hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

2799 Commits

Author SHA1 Message Date
Pavel Avgustinov
6737e99d65 Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
Calum Grant
abf6be6030 C#: Avoid qualifying explicit interface implementations. 2020-04-07 11:17:35 +01:00
Tom Hvitved
6685a5ed4d Merge pull request #3136 from calumgrant/cs/buildless-extraction 
C#: Improvements to buildless extraction
 2020-04-07 08:52:00 +02:00
Henning Makholm
d1ff3211ef Add extractor fields to test qlpack.yml files. 2020-04-06 19:21:41 +02:00
Calum Grant
0d86866ba3 Merge pull request #3160 from hvitved/csharp/null-maybe-fp 
C#: Add false-positive test for NullMaybe.ql
 2020-04-06 14:30:31 +01:00
Calum Grant
6cce0de9b2 Merge pull request #3124 from hvitved/csharp/dataflow/sources-and-sinks 
C#: Introduce `RemoteFlowSink` class
 2020-04-06 12:36:14 +01:00
Tom Hvitved
c8c706a0ba C#: Un-deprecate PublicCallableParameterFlowSource 2020-04-06 09:01:44 +02:00
Tom Hvitved
4ca5e3755f C#: Add false-positive test for NullMaybe.ql 2020-03-31 14:06:16 +02:00
Calum Grant
b94b4b7c91 C#: Fix tests 2020-03-26 20:40:40 +00:00
Calum Grant
782f2b5b50 Merge pull request #3073 from hvitved/csharp/null-maybe-fp 
C#: Add test for `cs/dereferenced-value-may-be-null`
 2020-03-26 18:55:54 +00:00
Tom Hvitved
a8660d446e C#: Fix typo 2020-03-26 14:54:03 +01:00
Tom Hvitved
54677189de C#: Introduce RemoteFlowSink class 2020-03-25 20:05:39 +01:00
Tom Hvitved
fddbce0b7b C#: Move all predefined sources and sinks into security/dataflow/flow{sinks,sources} 2020-03-25 20:05:39 +01:00
Tom Hvitved
7ac25d2439 C#: Add more tests for cs/information-exposure-through-exception 2020-03-25 14:33:49 +01:00
Jonas Jensen
2b2667aef7 Merge remote-tracking branch 'upstream/master' into detect-conflated-memory 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRSanity.qll
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ir/raw_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_sanity.expected
	csharp/ql/src/semmle/code/csharp/ir/implementation/raw/IRSanity.qll
	csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/IRSanity.qll
	csharp/ql/test/library-tests/ir/ir/raw_ir_sanity.expected
	csharp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
 2020-03-25 11:55:39 +01:00
Jonas Jensen
29c4c8c0b2 C#: Fixup to follow C++ changes 2020-03-23 20:39:43 +01:00
Dave Bartolomeo
a2741da8e2 C++/C#: Add sanity test for invalid overlap from getDefinitionOverlap() 
The result of `getDefinitionOverlap()` should never be `MayPartiallyOverlap`, because if that were the case, we should have inserted as `Chi` instruction and hooked the definition up to that instead.

