hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,672 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

4944 Commits

Author SHA1 Message Date
Harry Maclean
b03f6efa60 Ruby: Refactor 2023-08-09 15:01:40 +01:00
Harry Maclean
142393b599 Ruby: Handle unknown content in splat flow 2023-08-09 15:01:40 +01:00
Harry Maclean
4239268efd Ruby: Prevent some false flow into splat params 
In cases where there are positional parameters after a splat parameter,
don't attempt to match the splat parameter to a splat argument. We need
more sophisticated modelling to handle these cases, which is future
work.
 2023-08-09 15:01:40 +01:00
Harry Maclean
6f3e2cdde3 Ruby: Add change note 2023-08-09 15:01:40 +01:00
Harry Maclean
c0baa5116f Ruby: add test for example splat arg/param matches 2023-08-09 15:01:40 +01:00
Harry Maclean
72356d1515 Ruby: track flow from *args to positional params 
This models flow in the following case:

    def foo(x, y)
      sink x # 1
      sink y # 2
    end

    args = [source 1, source 2]
    foo(*args)

We do this by introducing a SynthSplatParameterNode which accepts
content from the splat argument, if one is given at the callsite.
From this node we add read steps to each positional parameter.
 2023-08-09 15:01:40 +01:00
Brandon Stewart
93dd9d0aa4 Update ruby/ql/src/experimental/cwe-208/UnsafeHmacComparison.ql 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-08 12:54:54 -04:00
erik-krogh
92db7b047c escape unicode chars in the output for the ReDoS queries 2023-08-08 00:15:54 +02:00
github-actions[bot]
79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
Jeroen Ketema
8b6a7985db Refactor the traint-tracking library to follow the dataflow library refactoring 2023-08-07 15:23:15 +02:00
Jeroen Ketema
5d2984b7a5 Merge branch 'main' into shared-taint-tracking 2023-08-07 15:22:29 +02:00
Tom Hvitved
db88b7da88 Ruby: Adjust to data flow refactor 2023-08-07 11:35:21 +02:00
Jeroen Ketema
747cd1745a Update all languages to use the shared taint-tracking library 2023-08-04 22:53:25 +02:00
Mathias Vorreiter Pedersen
abe3a816ce Merge pull request #13851 from MathiasVP/sink-without-states 
DataFlow: Support stateless `isSink` in `StateConfigSig`s
 2023-08-04 18:01:42 +02:00
Maiky
0cd1c1e2e5 Make private 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-03 17:08:50 +02:00
Maiky
0dec4876f1 Replace cast to DataFlow::CallNode 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-03 17:08:35 +02:00
Maiky
6f1b406b3a typo 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-03 17:08:10 +02:00
Maiky
0237f37842 typo 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-03 17:07:58 +02:00
Maiky
c54561e775 Merge branch 'main' into maikypedia/ldap-improper-auth 2023-08-03 16:49:30 +02:00
Maiky
fd649c1702 Fix getHost() (ldap.host = ip is not covered) 2023-08-03 16:37:48 +02:00
Maiky
f7a662814d simplify usesSsl() 2023-08-03 16:20:20 +02:00
Maiky
2d87489dfa change useSsl() to usesSsl() 2023-08-03 16:18:44 +02:00
Tom Hvitved
e011480114 Merge pull request #13509 from hvitved/cfg-pack 
Convert shared CFG construction library to a parameterized module
 2023-08-03 14:11:56 +02:00
Tom Hvitved
2ac646770e Merge ControlFlowTreeBase and AstNode 2023-08-03 10:59:26 +02:00
Tom Hvitved
525ed65b0b Rename getNode to getAstNode 2023-08-03 10:56:50 +02:00
Asger F
c38cbe859d Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Tom Hvitved
2f3e52646c Add class wrappers around newtype in Cfg.qll 2023-08-03 09:39:30 +02:00
Tom Hvitved
5d69e14cc1 Rename ControlFlowElement to AstNode 2023-08-03 09:39:30 +02:00
Tom Hvitved
1988397f93 Make shared CFG construction library a parameterized module 2023-08-03 09:39:30 +02:00
Mathias Vorreiter Pedersen
3007fdab5e Sync identical files. 2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen
7bc8bf616f Merge pull request #13863 from aschackmull/dataflow/pack4 
Dataflow: Move the shared library to a properly shared qlpack.
 2023-08-02 14:19:49 +02:00
Anders Schack-Mulligen
73d4b126cf Ruby: Adjust to use the qlpack data-flow api. 2023-08-01 14:02:33 +02:00
Alex Ford
af854749d7 Ruby: update Ldapinjection test output 2023-07-31 16:08:15 +01:00
Alex Ford
f437a6f729 Merge branch 'main' into maikypedia/ldap-injection 2023-07-31 16:00:41 +01:00
Alex Ford
558238a9be Ruby: update TaintStep test output 2023-07-31 16:00:27 +01:00
Alex Ford
f272b0786a Ruby: fix qldoc typo 2023-07-31 14:58:05 +01:00
Alex Ford
7f82aba7d4 qlformat 2023-07-31 14:57:14 +01:00
Alex Ford
2240e4bffb Ruby: fix changenote date format 2023-07-31 14:56:53 +01:00
Maiky
2d88ac1846 Suggested Changes 2023-07-27 23:40:52 +02:00
Maiky
f5e17d7d39 Add additional Filter Methods 2023-07-27 23:04:55 +02:00
Owen Mansel-Chan
9b2b58a823 Sync files 2023-07-26 21:48:10 +01:00
Brandon Stewart
f241498cab correct additional pascalcase issue 2023-07-26 17:55:56 +00:00
Brandon Stewart
1a83554b0c correct typo 2023-07-26 17:54:42 +00:00
Brandon Stewart
346a2f269e Update UnsafeHmacComparison.ql 2023-07-26 13:48:42 -04:00
Brandon Stewart
42adbe0cd4 address linter 2023-07-26 17:43:34 +00:00
Brandon Stewart
adddc58b61 address linter 2023-07-26 17:38:06 +00:00
Brandon Stewart
494e7d9a3f add unsafe HMAC comparison query and qlhelp file 2023-07-26 17:28:22 +00:00
github-actions[bot]
f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00