hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
fc03b92e11 Moved from experimental to standard 2021-05-11 15:42:13 +02:00
Tony Torralba
53da3b661a Refactor to CSV sink model 2021-05-11 15:33:49 +02:00
Mathias Vorreiter Pedersen
3e21f479a9 C++: Add change-note. 2021-05-11 14:58:48 +02:00
Tom Hvitved
d66506b0a3 Data flow: Rename {Argument,Parameter}NodeExt to {Arg,Param}Node 2021-05-11 14:40:10 +02:00
Mathias Vorreiter Pedersen
48e783184c C++: Fix false positive by recognizing more absolute value functions in Overflow.qll 2021-05-11 14:30:28 +02:00
Jonathan Leitschuh
0d9a85ca6b Update java/change-notes/2021-05-05-kryo-improvements.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-05-11 08:29:50 -04:00
Mathias Vorreiter Pedersen
24d8abd2c2 C++: Add false positive testcase when an absolute value is used in comparison. 2021-05-11 14:27:53 +02:00
CodeQL CI
922b276fac Merge pull request #5728 from asgerf/js/source-sink-queries 
Approved by erik-krogh
codeql-cli/v2.5.5 		2021-05-11 05:04:47 -07:00
Tamas Vajk
717070c7e4 Fix/cleanup passed and default arguments values 2021-05-11 13:11:35 +02:00
yoff
a7f97895ac Merge pull request #5863 from erik-krogh/printReg 
JS: add printAst.ql support for regular expressions
 2021-05-11 12:45:49 +02:00
yoff
0e5a2c4573 Merge pull request #5442 from jorgectf/jorgectf/python/redos 
Python: Add Regular Expression Injection query
 2021-05-11 12:11:35 +02:00
yoff
549c9eee1a Merge pull request #5739 from RasmusWL/share-sensitive-data-modeling 
Python/JS: Share sensitive data modeling
 2021-05-11 11:53:59 +02:00
CodeQL CI
a87731115a Merge pull request #5860 from max-schaefer/js/improve-sql-modelling 
Approved by asgerf
 2021-05-11 02:24:52 -07:00
Erik Krogh Kristensen
99e98419dc add support for error values in an axios client request 2021-05-11 11:24:21 +02:00
Erik Krogh Kristensen
52991dc4a1 rewrite the axios model to use API graphs 2021-05-11 11:23:51 +02:00
Erik Krogh Kristensen
54f191cfe3 add support for rejected promise values in API graphs 2021-05-11 11:23:03 +02:00
CodeQL CI
beb66fc4db Merge pull request #5719 from asgerf/js/nestjs 
Approved by esbena
 2021-05-11 02:08:27 -07:00
Anders Schack-Mulligen
744c495ac2 Merge pull request #5824 from JLLeitschuh/feat/JLL/guava_first_non_null 
[Java] Add support for com.google.common.base.MoreObjects#firstNonNull
 2021-05-11 09:42:20 +02:00
AlexDenisov
2905bb8b9a Merge pull request #5861 from AlexDenisov/alexdenisov/adjust-user-defined-literals-test 
C++: Adjust user-defined literals test' expectations
 2021-05-11 09:31:54 +02:00
Anders Schack-Mulligen
7d6a497136 Merge pull request #5857 from dbartol/container/work 
Java: Fix QLDoc for `Container.toString()`
 2021-05-11 08:37:41 +02:00
Dave Bartolomeo
f85aff869c Java: Fix PR feedback 2021-05-10 16:37:23 -04:00
thank_you
3ace49549a Add tests for SqlAlchemy modeling library 
After researching SqlAlchemy and it's various query methods, I discovered several types of SQL injection possibilities.

