hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

5839 Commits

Author SHA1 Message Date
Jonas Jensen
4b7813b98e C++/C#/Java: Split localFlowStep predicate in two 
There's now a `localFlowStep` predicate for use directly in queries and
other libraries and a `simpleLocalFlowStep` for use only by the global
data flow library. The former predicate is intended to include field
flow, but the latter may not.

This will let Java and C# (and possibly C++ IR) avoid getting two kinds
of field flow at the same time, both from SSA and from the global data
flow library. It should let C++ AST add some form of field flow to
`localFlowStep` without making it an input to the global data flow
library.
 2019-08-21 09:27:01 +02:00
Tom Hvitved
7ab9c8b90d Java/C++/C#: flowCandFwdRead() refactor 2019-08-20 14:44:04 +02:00
Tom Hvitved
14378ee41a Java/C++/C#: Remove some unbind() calls from shared data flow implementation 2019-08-20 13:59:01 +02:00
Jonas Jensen
f1e6e36ce6 Java: Remove wrong definition of taint tracking 
This explanation, taken from C/C++, was not correct for Java.
 2019-08-20 13:45:38 +02:00
Jonas Jensen
9ac0cdd2a2 Java: Don't use the deprecated Configuration2 2019-08-20 13:45:37 +02:00
Jonas Jensen
aeb2323128 Java: Use pyrameterized modules for TaintTracking 2019-08-20 13:45:37 +02:00
Tom Hvitved
a0c834c83d Java/C++/C#: Improve data flow join orders for field flow 2019-08-20 10:14:08 +02:00
Anders Schack-Mulligen
6ff4fe38ec Java/C++/C#: Add field flow support for stores in nested fields. 2019-08-19 14:41:06 +02:00
yh-semmle
73d8e16cd0 Java: remove obsolete VCS.qll and associated queries 2019-08-18 14:53:46 -04:00
Anders Schack-Mulligen
9e4f2f8594 Java: Don't use default dataflow in libs imported by default. 2019-08-16 13:27:53 +02:00
Anders Schack-Mulligen
1938ac4937 Java/C++/C#: Sync. 2019-08-14 10:32:15 +02:00
Anders Schack-Mulligen
0c56f955e8 Java: Fix bad join order. 2019-08-14 10:10:19 +02:00
Anders Schack-Mulligen
411bc16f44 Java/C++/C#: Address review comment. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
9e902066ad Java/C++/C#: Elaborate qldoc. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
4550175b16 Java/C++/C#: Add support for BarrierGuards. 2019-08-13 16:57:48 +02:00
yh-semmle
5e910a4808 Merge pull request #1724 from aschackmull/java/google-xmlreader 
Java: Treat SecureJDKXercesXMLReader as a secure XMLReader.
 2019-08-13 09:52:32 -04:00
Tom Hvitved
36043d04bd Merge pull request #1729 from xiemaisi/data-flow-nodes-location 
Java/C++/C#: Provide path-node locations via `hasLocationInfo`, not `getLocation`.
 2019-08-13 12:22:59 +02:00
Max Schaefer
eb8087f4ea Java/C++/C#: Provide path-node locations via hasLocationInfo, not getLocation. 2019-08-12 12:52:30 +01:00
Anders Schack-Mulligen
41763e6025 Java: Treat SecureJDKXercesXMLReader as a secure XMLReader. 2019-08-09 16:00:41 +02:00
Anders Schack-Mulligen
b3e56d5b04 Java: Fix copy-paste typo. 2019-08-08 11:44:44 +02:00
Anders Schack-Mulligen
20e6f5594f Java: Improve barriers for the CWE-190 Arithmetic* queries. 2019-08-07 15:22:23 +02:00
yh-semmle
033879f5a6 Merge pull request #1639 from aschackmull/java/in-out-barriers 
Java/C++/C# DataFlow: Add support for in/out barriers on sources and sinks.
 2019-08-07 01:07:19 -04:00
yh-semmle
7e90728c67 Merge pull request #1679 from aschackmull/java/reader-taint 
Java: Adjust taint steps for Reader::read.
