hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,392 Commits 1,703 Branches 162 Tags
03ba7ea8514619792508cc5d9a5a262e8ed10dff
Commit Graph

51392 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
03ba7ea851 C++: Move the weird global property 'not sqlite_encryption_used()' from the sink definition to the source definition. The dataflow library starts tracking flow from the sources, so it's better to to rule out the entire database in the source definition than in the sink definition. 2023-03-09 14:59:13 +00:00
Mathias Vorreiter Pedersen
7819a7d2bc C++: Severely restrict the set of sinks in 'cpp/cleartext-storage-database'. This reduces the number of sinks considered on the 'sysown/proxysql' from > 62000 sinks to ~1000 sinks. 2023-03-09 14:59:13 +00:00
Jeroen Ketema
fadd23a2a0 Merge pull request #12443 from jketema/even-more-configsig 
C++: Update more queries with `DataFlow::ConfigSig`
 2023-03-09 08:54:31 +01:00
Jeroen Ketema
30cbc91092 C++: Update XXE XML query with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
6f2407412e C++: Update some dataflow tests to use DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
8253f2d343 C++: Update UnsafeDaclSecurityDescriptor with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
7fe1a9431c C++: Update PotentiallyExposedSystemData with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
53aa34bdd3 C++: Update UnsafeCreateProcessCall with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
af612a12de C++: Update TlsSettingsMisconfiguration with DataFlow::ConfigSig 2023-03-08 15:04:52 +01:00
Jeroen Ketema
4363a8ea30 C++: Update leap year queries with DataFlow::ConfigSig 2023-03-08 15:04:52 +01:00
Jeroen Ketema
e65ba13da4 C++: Update NonConstantFormat with DataFlow::ConfigSig 2023-03-08 15:04:52 +01:00
Jeroen Ketema
661160a98e C++: Update PrivateCleartextWrite with DataFlow::ConfigSig 2023-03-08 15:04:45 +01:00
Mathias Vorreiter Pedersen
a247a8b3ea Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-08 13:35:35 +00:00
Mathias Vorreiter Pedersen
e68bb53a6b Merge pull request #12435 from jketema/more-config 
C++: Convert a number of data flow based queries to use `ConfigSig`
 2023-03-08 13:25:54 +00:00
Michael Nebel
29ee1bda50 Merge pull request #12369 from michaelnebel/csharp/unsafestubs 
C#: .NET 7 Runtime and ASP.NET 7 stubs.
 2023-03-08 13:54:23 +01:00
Michael Nebel
6adc04eca0 Merge pull request #12370 from michaelnebel/csharp/unsafemember 
C#: Improve the `unsafe` predicate on Modifiable.
 2023-03-08 13:47:59 +01:00
Mathias Vorreiter Pedersen
c84d88f5aa Merge pull request #12429 from MathiasVP/actually-implement-language-specific-flow-into-call-node-cand1 
C++: Implement `getAdditionalFlowIntoCallNodeTerm`
 2023-03-08 11:58:56 +00:00
yoff
a45a0ee50d Merge pull request #12425 from RasmusWL/arg-passing-problem 
Python: Add test of keyword argument with same name as positional-only parameter
 2023-03-08 12:01:26 +01:00
Mathias Vorreiter Pedersen
8308c661b4 Merge pull request #12432 from MathiasVP/fix-ir-uninitialized-node 
C++: Fix `asUninitialized`
 2023-03-08 10:03:46 +00:00
Mathias Vorreiter Pedersen
5a6b94eda2 C++: Respond to PR reviews. 2023-03-08 09:38:56 +00:00
Michael Nebel
0714310661 C#: Add some more test examples. 2023-03-08 10:14:49 +01:00
Mathias Vorreiter Pedersen
263b208282 C++: Disambiguate a test annotation. 2023-03-08 09:07:07 +00:00
Michael Nebel
7ce5c0d55d C#: Add change note. 2023-03-08 10:02:28 +01:00
Michael Nebel
c88f52c63e C#: Add stubs test case. 2023-03-08 10:02:27 +01:00
Michael Nebel
b6d97b07bf C#: Also print the unsafe keyword for eg. classes when creating stubs. 2023-03-08 10:02:27 +01:00
Michael Nebel
67e7b8fc23 C#: If a type (or any child of a type) is a pointer like type then it is unsafe. 2023-03-08 10:02:27 +01:00
Jeroen Ketema
5391b13db9 C++: Make dataflow configuration modules private in qll files 2023-03-08 09:18:09 +01:00
Jeroen Ketema
0f8a12f3ac C++: Add change note for deprecated data flow configurations in qll files 2023-03-08 09:00:43 +01:00
Paolo Tranquilli
a4c0a0353f Merge pull request #12426 from github/redsun82/cpp-file-permissions-example 
C++: fix example code for `FilePermissions.qll`
 2023-03-07 19:55:46 +01:00
Jeroen Ketema
13bdd9c0c6 C++: Fix query compliation 
Apparently some queries we skipped in the testing I did locally.
