hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

12735 Commits

Author SHA1 Message Date
Tom Hvitved
bd6c23d165 Merge pull request #3020 from aschackmull/dataflow/type-pruning-bigstep 
Dataflow: Fix bug in type pruning.
 2020-03-10 14:21:21 +01:00
Anders Schack-Mulligen
e97c72cd5d Dataflow: Adjust imports. 2020-03-10 11:34:09 +01:00
Anders Schack-Mulligen
a2bbacf58d Java/C++/C#: Fix performance issue in partial paths exploration. 2020-03-09 11:30:59 +01:00
Anders Schack-Mulligen
4298a3a931 Java: Add test. 2020-03-09 11:16:59 +01:00
Anders Schack-Mulligen
f491fcd5ae Java/C++/C#: Sync. 2020-03-09 11:05:13 +01:00
Anders Schack-Mulligen
7a74634cfd Java/C++/C#: Simplify. 2020-03-09 11:04:28 +01:00
Anders Schack-Mulligen
cf84a53573 Java/C++/C#: Fix bug in type pruning. 2020-03-09 11:04:24 +01:00
SpaceWhite
5e912cbf8e Move directory to experimental 2020-03-07 11:55:32 +09:00
SpaceWhite
8cdc2bb268 Merge branch 'master' into CWE-094 2020-03-07 11:54:31 +09:00
SpaceWhite
b7af1645aa Move directory to experimental 2020-03-07 11:49:33 +09:00
SpaceWhite
2ec107bc2d Merge branch 'master' into CWE-643 2020-03-07 11:47:53 +09:00
Anders Schack-Mulligen
4601639bad Java: Document a FP in a test. 2020-03-03 13:39:26 +01:00
Anders Schack-Mulligen
b210009eec Merge pull request #2923 from yo-h/java-customizations 
Java: add `Customizations.qll`
 2020-03-02 09:58:34 +01:00
semmle-qlci
ec90627a64 Merge pull request #2909 from yo-h/experimental 
Approved by aschackmull, jbj, max-schaefer, tausbn
 2020-02-28 03:15:58 +00:00
yo-h
f8bf055fe1 Merge pull request #2927 from aschackmull/java/taintgettersetter-tests 
Java: Add some more taint-getter-setter tests.
 2020-02-27 22:12:25 -05:00
Anders Schack-Mulligen
8e2b56cfd0 Java: Include count in messages. 2020-02-27 13:10:42 +01:00
Anders Schack-Mulligen
33f6392be5 Java: Add some more taint-getter-setter tests. 2020-02-27 10:47:25 +01:00
Anders Schack-Mulligen
0c30d7cced Java: Update test output. 2020-02-27 10:28:12 +01:00
Anders Schack-Mulligen
a09e479033 Java: Change relevantNode to a class, and add two more checks. 2020-02-27 10:14:14 +01:00
yo-h
bd91bc0b29 Java: add Customizations.qll 2020-02-26 13:18:13 -05:00
Anders Schack-Mulligen
ce70b86604 Java: Add data-flow consistency checks. 2020-02-26 14:17:07 +01:00
Anders Schack-Mulligen
508b6050a8 Java: Remove some irrelevant bounds from TypeFlow. 2020-02-26 13:51:25 +01:00
Jonas Jensen
db33c360bc Merge pull request #2910 from aschackmull/dataflow/cleanup 
Java/C++: Minor dataflow cleanup.
