hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 15:04:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,914 Commits 1,680 Branches 158 Tags
008d583da81f9dfcf3d10d8ea3413610f358f97a
Commit Graph

588 Commits

Author SHA1 Message Date
Geoffrey White
008d583da8 C++: Modernize cpp/cleartext-storage-database. 2022-09-05 16:47:14 +01:00
Geoffrey White
946456acc2 C++: Apply the sanitizer improvement from cpp/cleartext-storage-buffer in cpp/cleartext-storage-file and cpp/cleartext-transmission. 2022-09-05 14:44:33 +01:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
erik-krogh
a593a52b5e add missing qldoc (that was already missing?) 2022-08-22 21:22:39 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Mathias Vorreiter Pedersen
65abb54a73 C++: Add a sanitizer to 'cpp/cleartext-storage-buffer' to improve the performance of the query. 2022-08-22 11:01:31 +01:00
Mathias Vorreiter Pedersen
d209231ff9 C++: Remove cartesian product in 'ExecTainted'. 2022-08-21 16:45:36 +01:00
Mathias Vorreiter Pedersen
e3cb7cf9fe C++: Remove internal 'microsoft' tags from queries. 2022-08-01 17:30:23 +01:00
Jeroen Ketema
694d6395d5 C++: Fix join-order problem in cpp/command-line-injection 
Before on Abseil Linux:
```
Evaluated relational algebra for predicate ExecTainted::ExecState#class#91000ffb#fff@41084cm7 with tuple counts:
        40879811  ~0%    {2} r1 = SCAN DataFlowUtil::Node::getLocation#dispred#f0820431#ff OUTPUT In.1, In.0
        40879811  ~0%    {2} r2 = JOIN r1 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
            7527  ~3%    {3} r3 = JOIN r2 WITH ExecTainted::interestingConcatenation#91000ffb#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
            7527  ~0%    {4} r4 = JOIN r3 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Rhs.1
            7527  ~0%    {5} r5 = JOIN r4 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Lhs.3, Rhs.1
            7527  ~0%    {6} r6 = JOIN r5 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0, Lhs.3, Lhs.4
            7527  ~0%    {3} r7 = JOIN r6 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT ((((((("ExecState (" ++ Rhs.1) ++ " | ") ++ Lhs.4) ++ ", ") ++ Lhs.1) ++ " | ") ++ Lhs.5 ++ ")"), Lhs.3, Lhs.2
                         return r7
```