The SQLExecution.py file contains these examples and can be broken up into two types of injections. Injections requiring the text() taint-step and injections NOT requiring the text() taint step.
 2021-05-10 16:12:15 -04:00
Marcono1234
2e098f050e Java: Ignore char array based closeables for CloseReader.ql and CloseWriter.ql 2021-05-10 18:33:07 +02:00
Mathias Vorreiter Pedersen
5016c6436a Merge pull request #5859 from MathiasVP/fix-fp-in-comparison-with-wider-type 
C++: Fix false positive in `cpp/comparison-with-wider-type`
 2021-05-10 17:58:31 +02:00
Jonathan Leitschuh
d27316eb3e Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-10 11:55:31 -04:00
Chris Smowton
0afe22d60c Merge pull request #5710 from p0wn4j/jsch-os-injection 
[Java] CWE-078: Add JSch lib OS Command Injection sink
 2021-05-10 16:12:00 +01:00
Tamas Vajk
dd86da3f24 C#: Remove base class from type IDs in trap files 2021-05-10 17:06:10 +02:00
Tamas Vajk
31ac6442e8 C#: Fix default parameter value generation in case of error symbols 2021-05-10 17:03:08 +02:00
Rasmus Wriedt Larsen
1b0d5053e7 Python: simplejson load/dump only works with lib installed 
Which I had done locally. Problem is the same about not having PostUpdateNode
when points-to is not able to resolve the call, so I'm happy to just make CI
happy right now, and hopefully we'll get a fix to the underlying problem soon 😊
 2021-05-10 16:21:29 +02:00
Mathias Vorreiter Pedersen
d55db836cb C++: Remove implied conjunct. 2021-05-10 16:13:54 +02:00
Tom Hvitved
498f9b2547 Merge pull request #5848 from hvitved/csharp/trap-key-escape 
C#: Escape IDs in TRAP label definitions
 2021-05-10 16:13:13 +02:00
Tony Torralba
8553ca1019 Autoformatting 2021-05-10 15:42:20 +02:00
Mathias Vorreiter Pedersen
51d04cb5b3 C++: Correct test annotation. 2021-05-10 15:30:35 +02:00
Mathias Vorreiter Pedersen
c0b65314be C++: Fix false positive by restricting _both_ the old (unconverted) expression _and_ all of the conversions. 2021-05-10 15:18:42 +02:00
Rasmus Wriedt Larsen
c2a6b811fc Python: Add modeling of ujson PyPI package 
The problem with `tainted_filelike` not having taint, is that in the call

`ujson.dump(tainted_obj, tainted_filelike)`

there is no PostUpdateNote for `tainted_filelike` :( The reason is that
points-to is not able to resolve the call, so none of the clauses in
`argumentPreUpdateNode` matches

See 08731fc6cf/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPrivate.qll (L101-L111)

Let's deal with that issue in an other PR though
 2021-05-10 15:10:31 +02:00
Rasmus Wriedt Larsen
72d08f4d6e Python: Model json load/dump 2021-05-10 15:10:30 +02:00
Rasmus Wriedt Larsen
63f28d7d9b Python: Model keyword args to json loads/dumps 2021-05-10 15:10:29 +02:00
Rasmus Wriedt Larsen
784e0cdb96 Python: Improve tests of json module 
Inspired by the work on previous commit
 2021-05-10 15:10:28 +02:00
Rasmus Wriedt Larsen
3fe9a3d933 Python: Add modeling of simplejson PyPI package 
I noticed that we don't handle PostUpdateNote very well in the concept tests,
for exmaple for `json.dump(...)` there _should_ have been an `encodeOutput` as
part of the inline expectations.

I'll work on fixing that up in a separate PR, to keep things clean.
 2021-05-10 15:10:27 +02:00
Mathias Vorreiter Pedersen
c7cd75437f C++: Add testcase demonstrating false positive from conversions. 2021-05-10 14:58:33 +02:00
CodeQL CI
a3d17a1437 Merge pull request #5769 from erik-krogh/libXss 
Approved by esbena
 2021-05-10 05:58:07 -07:00
yoff
78370cf63f Update python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll 2021-05-10 14:53:40 +02:00
Erik Krogh Kristensen
504c34ed2c use shouldPrint to filter out regular expressions from other files 2021-05-10 14:51:13 +02:00
Erik Krogh Kristensen
d6f9e37e39 add printAst.ql support for regular expressions 2021-05-10 13:31:00 +02:00
ihsinme
9e5a38debd Update DeclarationOfVariableWithUnnecessarilyWideScope.expected 2021-05-10 14:17:40 +03:00
Asger Feldthaus
3e5dc1efb7 JS: More robust hasUnderlyingType 2021-05-10 13:17:25 +02:00
ihsinme
d3c6093f37 Update test.c 2021-05-10 14:16:38 +03:00
ihsinme
c8f2937df9 Update DeclarationOfVariableWithUnnecessarilyWideScope.ql 2021-05-10 14:16:11 +03:00
Tom Hvitved
7f1f2b4dd3 C#: Fix GetHashCode/Equals on EscapingTextWriter 2021-05-10 13:05:51 +02:00
Alex Denisov
dcdd54593e C++: Adjust user-defined literals test' expectations 2021-05-10 13:03:40 +02:00