hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,232 Commits 1,684 Branches 159 Tags
038f951e9f50420ced66ece7fcfb4dfb60eca0d8
Commit Graph

2232 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
038f951e9f Fix containerStoreStep 
Update some comments as well, and change a variable name
 2021-12-08 11:20:20 -05:00
Owen Mansel-Chan
be6501d8e4 Add tests for data and taint flow through arrays and var args 2021-12-08 11:20:20 -05:00
Sauyon Lee
2060731077 Add tests for external flow 2021-12-08 11:20:20 -05:00
Sauyon Lee
873f496038 Use basicLocalFlowStep instead of .getASuccessor 
This prevents non-monotonic recursion through summary post-update nodes
 2021-12-07 07:39:28 -05:00
Sauyon Lee
afe7edc093 Fix test output 
Includes a bunch of new edges, but no new results
 2021-12-07 07:39:28 -05:00
Sauyon Lee
0572c4785c Model net http sources as csv 2021-12-07 07:39:27 -05:00
Sauyon Lee
bebdb0ba53 Add RangeIndexNode 2021-12-07 07:39:27 -05:00
Sauyon Lee
3750af41d3 Add standard container steps 2021-12-07 07:39:27 -05:00
Sauyon Lee
8c4a1d2559 Consider CSV remote sources as untrusted flow sources 2021-12-07 07:39:26 -05:00
Sauyon Lee
d62f417130 Remove uses of getEnclosingCallable 2021-12-07 07:39:26 -05:00
Sauyon Lee
30ab22f5a6 Fix compilation errors with new DataFlowCallable 2021-12-07 07:39:26 -05:00
Chris Smowton
b10d5cf0b0 Broaden ReturnNode to include return nodes of summaries 2021-12-07 07:39:25 -05:00
Chris Smowton
94d9d08489 Fix DataFlow::Node::getEnclosingCallable 2021-12-07 07:39:25 -05:00
Sauyon Lee
c8a2a6356a Add summary parameter nodes 2021-12-07 07:39:25 -05:00
Sauyon Lee
4af4a11729 Make getACallee return DataFlowCallable 2021-12-07 07:39:24 -05:00
Sauyon Lee
8cba368ef5 Model archive/tar.FileInfoHeader in CSV 2021-12-07 07:39:24 -05:00
Sauyon Lee
86d3410041 Add asFunctionNode to new dataflowcallable 2021-12-07 07:39:23 -05:00
Sauyon Lee
d9383d9412 Don't use internal predicates in revel 2021-12-07 07:39:23 -05:00
Sauyon Lee
73684f483c Allow for Return[i] specifications 2021-12-07 07:39:22 -05:00
Sauyon Lee
aa747ea5ff Fix validation regexes for go 2021-12-07 07:39:22 -05:00
Sauyon Lee
0151cd4f2e Document SourceOrSinkElement 2021-12-07 07:39:22 -05:00
Sauyon Lee
0b50b7b2b1 Make DataFlowCallable either a Function or a FuncLit 2021-12-07 07:39:21 -05:00
Sauyon Lee
3ac2a50497 Update test output 2021-12-07 07:39:21 -05:00
Owen Mansel-Chan
763861bef9 Keep call to defaultTaintSanitizerGuard 2021-12-07 07:39:21 -05:00
Sauyon Lee
e41d609921 Use newtype for SourceOrSinkElement 2021-12-07 07:39:20 -05:00
Sauyon Lee
9bfe1c94b3 autoformat 2021-12-07 07:39:20 -05:00
Sauyon Lee
16371ac488 Add support for summary elements 2021-12-07 07:39:19 -05:00
Sauyon Lee
96c58b58dd Add EmptyInterfaceType 2021-12-07 07:39:19 -05:00
Sauyon Lee
26d00f1d5b Move basicLocalFlowsStep to DataFlowPrivate 2021-12-07 07:39:19 -05:00
Sauyon Lee
3098a4ef16 Qualify uses and add imports in DataFlowNodes 2021-12-07 07:39:18 -05:00
Sauyon Lee
93f2569f1d Refactor data-flow nodes 2021-12-07 07:39:18 -05:00
Sauyon Lee
9ceda08d13 Sync dataflow libraries 2021-12-07 07:39:12 -05:00
Sauyon Lee
4c67ef2b0b Add FlowSummaryImpl to sync-dataflow-nodes target 2021-12-02 10:31:01 -05:00
Sauyon Lee
459f4d18a8 Fix sync-dataflow-libraries 2021-12-02 10:31:01 -05:00
Chris Smowton
894102defd Merge pull request #621 from owen-mc/extractor-add-variadic-to-type-label 
Update extractor to distinguish variadic and non-variadic signature types
 2021-12-01 15:44:09 +00:00
Owen Mansel-Chan
d0c9aacd54 Distinguish variadic and non-variadic signature types in extractor 2021-12-01 09:33:44 -05:00
Owen Mansel-Chan
628835d3b3 Add failing tests for isVariadic 
`nonvariadicDeclaredFunction` has the same signature as
`variadicDeclaredFunction`, so it is being erroneously reported as
variadic.
 2021-12-01 09:32:12 -05:00
Chris Smowton
e07958d64c Merge pull request #619 from owen-mc/update-is-variadic 
Update `isVariadic`
 2021-12-01 08:48:16 +00:00
Owen Mansel-Chan
e08007b287 Add missing qldocs for two isVariadic() predicates 2021-11-30 15:13:42 -05:00
Owen Mansel-Chan
acc5c4098a Fix Function.isVariadic to work on external packages 
Going via `getFuncDecl()` didn't work as we don't function declarations
from external packages. It works to use `getType()` instead.
 2021-11-30 15:11:34 -05:00
Owen Mansel-Chan
a6d8deae3e Add Fmt.Fprint to isVariadic tests 
We didn't have any tests involving a function in an imported package.
 2021-11-30 15:07:57 -05:00
Erik Krogh Kristensen
adbe19878f Merge pull request #615 from erik-krogh/explicit-this 
apply the implicit-this patch to the remaining go code
 2021-11-29 17:16:43 +01:00
Chris Smowton
b37fa9c447 Merge pull request #614 from owen-mc/always-extract-empty-interface-type 
Always extract empty interface type
 2021-11-29 12:15:52 +00:00
Erik Krogh Kristensen
1ade6c55d8 apply the implicit-this patch to the remaining go code 2021-11-29 13:10:04 +01:00
Owen Mansel-Chan
f9a3832aa2 Add extractor test that empty interface type exists 2021-11-26 15:16:09 -05:00
Owen Mansel-Chan
d35a46e2f3 Always extract an empty interface type 2021-11-26 15:04:05 -05:00
Tony Torralba
662f880ab8 Merge pull request #609 from github/atorralba/log-injection-query 
Go: Add Log Injection query (CWE-117)
 2021-11-24 15:41:43 +01:00
Tony Torralba
cc8d9bdc7f Update ql/src/Security/CWE-117/LogInjection.qhelp 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2021-11-24 13:57:34 +01:00
Chris Smowton
5ed4e3651b Merge pull request #611 from tunnelshade/main 
Add `Where` method of squirrel sql builders to query range
 2021-11-23 11:13:19 +00:00
Chris Smowton
ab9ab106e5 Merge pull request #612 from smowton/smowton/fix/zipslip-sanitizer-guard-efficiency 
Improve ZipSlip sanitizer guard efficiency
 2021-11-23 09:35:54 +00:00