 2020-02-25 12:47:10 +01:00
Anders Schack-Mulligen
fba8772411 Java/C++: Minor dataflow cleanup. 2020-02-25 09:40:25 +01:00
yo-h
43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00
Anders Schack-Mulligen
67b32796dd Merge pull request #853 from joshhale/tweak-cwe-078-example 
doc: remove - from command arguments
 2020-02-24 16:15:58 +01:00
Grzegorz Golawski
fda4ab155a CodeQL query to detect open Spring Boot actuator endpoints 2020-02-23 20:03:41 +01:00
Peter Stöckli
e81d3ce0b4 Add type for java.net.URL 2020-02-23 12:35:03 +01:00
Peter Stöckli
e1e03e326b Add query documentation header 2020-02-21 18:22:05 +00:00
Peter Stöckli
9de2be8eba Fix whitespace issues in OpenStream.java 2020-02-21 17:13:04 +00:00
Peter Stöckli
b622e2ae06 Java: Calling openStream on URLs created from remote source can lead to local file disclosure. 2020-02-21 17:51:15 +01:00
Anders Schack-Mulligen
771cb754c2 Merge pull request #2822 from hvitved/dataflow/node-cand-simple-call-context 
Data flow: Track simple call contexts in `nodeCand[Fwd]1`
 2020-02-21 10:02:06 +01:00
Tom Hvitved
a772b82fea Address review comments 2020-02-20 19:48:49 +01:00
Anders Schack-Mulligen
91166431d2 Java/C++/C#: s/Callable/DataFlowCallable/ 2020-02-19 17:23:01 +01:00
Anders Schack-Mulligen
c6016bb08c Java/C++/C#: Improve join-order in pathStep predicate 2020-02-19 14:47:39 +01:00
Tom Hvitved
a695b567ec Data flow: Sync files 2020-02-17 19:39:52 +01:00
semmle-qlci
ecad925101 Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries 
Approved by aschackmull
 2020-02-17 18:22:46 +00:00
Tom Hvitved
0e7838aca5 Data flow: Sync files 2020-02-17 15:08:26 +01:00
Anders Schack-Mulligen
cabe627d1e Java: Fix qldoc. 2020-02-17 14:44:12 +01:00
Tom Hvitved
28307399f8 Data flow: Sync files 2020-02-17 10:45:35 +01:00
SpaceWhite
0be6f84387 Add sample 2020-02-15 16:49:33 +09:00
SpaceWhite
1ad7bd9684 add sample code 2020-02-15 16:46:09 +09:00
SpaceWhite
a29ccd674f Initial commit 2020-02-15 16:27:03 +09:00
Tom Hvitved
332733a92e Java/C++: Follow-up changes 2020-02-13 16:34:06 +01:00
Tom Hvitved
b5b0c2b8cf Data flow: Sync files 2020-02-13 16:34:06 +01:00
SpaceWhite
949914e48a Add XPathInjection 2020-02-10 13:48:02 +09:00
Tom Hvitved
9b699618a8 Data flow: Improve performance of flowFwdStore() 2020-02-09 19:34:04 +01:00
Anders Schack-Mulligen
85adc3be10 Java: Add String.join as default taint step. 2020-02-07 14:43:31 +01:00
Anders Schack-Mulligen
ee3af0a247 Java: Add String.format as default taint step. 2020-02-07 13:43:35 +01:00
Tom Hvitved
f30a42ce26 Data flow: Fix bad join-order in TPathNodeSink 
Avoids a Cartesian product on nodes:

```
[2020-02-07 11:01:22] (432s) Tuple counts for dom#DataFlowImpl::TPathNodeSink#ff:
                      0          ~0%      {2} r1 = JOIN DataFlowImpl::Configuration::isSource_dispred#ff AS L WITH DataFlowImpl::Configuration::isSink_dispred#ff AS R ON FIRST 2 OUTPUT R.<1>, R.<0>
                      101611     ~0%      {2} r2 = SCAN DataFlowImpl::PathNodeMid#class#ffffff AS I OUTPUT I.<5>, I.<0>
                      3534537047 ~3%      {3} r3 = JOIN r2 WITH DataFlowImpl::Configuration::isSink_dispred#ff AS R ON FIRST 1 OUTPUT r2.<1>, R.<1>, R.<0>
                      251        ~41%     {3} r4 = JOIN r3 WITH project#DataFlowImpl::pathStep#fffff AS R ON FIRST 2 OUTPUT R.<2>, r3.<2>, r3.<1>
                      251        ~50%     {2} r5 = JOIN r4 WITH DataFlowImpl::TNil#ff_1#join_rhs AS R ON FIRST 1 OUTPUT r4.<2>, r4.<1>
                      251        ~50%     {2} r6 = r1 \/ r5
                      323        ~67%     {3} r7 = JOIN r6 WITH DataFlowImpl::flow#ff AS R ON FIRST 1 OUTPUT r6.<1>, r6.<0>, R.<1>
                      288        ~58%     {3} r8 = SELECT r7 ON r7.<2> >= r7.<0>
                      251        ~53%     {3} r9 = SELECT r8 ON r8.<2> <= r8.<0>
                      251        ~50%     {2} r10 = SCAN r9 OUTPUT r9.<1>, r9.<0>
```
 2020-02-07 12:08:31 +01:00