codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Benjamin Muskalla	6960a7b97e	Remove extraneous last column	2021-11-10 16:30:25 +01:00
Benjamin Muskalla	ef972159a6	Fix bug when generating output in a subfolder	2021-11-10 16:30:25 +01:00
Benjamin Muskalla	4cfd978bfe	Support generating in respective folders	2021-11-10 16:30:25 +01:00
Benjamin Muskalla	b92758883b	Auto-format generated qll files	2021-11-10 16:30:25 +01:00
Benjamin Muskalla	e2bd792fc2	Consider bulk-like data for argument accessors	2021-11-10 16:30:25 +01:00
Benjamin Muskalla	739fe75194	Support flow for factory and strategy pattern * Support models for factories that create new instances of an object while tainting it with incoming data * Support models to infer super types for private implementations to expose the models at the right level	2021-11-10 16:30:24 +01:00
Benjamin Muskalla	58de6d143f	Add docs to explain the models captured by the predicates	2021-11-10 16:30:24 +01:00
Benjamin Muskalla	747ab122c3	Restrict fluent api models to same type access	2021-11-10 16:30:24 +01:00
Benjamin Muskalla	8564c9001a	Fix naming for source nodes	2021-11-10 16:30:24 +01:00
Benjamin Muskalla	9500c9c8bc	Support lambda flow for source models Also rely on public API to detect the source node	2021-11-10 16:30:24 +01:00
Benjamin Muskalla	35baa1c3df	Support bulkdata for boxed types as well	2021-11-10 16:30:23 +01:00
Benjamin Muskalla	83b4070f31	Fix bug to accept bulk data for char/byte arrays	2021-11-10 16:30:23 +01:00
Benjamin Muskalla	281f25403d	Match enclosing unit without casting to specific nodes	2021-11-10 16:30:23 +01:00
Benjamin Muskalla	bc10fd94cb	Support generating only specific models	2021-11-10 16:30:23 +01:00
Benjamin Muskalla	0e9fcc6c39	Only generate models for local supertypes Avoid generating models for classes implementing external SPI (e.g. `FileFilter`). Keep `toString` models intact as they're commonly used as taint-propagation method (e.g. see `Joiner`).	2021-11-10 16:30:23 +01:00
Benjamin Muskalla	157f56f48a	Capture model for defining interface Instead of modeling individual implementations, take a more general approach of reuse dataflows for interfaces defined by a library. This allows tracking flows across all implementations and aligns better with how we manually model frameworks. This may have some FPs given all possible flows are modeled for a specific interface but also covers more scenarios where we don't know which implementation of an interface is used.	2021-11-10 16:30:22 +01:00
Benjamin Muskalla	f36bb8baaf	Exclude models for simpler types Avoid generating models for types that can't really propagate taint in a valuable way (e.g. primitivies, BigInt, ..). Keep tracking bulk-like data (e.g. char[] or byte[]).	2021-11-10 16:30:22 +01:00
Benjamin Muskalla	842f617bc1	Order sinks and sources first	2021-11-10 16:30:22 +01:00
Benjamin Muskalla	be150f269b	Formatting	2021-11-10 16:30:22 +01:00
Benjamin Muskalla	2654e27123	Exclude known internal APIs from being modeled	2021-11-10 16:30:22 +01:00
Benjamin Muskalla	6b2460d4a1	Formatting	2021-11-10 16:30:21 +01:00
Benjamin Muskalla	060862ab3b	Avoid certain test sources in models	2021-11-10 16:30:21 +01:00
Benjamin Muskalla	e607953b9c	Simplify query	2021-11-10 16:30:21 +01:00
Benjamin Muskalla	9a859334d4	Formatting	2021-11-10 16:30:21 +01:00
Benjamin Muskalla	6c59333716	Remove workaround that accounted for missing flow	2021-11-10 16:30:21 +01:00
Benjamin Muskalla	7dae6122d9	Support CharSequence#toString Given CharSequence is often used as an alias for String, ensure taint through toString is flowing	2021-11-10 16:30:20 +01:00
Benjamin Muskalla	ca9d5439f0	Restrict source configuration to return nodes	2021-11-10 16:30:20 +01:00
Benjamin Muskalla	7a7ec06819	Simplify sink configuration	2021-11-10 16:30:20 +01:00
Benjamin Muskalla	1a4fd7bc7d	Allow camelcase names	2021-11-10 16:30:20 +01:00
Benjamin Muskalla	2b2ac82fb7	Fix bug in sink detection	2021-11-10 16:30:20 +01:00
Benjamin Muskalla	c616eb1473	Fix finding more sources	2021-11-10 16:30:19 +01:00
Benjamin Muskalla	38579ef25b	Add proper metadata to queries	2021-11-10 16:30:19 +01:00
Benjamin Muskalla	a80d50cbc0	Simplify field flow	2021-11-10 16:30:19 +01:00
Benjamin Muskalla	a1d8dfb524	Initial support for source models	2021-11-10 16:30:19 +01:00
Benjamin Muskalla	c844f5382f	Add script to generate flow models	2021-11-10 16:30:19 +01:00
Benjamin Muskalla	f9fea15a52	Initial support for capturing sink models	2021-11-10 16:30:18 +01:00
Benjamin Muskalla	364de55b8d	Support parameter->parameter flow	2021-11-10 16:30:18 +01:00
Benjamin Muskalla	cd11ef3bf6	Support outgoing taint flow from fields	2021-11-10 16:30:18 +01:00
Benjamin Muskalla	c3462be2c9	Capture argument->return value flows	2021-11-10 16:30:18 +01:00
Benjamin Muskalla	4ca006ba3d	Only expose visible innner classes	2021-11-10 16:30:18 +01:00
Benjamin Muskalla	88032afdc3	Add test for final class	2021-11-10 16:30:17 +01:00
Benjamin Muskalla	ec772fb6b2	Add support for qualifier flow	2021-11-10 16:30:17 +01:00
Benjamin Muskalla	32ef40c77b	Add scaffolding for summary model generator	2021-11-10 16:30:17 +01:00
Erik Krogh Kristensen	2d907f825e	have the aliasPropertyPresenceStep step over extend calls	2021-11-10 16:26:00 +01:00
Geoffrey White	ae622bd482	C++: Use hasGlobalOrStdName.	2021-11-10 14:57:07 +00:00
Tom Hvitved	198b321158	Java: Hide parameters of summarized callables	2021-11-10 15:13:32 +01:00
Tom Hvitved	34fdf11b4b	Ruby: Update expected test output	2021-11-10 15:11:13 +01:00
Tom Hvitved	82abab1510	C#: Hide parameters of summarized callables	2021-11-10 15:11:13 +01:00
Anders Schack-Mulligen	6d9fb3ca43	Dataflow: Sync.	2021-11-10 15:11:13 +01:00
Anders Schack-Mulligen	678a21e532	Dataflow: Support hidden return nodes in subpaths.	2021-11-10 15:11:13 +01:00

... 12 13 14 15 16 ...

29908 Commits