There are quite a few existing failures.
 2020-03-23 14:37:06 -04:00
Luke Cartey
9eee16b2d6 Merge pull request #3091 from hvitved/csharp/xpath-injection-more-sinks 
C#: Teach XPath injection query about `XPathNavigator`
 2020-03-23 09:39:26 +00:00
Tom Hvitved
fc74a482a4 C#: More XPath injection sinks 2020-03-19 14:13:35 +01:00
Tom Hvitved
4b3cf72c1c C#: Teach XPath injection query about XPathNavigator 2020-03-19 13:38:16 +01:00
Tom Hvitved
7f0181ccff C#: Add XPathNavigator test for cs/xml/xpath-injection 2020-03-19 13:37:03 +01:00
Tom Hvitved
fb2b239db7 C#: Add test for cs/dereferenced-value-may-be-null 2020-03-16 15:38:29 +01:00
Tom Hvitved
17e904f0f6 Data flow: Refactoring + performance improvements 
- Introduce `ReadTaintNode` and `TaintStoreNode` to simplify logic for taint
  getters and taint setters, respectively.
- `nodeCandFwd2`: Restrict `stored` column after a read, based on what it might
  be before a store of the same field.
- `nodeCand2`: Restrict `read` column (renamed from `stored`) after a store, based
  on what it might be after a read of the same field.
- Move big step predicates into a `LocalFlowBigStep` module.
- Define predicates by dispatch in `AccessPath[Front]` class.
- `flowCandFwd0`: Restrict `apf` column after a read, as it should be able to match
  a Boolean `read` column from `nodeCand2`.
- `flowFwd0`: Restrict columns `ap` and `apf` after a read, by introducing a
  `flowConsCandFwd` predicate (similar to what is done in the previous pruning steps).
- `flowFwd0`: Restrict columns `ap` and `apf` after a store, by introducing a
  `flowConsCand` predicate (similar to what is done in the previous pruning steps).
 2020-03-13 13:58:05 +01:00
Anders Schack-Mulligen
fc87f1eb1b C#: Fix tests. 2020-03-10 10:54:48 +01:00
semmle-qlci
ec90627a64 Merge pull request #2909 from yo-h/experimental 
Approved by aschackmull, jbj, max-schaefer, tausbn
 2020-02-28 03:15:58 +00:00
yo-h
43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00
Mathias Vorreiter Pedersen
af364e66fc C++/C#: Move sanity check inside InstructionSanity module and accept tests 2020-02-23 20:53:49 +01:00
Mathias Vorreiter Pedersen
d9753b0ca5 C++/C#: Accept test output after adding sanity check to Instruction.qll 2020-02-21 15:09:53 +01:00
semmle-qlci
ecad925101 Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries 
Approved by aschackmull
 2020-02-17 18:22:46 +00:00
Tom Hvitved
dcdb5299f0 C#: Update expected test output 2020-02-17 10:52:02 +01:00
Tom Hvitved
7eae5f913c C#: Update data-flow test 2020-02-17 10:45:44 +01:00
Tom Hvitved
09b1e8b161 C#: Update expected test output 2020-02-13 20:08:11 +01:00
Tom Hvitved
78380f5d59 Merge pull request #2658 from calumgrant/cs/serialization-check-bypass-type 
C#: Fix cs/serialization-check-bypass
 2020-02-12 10:26:01 +01:00
Tom Hvitved
bbf082b285 C#: Extract stackalloc information 2020-02-10 20:32:52 +01:00
Calum Grant
803cb3f4d1 C#: Address review comment 
- Flow from expressions with a value is excluded.
 2020-02-10 16:02:29 +00:00
Calum Grant
5fef77bf44 C#: Handle expressions of typeImplicitStackAllocArrayCreationExpressionSyntax 2020-02-10 11:30:12 +00:00
Tom Hvitved
85e6b24c49 C#: Remove false positives for cs/useless-assignment-to-local 2020-02-05 20:12:39 +01:00
Tom Hvitved
d9f9fc510f C#: Add more tests for cs/useless-assignment-to-local 2020-02-05 20:11:22 +01:00
Tom Hvitved
fed6dd5324 C#: Generalize data-flow flow-through summaries 
The predicate

```
argumentValueFlowsThrough(ArgumentNode arg, OutNode out, CallContext cc)
```

has been generalized to

```
argumentValueFlowsThrough(
  DataFlowCall call, ArgumentNode arg, Node out, ContentOption contentIn,
  ContentOption contentOut
)
```

This enables us to summarize normal flow-through (as before), getters, setters,
as well as getter-setters.
 2020-02-04 14:09:12 +01:00
Tom Hvitved
00fdc70155 Merge pull request #2710 from calumgrant/cs/short-circuit-out 
C#: Remove false positive in cs/non-short-circuit
 2020-02-04 12:09:17 +01:00
Tom Hvitved
c31f0e955d C#: Add more flow-through data-flow tests 2020-01-31 13:48:08 +01:00
Calum Grant
7caae01ad1 C#: Exclude fields that are created 2020-01-29 15:47:12 +00:00
Anders Schack-Mulligen
726a873c3e C#: Autoformat. 2020-01-29 13:15:00 +01:00
Calum Grant
0b3821c828 C#: Remove false positive for out params 2020-01-28 13:59:33 +00:00
Calum Grant
f23438ea65 C#: Add test showing false positive 2020-01-28 11:48:59 +00:00
Tom Hvitved
7e042da4f5 Merge pull request #2665 from calumgrant/cs/zipslip-alert 
C#: ZipSlip query reports alert at source
 2020-01-23 11:05:57 +01:00
Calum Grant
a868456628 C#: Address review comments 2020-01-22 14:21:12 +00:00
Calum Grant
3d460aeb44 C#: ZipSlip query reports alert at source 2020-01-21 15:17:06 +00:00
Calum Grant
9d7c9e0ba4 C#: Default parameter values are maybe null 
C#: Update test output
 2020-01-20 14:37:20 +00:00
Calum Grant
631b4248b5 C#: Add a nullness test 2020-01-20 11:13:31 +00:00