hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

3186 Commits

Author SHA1 Message Date
jorgectf
a0bf68f7cd Generally extend TaintTracking::AdditionalTaintStep 2022-03-14 13:39:20 +01:00
Erik Krogh Kristensen
3bf5e06d53 delete all dead code 2022-03-14 13:03:31 +01:00
Chris Smowton
aada8d3af9 Merge pull request #8405 from smowton/smowton/fix/range-analysis-use-ranked-phi-nodes 
C#/Java: Range analysis: use ranked phi nodes
 2022-03-14 11:55:55 +00:00
Jeroen Ketema
4c2081b7fc Merge pull request #8401 from jketema/taint-flow 
Extend taint tracking interface with flow states
 2022-03-14 12:06:10 +01:00
Erik Krogh Kristensen
bbb2847ec1 Merge pull request #8323 from erik-krogh/acronyms 
Enforcing consistent casing of acronyms
 2022-03-14 11:38:25 +01:00
jorgectf
ded9663f2b Finish taint steps 2022-03-13 13:59:03 +01:00
p0wn4j
ee67d27b56 Java: Add JDBC connection SSRF sinks 2022-03-12 16:35:32 +04:00
Joe Farebrother
594d51e84d Exclude constants 2022-03-11 17:45:42 +00:00
Jonathan Leitschuh
50ff2c2c68 Code cleanup from code review 2022-03-11 11:44:15 -05:00
Chris Smowton
496cae7742 Revert 8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue 
As pointed out in 8325's thread, this breaks the corner case of char-literal addition and the convention that getStringValue only applies to String-typed constants.
 2022-03-11 12:45:53 +00:00
Chris Smowton
579b57cf67 Range analysis: use ranked phi nodes 
This borrows a technique (and the implementing code) off Modulus analysis.
 2022-03-11 12:32:12 +00:00
Erik Krogh Kristensen
1e365611fc fix all other implicit-this warnings introduced by the acronym patch 2022-03-11 13:22:07 +01:00
Jeroen Ketema
93a0da75b6 Fix taint tracking configurations that broke due to interface change 2022-03-11 12:18:04 +01:00
Chris Smowton
46cd85c70b Revert #8360, "Add CompileTimeConstantExpr.getStringified method" 2022-03-11 11:13:21 +00:00
Jeroen Ketema
cd28f09ae0 Extend taint tracking interface with flow states 2022-03-11 11:50:35 +01:00
Chris Smowton
f006cd0e37 Merge pull request #8360 from JLLeitschuh/feat/JLL/compile_time_constant_getStringified 
[Java] Add CompileTimeConstantExpr.getStringified method
 2022-03-11 10:34:52 +00:00
Erik Krogh Kristensen
bb32c79f0c Java: add missing qldoc 2022-03-11 11:17:38 +01:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Jonathan Leitschuh
1c9864286d Remove SystemProperty from FlowSources 2022-03-10 18:29:29 -05:00
Jonathan Leitschuh
ecb8911756 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-03-10 11:48:16 -05:00
Joe Farebrother
4bf6c10896 Split configs into Query.qll library 2022-03-10 13:23:40 +00:00
Chris Smowton
3113b27606 Fix style 2022-03-10 10:03:14 +00:00
Erik Krogh Kristensen
f924d69dbd Java: remove deprecations that were recently updated from an automated patch of mine 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
a86f0afb3c delete all deprecations that are over 14 months old 2022-03-09 18:28:07 +01:00
Jonathan Leitschuh
2a6c4e9350 Add localFlowPlusInitializers 2022-03-09 11:06:26 -05:00
Jonathan Leitschuh
363fff2358 Cleanup from code review feedback 2022-03-09 10:48:06 -05:00
Jonathan Leitschuh
65457cc2e2 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-03-09 10:25:05 -05:00
jorgectf
447636bf1c Attempt to add MyBatis' sinks and taint steps to SQL and OGNL injection queries 2022-03-09 04:21:26 +01:00
jorgectf
e000163614 Properly model AbstractSQL sinks and taint steps 2022-03-09 04:20:34 +01:00
Jonathan Leitschuh
2e8b5f743b [Java] Add CompileTimeConstantExpr.getStringified method 
Removes CharacterLiteral from CompileTimeConstantExpr.getStringValue

Resolves:
 - https://github.com/github/codeql/pull/8325#issuecomment-1060470279
 - https://github.com/github/codeql/pull/8325#issuecomment-1060587205
 2022-03-07 20:11:38 -05:00
Jonathan Leitschuh
a21992ade9 Minor refactoring to improve tests and documentation 2022-03-07 18:40:53 -05:00
Jonathan Leitschuh
5b651f29d8 Fix insufficient tests and add documentation 2022-03-07 16:39:40 -05:00
Jonathan Leitschuh
b282c7f1b9 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-03-07 11:31:32 -05:00
Jonathan Leitschuh
523ddb79f3 Cleanup after code review feedback 2022-03-04 15:35:01 -05:00
Jonathan Leitschuh
5243fe3dbf Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-03-04 15:30:52 -05:00
Jonathan Leitschuh
7ab193dde2 Add System.getProperties().getProperty support 2022-03-03 20:08:38 -05:00
Jonathan Leitschuh
04cd0dbfe9 [Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue 2022-03-03 18:08:17 -05:00
Jonathan Leitschuh
31527a67e5 Refactor OS Checks & SystemProperty logic from review feedback 2022-03-03 17:15:35 -05:00
Jonathan Leitschuh
103c770ce7 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-03-03 16:39:45 -05:00
Jonathan Leitschuh
fea50065f5 Fix duplicated comment 2022-03-02 19:54:04 -05:00
Jonathan Leitschuh
85de9f305e Fix naming of OSCheck method 2022-03-02 19:41:46 -05:00
Jonathan Leitschuh
a7adbb7291 Refactor more system property access logic 2022-03-02 19:33:05 -05:00
Jonathan Leitschuh
3c53a05e16 Add OS Checks based upon separator or path separator 2022-03-02 14:15:56 -05:00
Jonathan Leitschuh
82d3cd8924 Improve system property lookup 2022-03-02 12:51:15 -05:00
Jonathan Leitschuh
5913c9acad Refactor OS Guard Checks 2022-03-02 12:51:14 -05:00
Jonathan Leitschuh
fd63107edf Update OS Check from Review Feedback 2022-03-02 12:51:12 -05:00
Jonathan Leitschuh
9f5022ee95 Review fixup and add test for apache SystemUtils 2022-03-02 12:50:38 -05:00
Jonathan Leitschuh
49513443f2 Update java/ql/lib/semmle/code/java/os/OSCheck.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2022-03-02 12:50:37 -05:00
Jonathan Leitschuh
3cdfc00542 Cleanup from review feedback 2022-03-02 12:50:37 -05:00
Jonathan Leitschuh
cd073a2173 Java: Add Guard Classes for checking OS 2022-03-02 12:50:35 -05:00