
Henry Mercer
c1864531cd JS: Push FeaturizationConfig context into more predicates 2021-12-17 16:31:56 +00:00
Henry Mercer
383437c571 JS: Only featurize endpoints that are part of a flow path 2021-12-17 16:31:56 +00:00
Nick Rolfe
28912c508f Fix non-US spelling of 'behavior' 2021-12-17 15:29:31 +00:00
CodeQL CI
de4b655ddb Merge pull request #7327 from asgerf/js/handlebars-more-raw-interpolation 
Approved by erik-krogh
 2021-12-17 14:07:57 +00:00
CodeQL CI
39ec7132af Merge pull request #7049 from asgerf/js/routing-trees 
Approved by erik-krogh
 2021-12-17 12:26:38 +00:00
Asger Feldthaus
89775428b4 JS: Autoformat 2021-12-17 10:32:02 +01:00
Asger Feldthaus
3e6389cad6 JS: Bump extractor version string 2021-12-17 10:32:00 +01:00
Asger Feldthaus
95a93fe033 JS: Change note 2021-12-17 10:31:50 +01:00
Asger Feldthaus
e2c6dd7d56 JS: Recognize {{& ... }} as an XSS sink 2021-12-17 10:31:50 +01:00
Asger Feldthaus
61cc84ba69 JS: Recognize leading/trailing ~ and & in mustache-tags 2021-12-17 10:31:50 +01:00
Asger Feldthaus
ce68a6d1c5 JS: Remove unneeded qualifier in static field access 2021-12-17 10:31:50 +01:00
Chris Gavin
4a1e2ed408 Add a severity and select the correct number of columns. 2021-12-16 14:02:36 +00:00
Chris Gavin
407c265daf Add kind metadata to example query. 2021-12-16 12:12:36 +00:00
Asger Feldthaus
0e9c2377e3 JS: Use a field in RouterHandlerParameter 2021-12-16 10:26:35 +01:00
CodeQL CI
f274f06d9b Merge pull request #7409 from asgerf/js/track-functions-with-methods 
Approved by erik-krogh
 2021-12-16 09:01:42 +00:00
CodeQL CI
acbf7913b2 Merge pull request #7408 from asgerf/js/trusted-types-sinks 
Approved by esbena
 2021-12-16 08:59:51 +00:00
Asger Feldthaus
53b3581ed0 JS: Add test to stress flow through properties 2021-12-15 17:16:56 +01:00
Asger F
784991cce5 Update javascript/ql/lib/semmle/javascript/Routing.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-15 16:38:38 +01:00
Asger Feldthaus
79e6dcaf68 JS: Rename getValueAtAccessPath->getValueImplicitlyStoredInAccessPath 2021-12-15 16:37:28 +01:00
Asger Feldthaus
8aa4d8227e JS: Rename RouteHandlerInput->RouteHandlerParameter 2021-12-15 16:32:18 +01:00
Asger Feldthaus
218b746f6f JS: Rename getAUseSite -> getRouteInstallation 2021-12-15 16:21:41 +01:00