hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,794 Commits 1,684 Branches 159 Tags
00aac808d2f52bdbb5af8aaaf179c91acbc4a026
Commit Graph

1285 Commits

Author SHA1 Message Date
Owen Mansel-Chan
00aac808d2 Address review comments 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
a5293fa835 Use index to determine selector base 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
015c0537c2 Add index to FieldReadInstruction 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
0d071b2119 Use depth for implicit field selection 2021-03-30 10:13:26 +01:00
Chris Smowton
204e313c3b Improve documentation 2021-03-30 10:13:26 +01:00
Chris Smowton
6645613eb8 Deduplicate and document helper types 2021-03-30 10:13:25 +01:00
Chris Smowton
9a427931b7 Explicitly walk pointer types 
In a previous draft these could use getBaseType*
 2021-03-30 10:13:25 +01:00
Chris Smowton
660ba4e31c Optimise selectorBase, similar to existing work on implicitFieldRead 2021-03-30 10:13:25 +01:00
Chris Smowton
8cde56dfc2 Neaten and fix documentation of selectorBase 2021-03-30 10:13:24 +01:00
Chris Smowton
9444774895 Add further hints that the range of possible addressed fields, and therefore the interesting selector expressions, are small 2021-03-30 10:13:24 +01:00
Chris Smowton
22a3fccf79 Use type to hint that constraining to embedded fields is a good first step 
This improves the join order for `implicitFieldSelection`
 2021-03-30 10:13:23 +01:00
Sauyon Lee
e1b4867a19 Refactor embedded field calculation to expose access chain 
This allows us to reuse the embedded field calculation in the
logic for generating implicit field selection nodes.
 2021-03-30 10:13:23 +01:00
Owen Mansel-Chan
f1b6139ace Update expected results for ZipSlip to include implicit field reads 2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
13cd19ee40 Make ImplicitFieldReadInstruction include implicit deref when needed 
When an ImplicitFieldReadInstruction reads an embedded field which has
a pointer type, it now includes the implicit dereference.

It might be better to extend MkImplicitDeref to cover this case, so we have
an explicit instruction for this. Then it would be easier to see when
dereferences are happening, and hence when they might cause a nil pointer
dereference.
 2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
2d3caf48c1 Add implicit field reads for promoted fields 
This may not work when the embedded fields are pointer types, as
we don't have anything corresponding to MkImplicitDeref
 2021-03-30 10:13:21 +01:00
Owen Mansel-Chan
7ded91e81d Make depth of promoted fields accessible 2021-03-30 10:13:21 +01:00
Owen Mansel-Chan
b6dddd36e1 Update FieldTarget.getBaseType() 
It wasn't defined when `getBase()` was an EvalImplicitDerefInstruction.
Rewriting it like this means it should work no matter what type of
instruction `getBase()` is.
 2021-03-30 10:13:20 +01:00
Owen Mansel-Chan
b32b3157d4 (Minor) Add missing this. to method call 2021-03-30 10:13:19 +01:00
Chris Smowton
244f66c358 Make diagnostics test platform-neutral 2021-03-25 14:44:18 +00:00
Tom Hvitved
e119e15f84 Merge branch 'rc/3.1' into 'main' 2021-03-23 09:10:20 +01:00
Sauyon Lee
bcee55c402 Remove now-unnecessary bindingset annotations 2021-03-20 18:54:26 +00:00
Sauyon Lee
426a65b981 Restrict 'package' to real package paths 2021-03-20 18:54:26 +00:00
Simon Engledew
43b4cd69f8 Add review feedback 2021-03-19 14:21:45 +00:00
Simon Engledew
c6ae48f090 Create deferinloop.ql 
Add example query for highlighting defers inside loops.
 2021-03-19 13:16:21 +00:00
Sauyon Lee
92c5999c4d Update stats 2021-03-19 04:34:16 -07:00
Sauyon Lee
394feb03f1 Add tests for extractor diagnostics 2021-03-19 04:34:16 -07:00
Sauyon Lee
d8885c580a Add extractor diagnostic tables to the database 2021-03-19 04:34:13 -07:00
Sauyon Lee
68dca955a8 Rework tests and fix output 2021-03-18 10:54:32 -07:00
Sauyon Lee
c2321bd365 Add support for XSS sink kinds 2021-03-18 10:51:16 -07:00
Sauyon Lee
9f5a9cf7b8 Add HTTP template response body concept 2021-03-18 10:51:15 -07:00
Sauyon Lee
844f0e49a6 Add getEnclosingTextNode to template statements 2021-03-18 10:51:15 -07:00
Sauyon Lee
96d2777431 Add models for Revel raw templates 2021-03-18 10:51:14 -07:00
Sauyon Lee
4932574083 Add HTML template variable model 2021-03-18 10:51:14 -07:00
Sauyon Lee
e3f68771fc Add VariableWithFields 2021-03-18 10:51:13 -07:00
Sauyon Lee
8438b893ec Add HTML tracing capability 2021-03-18 10:51:12 -07:00
sn00py
263d813b58 Merge branch 'main' into add-transport-roundtrip 2021-03-16 23:54:53 +08:00
Owen Mansel-Chan
f9c4e12c95 Make this. explicit 2021-03-16 13:40:58 +00:00
Owen Mansel-Chan
ea7ecbaa55 Add hint so optimizer doesn't choose bad join order 2021-03-16 13:40:58 +00:00
Owen Mansel-Chan
c940eb61e7 Cache TControlFlowNode 2021-03-16 13:40:58 +00:00
snoopywu
cee30cfde4 fix: autoformat 2021-03-16 01:43:33 +08:00
sn00py
00f12f9210 Update ql/src/semmle/go/frameworks/stdlib/NetHttp.qll 
Co-authored-by: Sauyon Lee <sauyon@github.com>
 2021-03-16 00:41:52 +08:00
snoopywu
e1219480d8 Add Transport.RoundTrip() 2021-03-13 03:17:58 +08:00
Owen Mansel-Chan
5b09d35668 Add missing QLDoc for public declarations 2021-03-11 15:36:31 +00:00
Sauyon Lee
db20119267 Remove now-unnecessary bindingset annotations 2021-03-10 08:58:45 -08:00
Sauyon Lee
8ad1010860 Restrict 'package' to real package paths 2021-03-10 08:58:41 -08:00
Owen Mansel-Chan
0a48fef0e7 Model Apply methods correctly 
They were accidentally modeled as functions
 2021-03-05 15:55:44 +00:00
Owen Mansel-Chan
f6ff3c009e Merge branch 'main' into sync-dataflow-libraries 2021-02-24 14:14:44 +00:00
Owen Mansel-Chan
6c0fe2ed45 Merge branch 'main' into add-missing-licences-for-stubbed-libraries 2021-02-23 17:14:28 +00:00
Owen Mansel-Chan
4728b7a866 Add license files for stubbed dependencies 2021-02-23 16:29:17 +00:00
Sauyon Lee
a4b701d2c5 Merge pull request #480 from sauyon/go116 
Add preliminary support for go 1.16
 2021-02-23 08:16:12 -08:00