hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,363 Commits 1,712 Branches 163 Tags
04190ea308787bf00aa6953547cc83d3c9d87aaa
Commit Graph

24363 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
04190ea308 Python: Add file-like modeling to werkzeug FileStorage 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
5f5c0b11c7 Python: Refactor Werkzeugmodeling 
Having the additional taint step just next to the other definitions, so
everything is together.
 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
4f4dec50f2 Python: Model ResovlerMatch in Django 
Like before, omitted ClassInstantiation
 2021-07-22 10:43:13 +02:00
Rasmus Wriedt Larsen
6f0a622252 Python: Remove ClassInstantiation from Django UploadedFile 
since UploadedFile is the abstract base class, all real usage would be
of one of the subclasses, so removing this to not provide a false hope
that it actually works.

I don't think investing the time into making this work would give any
value, so that's why I didn't do it ;)
 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
7dc6518350 Python: Add FileLikeObject modeling 
Such that the result of `request.FILES["key"].file.read()` is tainted
 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
18c0d13efd Python: Model most of UploadedFile in Django 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
5ec5557203 Python: Model MultiValueDict in Django 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
95e88c18b9 Python: Minor cleanup 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
51b543c67c Python: Model taint for django request methods 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
bced467a88 Python: Refactor django additional step handling 
So it matches the new style we're using in aiohttp/twisted/...
 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
ce4b192caa Python: Improve usefulness of RemoteFlowSourcesReach meta query 
Before, results from `dca` would look something like

    ## + py/meta/alerts/remote-flow-sources-reach

    - django/django@c2250cf_cb8f: tests/messages_tests/urls.py:38:16:38:48
        reachable with taint-tracking from RemoteFlowSource
    - django/django@c2250cf_cb8f: tests/messages_tests/urls.py:38:9:38:12
        reachable with taint-tracking from RemoteFlowSource

