hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

4510 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
9cc0d3d1f4 Java/C++/C#: Remove DataFlowLocation as it's no longer needed. 2020-01-21 15:08:39 +01:00
Jonas Jensen
84811f66a2 C++: autoformat 2020-01-21 13:21:16 +01:00
Jonas Jensen
6d46e4d946 C++: Wire up models to DefaultTaintTracking 
This adds support for arg-to-arg and arg-to-return taint.
 2020-01-21 12:04:45 +01:00
Jonas Jensen
5ac56c2e3a C++: Add DataFlow::Node.asDefiningArgument in IR 2020-01-21 11:52:06 +01:00
Geoffrey White
80997a3323 Merge pull request #2655 from Semmle/jbj-patch-1 
C++: Fix typo in MallocSizeExpr
 2020-01-21 09:44:41 +00:00
Jonas Jensen
cdcd3ed748 Merge pull request #2647 from geoffw0/modelpure 
CPP: Improve strlen model
 2020-01-21 09:42:10 +01:00
Jonas Jensen
0568ed6451 C++: Fix typo in MallocSizeExpr 
The first argument is index 0, not 1.
 2020-01-21 09:09:49 +01:00
Mathias Vorreiter Pedersen
c9cc459baf C++: Rename .qlhelp to .qhelp 2020-01-20 21:17:53 +01:00
Mathias Vorreiter Pedersen
fddd3660ab C++: Fix formatting in example 2020-01-20 16:05:16 +01:00
Geoffrey White
952b9e1581 CPP: Use hasGlobalName where appropriate. 2020-01-20 14:24:38 +00:00
Mathias Vorreiter Pedersen
13fc8741d4 C++: Include malloc example in qlhelp 2020-01-20 13:28:00 +01:00
Geoffrey White
79811fcccd Merge pull request #2642 from jbj/TaintTracking-indirection 
C++: Indirection for security.TaintTracking impl
 2020-01-20 12:25:51 +00:00
Geoffrey White
5a20e85598 Merge pull request #2638 from jbj/ir-dispatch 
C++ IR: Support for global virtual dispatch
 2020-01-20 12:04:09 +00:00
Mathias Vorreiter Pedersen
a43131a987 C++: Fix formatting 2020-01-20 11:39:48 +01:00
Jonas Jensen
2a0fc31b68 C++: Comment and rename getSrc -> getDispatchValue 
Better clarity was requested in the PR review.
 2020-01-20 11:03:03 +01:00
Jonas Jensen
742bd1c6ad Merge pull request #2648 from rdmarsh2/getMemoryOperandDefinition-perf 
C++: Performance fix for getMemoryOperandDefinition
 2020-01-20 08:49:55 +01:00
Jonas Jensen
d3a1856793 Merge pull request #2646 from geoffw0/modelinet 
CPP: Fix a mistake in Inet.qll.
 2020-01-17 22:53:43 +01:00
Geoffrey White
fcea3693f9 CPP: Remove now redundant special cases. 2020-01-17 18:56:21 +00:00
Geoffrey White
200545d88c CPP: Add detail to the model. 2020-01-17 18:56:21 +00:00
Geoffrey White
77a3778eef CPP: Add some strlen variants to the PureStrFunction model. 2020-01-17 18:56:21 +00:00
Jonas Jensen
3632d51abc Merge pull request #2635 from geoffw0/modelstrdup 
CPP: Model strdup
 2020-01-17 19:26:26 +01:00
Geoffrey White
803da339a1 CPP: Fix a mistake in Inet.qll. 2020-01-17 17:44:42 +00:00
Geoffrey White
e4139fe427 Apply suggestions from code review 
Additional corrections.

