hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-29 00:27:05 +02:00
Code Issues Packages Projects Releases Wiki Activity
41,496 Commits 1,784 Branches 169 Tags
060605bd5fd39d8ebfc82aaa93dee09cbbfb48ce
Commit Graph

41496 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
John Lugton
7d47bffd53 Tidy up ServiceStack.qll 
Use fully qualified names for classes
Make util predicate private
Make naming more consistent with rest of ql libs
 2020-12-17 16:17:26 -08:00
Chelsea Boling
d4acccb13c Update sink 2020-12-17 16:17:26 -08:00
Chelsea Boling
0a7e4b6840 Update sink based on feedback 2020-12-17 16:17:26 -08:00
Chelsea Boling
4e0f3a30ee Update sink based on feedback 2020-12-17 16:17:25 -08:00
Chelsea Boling
ba46eaa143 Refactor sink 2020-12-17 16:17:25 -08:00
Chelsea Boling
3c493511e9 Update file 2020-12-17 16:17:25 -08:00
Chelsea Boling
12e8107492 Add example 2020-12-17 16:17:25 -08:00
Chelsea Boling
5c7dedffb3 Update sinks 2020-12-17 16:17:25 -08:00
Chelsea Boling
71a08c3237 Update servicestack lib 2020-12-17 16:17:25 -08:00
John Lugton
d408ae7e10 Split ServiceStack into modules and incorporate into main lib 2020-12-17 16:17:25 -08:00
John Lugton
386eb2d56b move ServiceStack out of microsoft 2020-12-17 16:17:25 -08:00
Chelsea Boling
a2615339f7 Delete ServiceStack.qll 2020-12-17 16:17:24 -08:00
Chelsea Boling
cae6f91729 Create ServiceStack.qll 2020-12-17 16:17:24 -08:00
Chelsea Boling
dbe0170249 Add files via upload 2020-12-17 16:17:24 -08:00
Chelsea Boling
188dbde2d6 Create SQLInjection.ql 2020-12-17 16:17:24 -08:00
Chelsea Boling
96d11b7966 Create ServiceStack.qll 2020-12-17 16:17:24 -08:00
yoff
39acc9a40b Merge pull request #4735 from RasmusWL/python-untrusted-flow 
Python: Untrusted data used in external APIs
 2020-12-18 00:15:08 +01:00
yoff
9dd6439e3c Merge pull request #4749 from RasmusWL/command-injection-tests 
Python: Add some command injection tests
 2020-12-17 23:36:06 +01:00
yoff
8a44405365 Merge pull request #4827 from RasmusWL/reword-qldoc-for-type-tracking-classes 
Python: Reword QLDoc for class modeling with type-tracking
 2020-12-17 23:28:19 +01:00
Tamas Vajk
8eeab8fdd0 Add new stats file 2020-12-17 21:22:58 +01:00
Nick Rolfe
a87fe410af Simplify examples for unary plus/minus 2020-12-17 18:35:01 +00:00
Nick Rolfe
8b7af665b4 Simplify imports 2020-12-17 18:33:49 +00:00
Jason Rogers
baa169cc77 Refactored HTTP tests 
This will align test location with the library.
 2020-12-17 08:10:06 -08:00
Owen Mansel-Chan
e3d0ccabae Merge pull request #435 from owen-mc/use-implements-where-possible 
Use `implements` for interface methods
 2020-12-17 16:02:14 +00:00
Tom Hvitved
6893f57978 Merge pull request #74 from github/hvitved/cfg/fix-join-order 
CFG: Fix bad join-order
 2020-12-17 16:58:23 +01:00
Tom Hvitved
07c464b753 CFG: Fix bad join-order 
Before:
```
[2020-12-17 11:33:46] (211s) Tuple counts for ControlFlowGraphImpl::Trees::RescueEnsureBlockTree::nestedEnsure_dispred#ff/2@2ea588:
                      11409019   ~0%     {2} r1 = SCAN ControlFlowGraphImpl::getScope#ff AS I OUTPUT I.<1>, I.<0> 'this'
                      3714296409 ~0%     {3} r2 = JOIN r1 WITH ControlFlowGraphImpl::Trees::getAChildInScope#fff_102#join_rhs AS R ON FIRST 1 OUTPUT r1.<1> 'this', R.<1>, R.<2>
                      2359       ~0%     {2} r3 = JOIN r2 WITH ControlFlowGraphImpl::Trees::RescueEnsureBlockTree::getAnEnsureDescendant#ff AS R ON FIRST 2 OUTPUT r2.<2>, r2.<0> 'this'
                      1          ~0%     {2} r4 = JOIN r3 WITH ControlFlowGraphImpl::Trees::RescueEnsureBlockTree::getEnsure_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r3.<1> 'this', R.<1> 'innerBlock'
