hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
1fc95a68ca Python: Add more type tracking QL doc 2021-05-20 13:47:23 +02:00
Taus
c4bb3c27e0 Python: Update python/ql/src/semmle/python/ApiGraphs.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-05-20 13:14:09 +02:00
Tony Torralba
2613e58916 Remove duplicated class 2021-05-20 12:49:02 +02:00
Tony Torralba
0589dd7e54 Move Jndi.qll from experimental 2021-05-20 12:30:28 +02:00
Tony Torralba
0c1fe9be4f Add change note 2021-05-20 12:00:11 +02:00
Tony Torralba
c1e71b60b4 Use InlineExpectationsTest 2021-05-20 12:00:11 +02:00
Tony Torralba
3f0b803796 Refactored to use CSV sink models 2021-05-20 12:00:05 +02:00
Alex Denisov
694eba66f3 C++: Adjust tests for new specifiers 2021-05-20 10:49:20 +02:00
CodeQL CI
17afbdf258 Merge pull request #5635 from RasmusWL/port-weak-crypto-algorithm 
Approved by yoff
 2021-05-20 01:22:32 -07:00
Alex Denisov
ab23507e3f C++: Add ref qualifiers 2021-05-20 10:03:54 +02:00
Mathias Vorreiter Pedersen
b2432158a8 C++: Add change-note. 2021-05-20 10:00:32 +02:00
Mathias Vorreiter Pedersen
152c0161a2 C++: Fix formatting. 2021-05-20 09:48:32 +02:00
Mathias Vorreiter Pedersen
9504592909 C++: Promote cpp/incorrect-allocation-error-handling out of experimental. 2021-05-20 09:47:45 +02:00
Tom Hvitved
f63c1d2383 Python: Split up (small)step into intra/interprocedural predicates 2021-05-19 19:59:25 +02:00
Anders Schack-Mulligen
4406b8e339 Dataflow: Sync. 2021-05-19 19:22:36 +02:00
Anders Schack-Mulligen
bb258813a1 Dataflow: Improve performance for dispatch-join in flow-through. 2021-05-19 19:20:57 +02:00
Rasmus Wriedt Larsen
753dca91b1 Python: weak-crypto: Make algorithm selection less brittle 
As discussed in https://github.com/github/codeql/pull/5635#discussion_r633477154
 2021-05-19 17:47:09 +02:00
Rasmus Wriedt Larsen
22d4d7956a Python: Fix typo in QLDoc 2021-05-19 17:47:05 +02:00
Rasmus Wriedt Larsen
8d1e7da851 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-05-19 17:42:46 +02:00
Rasmus Wriedt Larsen
61ad5d0673 Python: Allow printing PostUpdateNode in ConceptsTest.qll 
See how this works in `test_json.py`
 2021-05-19 17:10:33 +02:00
Rasmus Wriedt Larsen
9dbb364cca Python: Move json tests to be part of stdlib 
This is better, since the modeling is also part of Stdlib.qll
 2021-05-19 17:10:33 +02:00
Rasmus Wriedt Larsen
51a25e45fe Python: Use shared prettyExpr in ConceptsTest.qll 
This required quite some changes in the expected output. I think it's much more
clear what the selected nodes are now 👍 (but it was a bit boring work to fix
this up)
 2021-05-19 17:10:33 +02:00
Rasmus Wriedt Larsen
1af6d97c51 Python: Remove straggling f-: annotations 2021-05-19 17:10:33 +02:00
Rasmus Wriedt Larsen
f66dccafda Python: Rename prettyExp => prettyExpr 
So we're consistenly using `expr` and not leaving our the `r`.
 2021-05-19 17:10:33 +02:00
Taus
75a43e76e8 Python: Address review comments. 
- Removes the version check on the set of built-in names.
- Renames the predicate used to represent said set.
- Documents how these lists of names were obtained.
- Gets rid of a superfluous import.
 2021-05-19 11:54:47 +00:00
Mathias Vorreiter Pedersen
c4f604bafe Merge pull request #5896 from geoffw0/weak_crypto 
C++: Improve cpp/weak-cryptographic-algorithm
 2021-05-19 13:17:13 +02:00
Rasmus Wriedt Larsen
c4987e94e0 Python: Re-introduce syntactic handling of str/bytes/unicode 
I don't want to loose results on this, so until type-tracking/API graphs
can handle this, I want to keep our syntactic handling.