Co-Authored-By: Dave Bartolomeo <dbartol@github.com>
 2020-01-17 17:20:37 +00:00
Geoffrey White
839fd8f848 CPP: Fix typo. 2020-01-17 16:10:41 +00:00
Robert Marsh
bd98427c5a C++: sync files 2020-01-17 08:05:40 -08:00
Robert Marsh
bbf191e857 C++: fix join order in hasMemoryOperandDefinition 2020-01-17 08:05:40 -08:00
Robert Marsh
d91bc4ba72 C++: pull out hasMemoryOperandDefinition (slow) 2020-01-17 08:05:26 -08:00
Dave Bartolomeo
c7e62b4a35 Merge pull request #2613 from rdmarsh2/getPhiOperandDefinition-perf-2 
C++: performance fixes for getPhiOperandDefinition
 2020-01-17 09:01:33 -07:00
Mathias Vorreiter Pedersen
cd644ca5f2 Merge branch 'implicit-function-declaration' of github.com:MathiasVP/ql into implicit-function-declaration 2020-01-17 14:52:23 +01:00
Mathias Vorreiter Pedersen
4fc325f794 C++: Raise query to warning-high 2020-01-17 13:59:25 +01:00
Mathias Vorreiter Pedersen
aaf2679bf7 Remove incorrect html tag 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-01-17 13:52:38 +01:00
Mathias Vorreiter Pedersen
e79c0820ef Fix reference 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-01-17 13:51:14 +01:00
Jonas Jensen
53e10e4c7f Merge pull request #2634 from MathiasVP/overrideable-taint-sources 
C++: Overrideable taint sources in DefaultTaintTracking
 2020-01-17 13:01:03 +01:00
Mathias Vorreiter Pedersen
9e71e7f2ef C++: Added .qlhelp file 2020-01-17 12:58:10 +01:00
Jonas Jensen
d19c77d473 C++: Indirection for security.TaintTracking impl 
This change should make it easier to switch to the IR-based
`DefaultTaintTracking` code without getting a large and conflict-prone
diff.
 2020-01-17 12:04:53 +01:00
Marc Waldman
dbe51e070f Merge pull request #2 from marcrepo/patch-2 
Documentation update for Issue #2623
 2020-01-17 04:55:34 -05:00
Marc Waldman
0d409b2d69 Documentation update for Issue #2623 
Changes based on Issue #2623 - DescriptorNeverClosed.ql identifies only sockets (not file handles)
 2020-01-17 04:46:10 -05:00
Marc Waldman
140051cc9a Removed word "file" from description (see Issue 2623) 
This pull request is in reference to Issue #2623 - "DescriptorNeverClosed.ql identifies only sockets (not file handles)"
 2020-01-17 04:38:15 -05:00
Jonas Jensen
5d08a0e338 Merge pull request #2558 from MathiasVP/ast-classes-should-not-be-abstract 
C++: Ast classes should not be abstract
 2020-01-17 08:47:55 +01:00
Mathias Vorreiter Pedersen
e4def730fd C++: Fix alert message 2020-01-16 21:30:14 +01:00
Geoffrey White
3c41ed56a1 CPP: Support taint to return value derefs instead. 2020-01-16 18:15:21 +00:00
Robert Marsh
e0406190a1 Merge branch 'master' into getPhiOperandDefinition-perf-2 2020-01-16 07:23:59 -08:00
Robert Marsh
c942da524c C++/C#: Sync 2020-01-16 07:16:57 -08:00
Robert Marsh
1b5d33023e C++: actually fix Chi total operands 2020-01-16 07:15:08 -08:00
Mathias Vorreiter Pedersen
c1fcf78f16 C++: Fold predicate sameLocation 2020-01-16 16:14:55 +01:00
Jonas Jensen
f4d0c5e905 C++ IR: Support for global virtual dispatch 
The IR data flow library now supports virtual dispatch with a library
that's similar to `security.TaintTracking`. In particular, it should
have the same performance characteristics. The main difference is that
non-recursive callers of `flowsFrom` now pass `_` instead of `true` for
`boolean allowFromArg`. This change allows flow through `return` to
actually work.
 2020-01-16 14:51:28 +01:00
Geoffrey White
ef47563139 CPP: Support flow of pointed-to things through function calls. 2020-01-16 11:08:19 +00:00
Mathias Vorreiter Pedersen
87c59e0017 C++: Overrideable taint sources in DefaultTaintTracking 2020-01-16 11:10:43 +01:00
Mathias Vorreiter Pedersen
603b1c26a7 Merge branch 'master' into ast-classes-should-not-be-abstract 2020-01-16 10:16:03 +01:00
Dave Bartolomeo
48301e1187 Merge pull request #2594 from rdmarsh2/ir-overlappingVariableMemoryLocations 
C++: compute overlap on irvars with vvar indexes
 2020-01-15 13:06:33 -07:00