 2023-03-07 19:16:10 +01:00
Jeroen Ketema
57c5d5f2c7 C++: Add QLDoc on configuration modules where the original class had one 2023-03-07 19:01:05 +01:00
Jeroen Ketema
0c39d1e5ca C++: Fix query formatting 2023-03-07 18:55:58 +01:00
Jeroen Ketema
2eb2e11ef7 C++: Fix query compilation 2023-03-07 18:53:07 +01:00
AlexDenisov
6a985a3df9 Merge pull request #12392 from github/alexdenisov/mangle-builtin-types 
Swift: mangle builtin types
 2023-03-07 18:22:13 +01:00
Jeroen Ketema
fb57914751 C++: Convert a number of data flow based queries to use ConfigSig 2023-03-07 18:21:52 +01:00
Mathias Vorreiter Pedersen
cc0b8bbebb Merge pull request #12430 from MathiasVP/no-to-string-on-state-in-cast-array-pointer-arith 
C++: Convert `cpp/upcast-array-pointer-arithmetic` to the new API
 2023-03-07 16:48:15 +00:00
Alex Denisov
1283bcb860 Swift: mangle builtin types 2023-03-07 17:45:08 +01:00
AlexDenisov
d469b9711d Merge pull request #12388 from github/alexdenisov/introduce-type-mangling 
Swift: introduce type mangling
 2023-03-07 17:44:30 +01:00
Geoffrey White
72d6f56df1 Merge pull request #12413 from geoffw0/ptrout2 
Swift: Permit data flow from all generic arguments
 2023-03-07 16:27:12 +00:00
Mathias Vorreiter Pedersen
eea02e1ac1 C++: Accept test changes. 2023-03-07 16:18:43 +00:00
Mathias Vorreiter Pedersen
a39a6ea648 C++: Don't use indirect instructions for asUnitialized. 2023-03-07 16:18:27 +00:00
Mathias Vorreiter Pedersen
ce02de48a0 C++: Fix Code Scanning error. 2023-03-07 14:40:36 +00:00
Mathias Vorreiter Pedersen
f2b311a008 C++: We don't need to check type equivalence at the end anymore: the dataflow state now precisely tracks the types. 2023-03-07 14:31:11 +00:00
Mathias Vorreiter Pedersen
ce6366f023 C++: Use the parameterized module dataflow API in 'cpp/upcast-array-pointer-arithmetic'. 
This allows us to swap out the old string state with the Type-based state.
 2023-03-07 14:17:12 +00:00
Mathias Vorreiter Pedersen
0d1e061f5a C++: Implement 'getAdditionalFlowIntoCallNodeTerm'. 2023-03-07 13:45:32 +00:00
Mathias Vorreiter Pedersen
63690066c5 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-07 13:06:43 +00:00
Mathias Vorreiter Pedersen
b054b9c5cd Merge pull request #12408 from jketema/merge-main 
C++: use-use dataflow merge main
 2023-03-07 13:05:30 +00:00
Paolo Tranquilli
c4fd39ec3f C++: fix example code for FilePermissions.qll 2023-03-07 13:50:20 +01:00
Paolo Tranquilli
bdad847584 Merge pull request #12422 from github/redsun82/cpp-scanf-fp 
C++: add false positives to `MissingCheckScanf` test
 2023-03-07 13:29:22 +01:00
Rasmus Wriedt Larsen
dda29e99b2 Python: Add test of keyword argument with same name as positional-only parameter 
This is a bit of an edge case, but allowed. Since we currently don't
provide information on positional only arguments, we can't do much to
solve it right now.
 2023-03-07 13:28:48 +01:00