now it should make it easier to spot _what_ it is that actually changed,
since we pretty-print the node.
 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
6aabbf0b9a Python: Add some alert meta queries 
Intended for use with dca
 2021-07-21 14:53:01 +02:00
Anders Schack-Mulligen
db76b12f3f Merge pull request #6313 from aschackmull/java/fix-csv-dispatch 
Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable.
 2021-07-19 12:49:31 +02:00
Anders Schack-Mulligen
0b89f96055 Merge pull request #6318 from Marcono1234/patch-1 
Java: Fix documentation mistake for `ProtoPom`
 2021-07-19 11:25:06 +02:00
Anders Schack-Mulligen
d1f21a854a Merge pull request #6042 from joefarebrother/spring-http 
[Java] Model spring `http` package
 2021-07-19 11:24:41 +02:00
Taus
12f7921c92 Merge pull request #6304 from RasmusWL/more-snippets 
Python: Add more snippets
 2021-07-19 11:23:24 +02:00
Anders Schack-Mulligen
c32a75a1b3 Merge pull request #6183 from smowton/smowton/feature/javax-json-models 
Add models of the jakarta/javax.json package
 2021-07-19 11:19:21 +02:00
Anders Schack-Mulligen
6de31f8b59 Merge pull request #6317 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-19 10:45:22 +02:00
Rasmus Wriedt Larsen
c9087b2e1b Python: Minor fixup to snippet 
Spotted by @tausbn 🎉
 2021-07-19 10:19:23 +02:00
github-actions[bot]
9b7616bea4 Add changed framework coverage reports 2021-07-19 00:07:04 +00:00
Marcono1234
87d6b9ca5a Java: Fix documentation mistake for ProtoPom 2021-07-18 02:49:43 +02:00
Tom Hvitved
1c68d3f4cd Merge pull request #6309 from hvitved/csharp/dead-store-of-local-perf 
C#: Improve performance of `DeadStoreOfLocal.ql`
 2021-07-17 10:56:35 +02:00
Tom Hvitved
25706e0812 Merge pull request #6303 from hvitved/csharp/get-qual-name-nomagic 
C#: Two `pragma` performance fixes
 2021-07-17 07:53:35 +02:00
Robert Marsh
e0ff1d949b Merge pull request #6315 from MathiasVP/fix-off-by-one-in-rem-expr-range-analysis 
C++: Fix off–by-one in range analysis for `RemExpr`.
 2021-07-16 15:22:03 -07:00
Mathias Vorreiter Pedersen
39d9395bc3 C++: Fix off-by-one in range analysis for 'RemExpr'. 2021-07-16 16:35:19 +02:00
Mathias Vorreiter Pedersen
81aa115838 C++: Fix range analysis bug for 'RemExpr'. 2021-07-16 16:28:08 +02:00
Mathias Vorreiter Pedersen
dc2eea59a3 C++: Add buggy testcase with 'RemExpr'. 2021-07-16 16:27:09 +02:00
Anders Schack-Mulligen
effca4495f Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable. 2021-07-16 14:31:29 +02:00
Anders Schack-Mulligen
68b3c28202 Merge pull request #6310 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-16 14:10:33 +02:00
CodeQL CI
9aafe8242e Merge pull request #6271 from erik-krogh/logs 
Approved by asgerf
 2021-07-16 03:49:22 -07:00
Anders Schack-Mulligen
ef9d09692d Merge pull request #5796 from smowton/smowton/feature/apache-mutable-flow 
Java: Add synthetic fields; model Commons Lang's MutableObject type
 2021-07-16 12:08:26 +02:00
Erik Krogh Kristensen
36de24aecb use API nodes instead of type-tracking in the pino model 2021-07-16 11:32:32 +02:00
Erik Krogh Kristensen
178d3de824 Merge branch 'main' into logs 2021-07-16 11:21:25 +02:00
CodeQL CI
a02a82caac Merge pull request #6284 from erik-krogh/qs 
Approved by asgerf
 2021-07-16 02:11:59 -07:00
CodeQL CI
c1d0e52492 Merge pull request #6286 from erik-krogh/mkdirp 
Approved by asgerf
 2021-07-16 02:11:07 -07:00
CodeQL CI
6c2c51a767 Merge pull request #6287 from erik-krogh/react-tooltip 
Approved by asgerf
 2021-07-16 02:10:36 -07:00
CodeQL CI
d4fa1f7d96 Merge pull request #6295 from erik-krogh/sort-keys 
Approved by asgerf
 2021-07-16 02:09:47 -07:00
CodeQL CI
520337577b Merge pull request #6298 from erik-krogh/ansi-to-html 
Approved by asgerf
 2021-07-16 02:09:03 -07:00
CodeQL CI
f4f8ce0d36 Merge pull request #6294 from erik-krogh/arrify 
Approved by asgerf
 2021-07-16 02:08:19 -07:00
CodeQL CI
8ef57366c4 Merge pull request #6278 from erik-krogh/toUnicodeInAngular 
Approved by asgerf
 2021-07-16 02:07:18 -07:00
Chris Smowton
9cde13bf82 Note spurious results that stem from weak updates to synthetic fields. 2021-07-16 09:44:36 +01:00
Tom Hvitved
45ee21622d C#: Cache NamedElement::getQualifiedName() 2021-07-16 10:25:07 +02:00
CodeQL CI
b14139f3a0 Merge pull request #6261 from max-schaefer/js/module-constructor 
Approved by asgerf
 2021-07-16 00:28:30 -07:00
Tom Hvitved
8321d5f312 Merge pull request #6293 from hvitved/csharp/ssa/remove-redundant-conjunct 
C#: Remove redundant conjunct in `ssaDefReachesReadWithinBlock`
 2021-07-16 06:15:34 +02:00
github-actions[bot]
e61702c281 Add changed framework coverage reports 2021-07-16 00:07:10 +00:00
Robert Marsh
59855de0ac Merge pull request #6301 from github/aibaars/drop-opaque-id 
CPP: drop opaque-id properties
 2021-07-15 16:36:11 -07:00
Tom Hvitved
c53502a84a C#: Improve performance of DeadStoreOfLocal.ql 2021-07-15 22:26:07 +02:00
Rasmus Wriedt Larsen
5e193ee8da Python: Add more snippets 2021-07-15 18:56:49 +02:00
Geoffrey White
c4322fdcd2 Merge pull request #6231 from ihsinme/ihsinme-patch-277 
Add query for CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
 2021-07-15 15:52:48 +01:00
Joe Farebrother
f7de2e64c5 Fix failing test caused by an imprecission in the stubber 2021-07-15 15:15:37 +01:00