 2019-08-05 12:46:12 -04:00
Anders Schack-Mulligen
a80cb262fc Java/C++/C#: Elaborate qldoc. 2019-08-05 16:28:25 +02:00
Anders Schack-Mulligen
9ebb83497d Java/C++/C#: Fix small mistake. 2019-08-05 15:34:12 +02:00
Anders Schack-Mulligen
2dc83c539c Java/C++/C#: Sync dataflow. 2019-08-05 12:07:32 +02:00
Anders Schack-Mulligen
f8804943ee Java: Change in/out barriers to be explicit in the configuration. 2019-08-05 12:05:12 +02:00
Anders Schack-Mulligen
b1b1ede6b0 Java: Improve the precision of java/hardcoded-credential-api-call. 2019-08-02 16:50:58 +02:00
Anders Schack-Mulligen
4ffc41277a Java: Adjust taint steps for Reader::read. 2019-08-02 14:21:06 +02:00
Anders Schack-Mulligen
1a779179e7 Merge pull request #1666 from yh-semmle/java-xxe-qhelp 
Java: update XXE qhelp with note on processing limits
 2019-08-01 10:01:53 +02:00
yh-semmle
dc45ba5627 Java: update XXE qhelp with note on processing limits 2019-07-31 15:45:28 -04:00
yh-semmle
37395877a7 Merge pull request #1633 from aschackmull/java/taint-string-concat 
Java: Add taint step for String::concat.
 2019-07-30 00:21:52 -04:00
yh-semmle
a1b4d09b42 Merge pull request #1630 from aschackmull/java/switchexpr-tostring 
Java: Add toString override for SwitchExpr.
 2019-07-26 11:32:24 -04:00
Anders Schack-Mulligen
6d022aa359 Java/C++/C#: Sync dataflow. 2019-07-26 13:17:12 +02:00
Anders Schack-Mulligen
7c30c1a01c Java: Deprecate isBarrierEdge. 2019-07-26 13:16:19 +02:00
Anders Schack-Mulligen
d3c5644229 Java: Add support for in/out barriers on sources and sinks. 2019-07-26 11:52:55 +02:00
yh-semmle
9fdb964622 Merge pull request #1511 from aschackmull/java/typeflow-precision 
Java: Minor TypeFlow precision improvement and refactor.
 2019-07-25 23:06:16 -04:00
Anders Schack-Mulligen
046d4a01de Java: Add taint step for String::concat. 2019-07-25 11:38:34 +02:00
Anders Schack-Mulligen
3d340d4fba Java: Delete deprecated dependency DataFlowImplDepr. 2019-07-25 11:18:01 +02:00
Anders Schack-Mulligen
e8aae19556 Java: Add toString override for SwitchExpr. 2019-07-25 10:53:16 +02:00
yh-semmle
a42d9b1f96 Merge pull request #1616 from aschackmull/java/dataflow-prunetype-bugfix 
Java: Bugfix for flow through methods with taint step and upcast.
 2019-07-24 22:28:05 -04:00
Anders Schack-Mulligen
a8c10e218c Java: Delete old deprecated code. 2019-07-23 10:09:51 +02:00
Anders Schack-Mulligen
cd8d16183c Java/CPP/C#: Sync dataflow. 2019-07-22 15:41:37 +02:00
Anders Schack-Mulligen
3024b5cb9e Java: Bugfix for flow through methods with taintstep and upcast. 2019-07-22 15:39:30 +02:00
yh-semmle
12c906c9de Merge pull request #1503 from aschackmull/java/object-tostring-dispatch 
Java: Restrict Object.toString() dispatch based on a more closed-world assumption.
 2019-07-19 09:23:21 -04:00
Anders Schack-Mulligen
3588066ba1 Java: Add qldoc and change note. 2019-07-18 17:53:40 +02:00
Anders Schack-Mulligen
eeb7bdba95 Merge pull request #1553 from rneatherway/java/add-null-guard 
Java: Add `isNotEmpty` to NullGuards
 2019-07-09 11:25:21 +02:00
Robin Neatherway
204a28df94 Java: Add isNotEmpty to NullGuards 2019-07-05 12:41:46 +01:00
Jonas Jensen
5ea69601c3 Merge pull request #1525 from aibaars/drop-import-additional-libraries 
Drop ImportAdditionalLibraries.ql
 2019-07-02 11:26:31 +02:00
Arthur Baars
9197c186e1 Drop: ImportAdditionalLibraries.ql 2019-06-28 15:53:07 +02:00