hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
876 Commits 1,684 Branches 159 Tags
09d2fe391e63e1a128f2c76722445f6dd7cdff33
Commit Graph

876 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
09d2fe391e Data flow: Replace getErasedRepr() and Node::getTypeBound() with getNodeType(). 
cf https://github.com/github/codeql/pull/3854
 2020-07-02 11:55:41 +01:00
Max Schaefer
eeae713c2f Dataflow: Refactor dispatch with call context. 
cf https://github.com/github/codeql/pull/3804
 2020-07-01 20:02:40 +01:00
Max Schaefer
f74a94e382 Merge pull request #170 from sauyon/tracing 
Extract more dependency ASTs
 2020-07-01 14:25:52 +01:00
Max Schaefer
05da78d0f2 Merge pull request #238 from owen-mc/tfunctionoutput-receiver-separate-case 
Make receiver a separate case in TFunctionOutput
 2020-07-01 09:53:13 +01:00
Sauyon Lee
6e5e9ce5de Improve comments for extractor utility functions 2020-06-30 11:44:10 -07:00
Sauyon Lee
c6dfcf7365 Merge pull request #237 from github/revert-165-support-actions 
Revert "autobuilder: Add support for GITHUB_REPOSITORY environment variable"
 2020-06-30 11:40:34 -07:00
Owen Mansel-Chan
83fffa6350 Address review comments 2020-06-30 18:37:00 +01:00
Owen Mansel-Chan
826603a396 Make receiver a separate case in TFunctionOutput 
This is for consistency with TFunctionInput, which already does this
 2020-06-30 17:15:52 +01:00
Remco Vermeulen
a89b87f643 CWE-322 InsecureHostKeyCallback (#234) 2020-06-30 15:38:21 +01:00
Max Schaefer
ccfccb4828 Revert "autobuilder: Add support for GITHUB_REPOSITORY environment variable" 2020-06-30 15:13:26 +01:00
Chris Smowton
595866a6d8 Extractor: give the go.mod comment groups a source location (#232) 
The comment group is now omitted entirely if empty, and otherwise delimits the range of the comments ascribed to this group.
 2020-06-30 14:59:13 +01:00
Max Schaefer
e374f92555 Merge pull request #236 from max-schaefer/update-data-flow 
Update data-flow libraries
 2020-06-30 14:32:56 +01:00
Max Schaefer
2b3e3bda8f Data flow: Model field clearing. 
cf https://github.com/github/codeql/pull/3762
 2020-06-29 11:06:35 +01:00
Max Schaefer
f7ed65692f Data flow: Use accessPathLimit() in partial flow as well. 
cf. https://github.com/github/codeql/pull/3494
 2020-06-29 11:02:35 +01:00
Max Schaefer
5275168253 Make target branch configurable for sync-dataflow-libraries. 
You can now do `make DATAFLOW_BRANCH=<committish> sync-dataflow-libraries`; default is still `master`.
 2020-06-29 10:02:59 +01:00
Max Schaefer
76f482682c Merge pull request #182 from owen-mc/gin-framework 
Move model for Gin framework out of experimental
 2020-06-26 20:26:48 +01:00
Max Schaefer
91ca2bb434 Merge pull request #231 from max-schaefer/taint-through-range 
Propagate taint through `range` statements
 2020-06-26 19:58:53 +01:00
Sauyon Lee
468d9812c4 Merge pull request #227 from max-schaefer/cve-2018-15798 
Teach `OpenUrlRedirect` to propagate out of `URL.Path` and a few other fields.
 2020-06-26 06:21:59 -07:00
Max Schaefer
57f8b08568 Update expected test output. 
The tests for `UnsafeTLS` now work as expected.
 2020-06-26 11:30:26 +01:00
Max Schaefer
66ec160f64 Add change note. 2020-06-26 11:20:45 +01:00
Max Schaefer
258a276242 Propagate taint through range loops. 2020-06-26 11:20:45 +01:00
Max Schaefer
ce3007395f Rename arrayStep to elementStep, which is more accurate. 2020-06-26 11:20:45 +01:00
Max Schaefer
ba82a76948 Merge pull request #229 from max-schaefer/getAPrimaryQlClass 
Rename `describeQlClass` to `getAPrimaryQlClass`.
 2020-06-26 07:51:04 +01:00
Max Schaefer
9904b9e926 Allow flow through more URL fields. 2020-06-26 07:50:08 +01:00
Max Schaefer
3bf934d64b Add change note. 2020-06-25 22:23:49 +01:00
Owen Mansel-Chan
82361ce060 Fix modelling of Params part 2 2020-06-25 21:55:10 +01:00
Owen Mansel-Chan
cf47159a30 Change how Param and Params are modeled 
Previously any read of type Param or Params was a source. Now reading
Context.Params is a source. This should reduce the number of duplicate
paths.
 2020-06-25 21:55:10 +01:00
Owen Mansel-Chan
9fd892ab94 Fix context bind sources 
Using FunctionOutput was recommended in the first PR but not implemented.
 2020-06-25 21:55:00 +01:00
Owen Mansel-Chan
93399c6348 Add tests for bind methods with pointer-typed variables 2020-06-25 16:17:57 +01:00
Max Schaefer
d290bea39a Rename describeQlClass to getAPrimaryQlClass. 2020-06-25 15:08:01 +01:00
Max Schaefer
a89e4971ac Merge pull request #221 from gagliardetto/bad-tls 
Add CWE-327 (unsafe TLS)
 2020-06-25 09:18:42 +01:00
Sauyon Lee
380060c7e4 extractor: Refactor regexp compilation for the relative directory check 2020-06-24 23:29:55 -07:00
Sauyon Lee
9e8d386f3c Clarify change note 2020-06-24 23:29:55 -07:00
Sauyon Lee
fa391b1516 extractor: Factor out common bits for running go list 2020-06-24 23:29:54 -07:00
Sauyon Lee
ebdd724b75 Simplify logic for deciding whether to extract a package 2020-06-24 23:29:53 -07:00
Sauyon Lee
e25b882e42 Clarify some comments 
As suggested in code review

Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-06-24 23:29:52 -07:00
Sauyon Lee
9bd1f87d66 Address review comments 2020-06-24 23:29:51 -07:00
Sauyon Lee
de2f407c69 Add change note for more dependency AST extraction 2020-06-24 23:29:50 -07:00
Sauyon Lee
7863bb656e Use the -mod argument from the build when calling go list 2020-06-24 23:29:49 -07:00
Sauyon Lee
296d2d5fd3 extractor: modify FileExists to check that the path isn't a directory 2020-06-24 23:29:48 -07:00
Sauyon Lee
3513c352e6 extractor: Factor out FileExists utility function 2020-06-24 23:29:48 -07:00
Sauyon Lee
f197975c6e Extract packages more intelligently 
We now extract packages that have the same module root as the specified packages, as determined by
the `go list` command.
 2020-06-24 23:29:47 -07:00
Slavomir
95b76dceca Remove check 2020-06-24 21:39:23 +03:00
Slavomir
4dc1399385 Update comments on the lines that have incorrect flagging 2020-06-24 15:11:33 +03:00
Sauyon Lee
6883a97628 Merge pull request #223 from max-schaefer/update-data-flow 
Data flow: Track precise types during field flow
 2020-06-24 00:10:54 -07:00
Max Schaefer
8c27e16190 Merge pull request #226 from smowton/smowton/fix/remove-spurious-cfg-edge-from-expressionless-switch 
Remove spurious control-flow edge around switch block without a test
 2020-06-24 07:47:37 +01:00
Slavomir
3aa9b25673 Fix comment 2020-06-23 22:40:25 +03:00
Chris Smowton
4882f277f5 Remove spurious control-flow edge around switch block without a test-expression 
Previously we thought it possible to get from top to bottom of a block like "switch { case f(): ... }", when in fact this is only possible if there are no case blocks to execute.

I also add tests for two possible corner cases of a switch without a test-expression: a completely empty switch (the 'true' is indeed the last node) and switch with an empty default block (a single 'skip' is generated for the default block and the 'true' is not the last node)
 2020-06-23 17:46:08 +01:00
Chris Smowton
1dc427a2c5 Cleanup: use TypeSwitchStmt.getAssign, not a raw child accessor 2020-06-23 17:46:08 +01:00
Max Schaefer
4e6d9b3811 Teach OpenUrlRedirect to propagate out of URL.Path and a few other fields. 2020-06-23 15:29:18 +01:00