                                         return r4
```

After:
```
[2020-12-17 15:20:37] (51s) Tuple counts for ControlFlowGraphImpl::Trees::RescueEnsureBlockTree::nestedEnsure_dispred#ff/2@c4f57d:
                      635      ~1%     {3} r1 = JOIN ControlFlowGraphImpl::Trees::RescueEnsureBlockTree::getEnsure_dispred#ff_10#join_rhs AS L WITH ControlFlowGraphImpl::Trees::getAChildInScope#fff_201#join_rhs AS R ON FIRST 1 OUTPUT R.<1>, L.<1> 'innerBlock', R.<2>
                      1        ~0%     {3} r2 = JOIN r1 WITH ControlFlowGraphImpl::Trees::RescueEnsureBlockTree::getAnEnsureDescendant#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1> 'this', r1.<2>, r1.<1> 'innerBlock'
                      1        ~0%     {2} r3 = JOIN r2 WITH ControlFlowGraphImpl::getScope#ff AS R ON FIRST 2 OUTPUT r2.<0> 'this', r2.<2> 'innerBlock'
                                       return r3
```
 2020-12-17 16:46:03 +01:00
Arthur Baars
ff751b97d2 CFG: make all simple nodes instance of StandardLeftToRight{Pre,Post}Tree 2020-12-17 16:39:54 +01:00
Arthur Baars
a15a066414 Merge pull request #72 from github/aibaars/fix-cfg 
CFG improvements
 2020-12-17 16:39:19 +01:00
Arthur Baars
b676c95218 Address comments 2020-12-17 16:35:51 +01:00
Nick Rolfe
73798312b9 Add classes and tests for operations 2020-12-17 15:16:37 +00:00
Tamas Vajk
f3a0d1d138 Add test to list all custom modifiers extracted from IL 2020-12-17 15:43:41 +01:00
Tamas Vajk
7662b55ecc C#: Extract init only accessors and custom modifiers 2020-12-17 15:43:41 +01:00
luchua-bc
bfb138d415 Update qldoc 2020-12-17 14:42:14 +00:00
Tom Hvitved
7a132149a2 C#: Add change note 2020-12-17 15:39:01 +01:00
Tom Hvitved
fe559c190e C#: Recognize format methods without insertion parameters 2020-12-17 15:39:01 +01:00
Geoffrey White
fda531da49 C++: Add query precision. 2020-12-17 14:31:43 +00:00
luchua-bc
7b44ee50ea Revamp the functions to have a string parameter 2020-12-17 14:26:13 +00:00
Tamas Vajk
57c163f314 C#: Add test for CIL setter extraction 2020-12-17 15:23:33 +01:00
Tamás Vajk
45893ab084 Merge pull request #4775 from tamasvajk/feature/cil-attribute-decoding2 
C#: Improve CIL attribute decoding
 2020-12-17 15:20:44 +01:00
Tamás Vajk
65c58edbed Merge pull request #4617 from tamasvajk/feature/csharp9-implicit-obj-creation 
C#: Extract 'ImplicitObjectCreationExpressionSyntax'
 2020-12-17 15:20:13 +01:00
Tamas Vajk
f12befdcd0 Add extra test for collection initialization 2020-12-17 13:49:02 +01:00
Owen Mansel-Chan
d184f245ed Use implements for interface methods 
This means we will find more things.
 2020-12-17 12:42:18 +00:00
Tom Hvitved
46fc17da58 CFG: Fix multiple abnormal successors 2020-12-17 11:15:17 +01:00
Tom Hvitved
1033b8610a CFG: Add more tests 2020-12-17 11:14:10 +01:00
Arthur Baars
91ae237434 Use latest CodeQL for CI 2020-12-17 11:04:57 +01:00
Arthur Baars
dd954ea943 CFG: correct flow for lambda bodies 
Lambda bodies are parsed as nested do-blocks or normal blocks.
This is actually incorrect, as the body of a lambda can't have
parameters. However, we can "inline" such blocks to get the
desired control flow.
 2020-12-17 10:04:01 +01:00
Arthur Baars
eafec4331b CFG: add nodes for block arguments 2020-12-17 10:04:01 +01:00
Arthur Baars
d016e3cae0 CFG: methods are evaluated before their arguments 2020-12-17 10:04:01 +01:00
Arthur Baars
81c907a87a CFG: fix BEGIN and END blocks 2020-12-17 10:04:01 +01:00
Arthur Baars
f2fd1c7931 CFG: make def nodes visible 2020-12-17 10:04:01 +01:00