 2021-05-19 13:00:11 +02:00
Alexander Eyers-Taylor
c80495fbdd Merge pull request #5851 from github/alexet/patch 
Use only_bind_out to force a good join order.
 2021-05-19 12:00:07 +01:00
Rasmus Wriedt Larsen
aa8b7306a3 Python: Use more API graphs in TaintTrackingPrivate 
But now we suddenly don't handle the call to `unicode` :O -- at least
not when I run the test locally (using Python 3).
 2021-05-19 12:59:58 +02:00
CodeQL CI
9bdfdb02d3 Merge pull request #5916 from erik-krogh/scriptSink 
Approved by esbena
 2021-05-19 03:46:17 -07:00
Rasmus Wriedt Larsen
a2e8417c11 Python: Use API graphs in TaintTrackingPrivate 
Some of this modeling could probably go to the standard lib modeling
file, but this chain of commits is already pretty feature creep :|
 2021-05-19 12:39:10 +02:00
Rasmus Wriedt Larsen
53f1d2342d Python: Small refactor of TaintTrackingPrivate 
Highlight why we need to import `DataFlowPrivate`
 2021-05-19 12:19:18 +02:00
Geoffrey White
aaae717328 Merge branch 'main' into weak_crypto 2021-05-19 11:19:08 +01:00
CodeQL CI
c793ac933a Merge pull request #5921 from erik-krogh/expressChain 
Approved by esbena
 2021-05-19 03:17:40 -07:00
Geoffrey White
e985204a62 C++: Add change note. 2021-05-19 11:14:23 +01:00
Rasmus Wriedt Larsen
3f5602c048 Python: Refactoring of TaintTrackingPrivate 
To use all the good new stuff 🎉
 2021-05-19 12:13:04 +02:00
Rasmus Wriedt Larsen
b02fb90807 Python: Add getObject(string attrName) to AttrRef 
Now that I got started adding small things that are nice, I've been
missing this one (that is available on an `AttrNode`).
 2021-05-19 12:11:49 +02:00
Rasmus Wriedt Larsen
9137f04bd3 Python: Add getPostUpdateNode to DataFlow::Node 
as discussed in https://github.com/github/codeql/pull/5864#discussion_r634675940
 2021-05-19 11:57:49 +02:00
Tony Torralba
1351516e9a Moved JNDI injection related files from experimental to standard 2021-05-19 11:32:51 +02:00
CodeQL CI
23e8092452 Merge pull request #5864 from RasmusWL/some-framework-modeling 
Approved by tausbn
 2021-05-19 02:31:06 -07:00
Tony Torralba
43d4575359 Add createParser as taint preserving callable 2021-05-19 11:20:54 +02:00
Geoffrey White
e66b5559a4 Merge pull request #5924 from MathiasVP/cleanup-modelFlow 
C++: Remove a disjunction from `modelFlow`
 2021-05-19 10:12:20 +01:00
Geoffrey White
99833f16e1 Merge pull request #5923 from MathiasVP/range-analysis-in-overflow-static 
C++: Add range analysis to `cpp/static-buffer-overflow`
 2021-05-19 10:12:02 +01:00
Rasmus Wriedt Larsen
904eacf9a2 Python: Use absolute import for PEP249 2021-05-19 11:10:06 +02:00
Mathias Vorreiter Pedersen
4d00513606 C++: Use the isParameterDerefOrQualifierObject predicate to remove a disjunction. 2021-05-19 10:47:04 +02:00
Tony Torralba
e58746508d Merge branch 'main' into atorralba/promote-ognl-injection 2021-05-19 10:41:08 +02:00
Mathias Vorreiter Pedersen
741eed93b2 C++: Replace minimum(any(...)) with a min aggregate. Also removed the min aggregate further down since it's no longer needed. 2021-05-19 09:03:05 +02:00
yoff
60da193620 Update python/ql/src/semmle/python/frameworks/Cryptodome.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-05-19 08:08:59 +02:00
Erik Krogh Kristensen
9a1f80aa93 accept updated test output for express test 2021-05-18 22:23:29 +02:00
Erik Krogh Kristensen
e9d2dd0b57 support the chaining methods on Express apps 2021-05-18 22:23:27 +02:00