After:
```
Evaluated relational algebra for predicate ExecTainted::ExecState#class#91000ffb#fff@1ffe61ps with tuple counts:
        7527  ~0%    {3} r1 = JOIN ExecTainted::interestingConcatenation#91000ffb#ff WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
        7527  ~0%    {4} r2 = JOIN r1 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1
        7527  ~1%    {5} r3 = JOIN r2 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2, Lhs.3
        7527  ~0%    {5} r4 = JOIN r3 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1
        7527  ~4%    {6} r5 = JOIN r4 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4
        7527  ~0%    {3} r6 = JOIN r5 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT ((((((("ExecState (" ++ Rhs.1) ++ " | ") ++ Lhs.3) ++ ", ") ++ Lhs.5) ++ " | ") ++ Lhs.4 ++ ")"), Lhs.1, Lhs.2
                     return r6
```
 2022-07-20 16:27:47 +02:00
Geoffrey White
246093d375 C++: Move the two implementation imports. 2022-05-17 11:03:21 +01:00
Geoffrey White
cf932eb21c C++: Repair typo fix from main. 2022-05-16 16:46:14 +01:00
Geoffrey White
9f3fa1c45d C++: Consistent QLDoc. 2022-05-16 13:48:57 +01:00
Geoffrey White
b4a840e3ef C++: Make the checks happy. 2022-05-16 13:36:41 +01:00
Geoffrey White
9976825234 C++: Slightly more logical layout. 2022-05-16 12:51:04 +01:00
Geoffrey White
19d1578733 C++: Clean up. 2022-05-16 12:49:01 +01:00
Geoffrey White
b332659fcb C++: Split the XXE query into library files. 2022-05-16 12:41:41 +01:00
Geoffrey White
0ffd0b23ca C++: Create an XmlLibrary class to clean up the code in XXE.ql. 2022-05-16 12:17:20 +01:00
Geoffrey White
7a35a346dc C++: Increase query precision to 'high'. 2022-05-12 17:46:16 +01:00
Geoffrey White
0ad6289618 C++: Fix typos. 2022-05-12 16:32:20 +01:00
Geoffrey White
94e190c63a C++: getClassAndName. 2022-05-11 13:47:51 +01:00
Geoffrey White
f27c2f3031 C++: Fix more capitalization. 2022-05-11 11:27:57 +01:00
Geoffrey White
00f7453fcb C++: Fix capitalization. 2022-05-11 11:08:03 +01:00
Geoffrey White
3dddc560a1 C++: Add LSParser specific transformer. 2022-05-11 11:02:01 +01:00
Geoffrey White
e3be7749ea C++: Repair the LSParser sinks. 2022-05-11 11:02:01 +01:00
Geoffrey White
85cc9b8901 C++: Use getClassAndName. 2022-05-09 13:06:44 +01:00
Geoffrey White
9709c2fa94 C++: Use compliant PascalCase / make the checks happy. 2022-05-09 11:58:57 +01:00
Geoffrey White
453dadea1a C++: Fix QLDoc. 2022-05-05 16:43:31 +01:00
Geoffrey White
6b5a1921dd C++: Support the SAX2XMLReader interface. 2022-05-05 16:35:21 +01:00
Geoffrey White
d5be11bf14 C++: Address review comments. 2022-05-03 14:08:19 +01:00
Geoffrey White
9faa825304 C++: Add support for libxml2 in the query. 2022-05-03 11:19:13 +01:00
Geoffrey White
7fb1069d69 C++: Use GVN on the values passed into set* functions. 2022-04-29 10:09:52 +01:00
Geoffrey White
215453e4db Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-04-29 09:07:25 +01:00
Geoffrey White
33d499c12d C++: Address review comments. 2022-04-29 09:02:11 +01:00
Geoffrey White
2ccd5a5531 C++: Add support for SAXParser in the query. 2022-04-28 16:13:21 +01:00
Mathias Vorreiter Pedersen
dc96d55943 Merge pull request #8888 from geoffw0/xxe2 
C++: Add support for createLSParser to the CWE-611 XXE query.
 2022-04-27 16:24:27 +01:00
Geoffrey White
d04078f989 C++: Fix. 2022-04-27 15:45:23 +01:00
Geoffrey White
4aa41dfa52 Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-04-27 13:06:02 +01:00
Geoffrey White
6ada1bd05b C++: Match createLSParser more precisely. 2022-04-27 11:51:17 +01:00
Erik Krogh Kristensen
e1c7d369be Merge pull request #8796 from erik-krogh/redundantImport 
Remove redundant imports
 2022-04-27 12:39:51 +02:00
Geoffrey White
a21af8e262 C++: Address QLDoc alerts. 2022-04-27 11:05:11 +01:00
Geoffrey White
742949154b C++: Apply code style suggestion. 2022-04-26 16:53:24 +01:00
Geoffrey White
d859a91a14 C++: Add support for createLSParser. 2022-04-22 12:24:01 +01:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Geoffrey White
79aba67036 Merge branch 'main' into xxe 2022-04-22 11:50:41 +01:00
Geoffrey White
5698638d1f Apply suggestions from code review (documentation) 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-04-19 13:38:00 +01:00
Geoffrey White
6e184f2438 C++: Rename variables 'a' and 'b'. 2022-04-19 10:57:42 +01:00
Geoffrey White
da38c9041c C++: Improvements from PR comments. 2022-04-19 10:25:00 +01:00
Geoffrey White
50c7e47dd9 C++: Improve QLDoc. 2022-04-19 10:15:12 +01:00
Geoffrey White
da454128ed Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-04-19 10:08:07 +01:00
Geoffrey White
2ac21d6932 C++: Use isBarrier rather than isBarrierOut (which is going away). 2022-04-14 09:21:57 +01:00