hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 15:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
797 Commits 1,684 Branches 159 Tags
0f4297ff5ca54d76820342bf61d4e0711d799453
Commit Graph

797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
0f4297ff5c Add qldoc for three public predicates in PrintAst.qll. 
It's bland, but we try to maintain a 100% documentation coverage for our public library elements.
 2020-06-19 14:25:57 +01:00
Max Schaefer
79b0ea8d77 Merge pull request #183 from smowton/smowton/cleanup/field-parent 
Clean up @field and @fieldparent usage
 2020-06-19 11:30:52 +01:00
Chris Smowton
3c8153ca1e Clean up @field and @fieldparent usage 
* Centralise use of raw types and database predicates in FieldParent and FieldBase classes
* Deduplicate type predicates common to all fields
* Deduplicate predicates common to function parameters and results
 2020-06-19 11:00:42 +01:00
Max Schaefer
7c2358c1d0 Merge pull request #181 from sauyon/reflectedxss-fps 
ReflectedXSS refinement
 2020-06-18 11:14:13 +01:00
Max Schaefer
7af168fc3b Merge pull request #179 from smowton/smowton/feature/printast 
Add barebones PrintAST for Go
 2020-06-17 17:02:53 +01:00
Owen Mansel-Chan
2282def1e2 Merge pull request #180 from owen-mc/email-injection 
Move email injection query out of experimental folder
 2020-06-17 15:11:31 +01:00
Chris Smowton
1a823b21f1 PrintAst: Emit relative paths for file nodes 
This is a workaround for codeql run test not itself truncating absolute paths
when comparing against actual output.
 2020-06-17 15:03:29 +01:00
Owen Mansel-Chan
49abd0b9b1 Add test using hashing 2020-06-17 14:33:53 +01:00
Chris Smowton
80b9be1004 Add simple PrintAst test 
This both checks that many common control-flow structures print as expected, and checks our unique child node numbering, which would otherwise give the same label to a file's package (its 0th child expression) and its 0th declaration.
 2020-06-17 14:25:45 +01:00
Owen Mansel-Chan
83697f62ac Address review comments on qhelp 2020-06-17 14:21:37 +01:00
Chris Smowton
bd7b7c06b5 Add AstNode.getCanonicalQlClass and use it in PrintAst 
This gives those classes satisfied by an AstNode that are considered useful for developer understanding, cf. getAQlClass which returns all satisfied classes and hides overridden ones, even if they are interesting.
 2020-06-17 13:47:23 +01:00
Owen Mansel-Chan
f926808c8a Address review comments 2020-06-17 10:11:41 +01:00
Sauyon Lee
ed87c346cf Add tests for the ReflectedXSS HTML content type sniffing regexp 2020-06-17 00:28:03 -07:00
Sauyon Lee
95235c8415 Add change note for reflected xss regexp fixes 2020-06-17 00:28:03 -07:00
Sauyon Lee
4f3854c052 ReflectedXSS: Ignore whitespace for HTML content type detection 2020-06-17 00:28:02 -07:00
Chris Smowton
464773d99a Add initial implementation of PrintAST for Go 
Known shortcomings:

* Uses getAQlClass rather than tagging AST nodes with a canonical class, as the C++ version of the same query does
* Types and go.mod lines are not printed informatively (typically we just get a short description of the node kind, e.g. 'function type')
* Children are always named for their child indices; we should give informative names to the edges where an accessor is declared (e.g. IfStmt names its children 'init', 'cond', 'if', 'else')
 2020-06-16 17:21:56 +01:00
Owen Mansel-Chan
a3bc094731 Add change note 2020-06-16 15:48:39 +01:00
Owen Mansel-Chan
1b49bcc3b3 Put code snippets from qhelp in test folder 2020-06-16 15:44:51 +01:00
Owen Mansel-Chan
336eba1be4 Add Hash.Write and similar as sanitizers 2020-06-16 12:48:43 +01:00
Sauyon Lee
1853e990a3 ReflectedXss: Allow regexp to match newlines 2020-06-16 00:43:12 -07:00
Owen Mansel-Chan
f27ecdabb8 Set precision to high 2020-06-15 17:42:19 +01:00
Owen Mansel-Chan
4f6ce61de2 Move EmailInjection query out of experimental 2020-06-15 17:42:19 +01:00
Max Schaefer
a88bf4c9fa Merge pull request #177 from sauyon/whitelist 
Use allow or allowlist instead of whitelist
 2020-06-13 19:44:51 +01:00
Sauyon Lee
66f733d798 Use allow or allowlist instead of whitelist 2020-06-12 09:16:41 -07:00
Owen Mansel-Chan
282b8cb9e4 Merge pull request #175 from owen-mc/array-slice-literal 
Add classes for array and slice literals
 2020-06-12 12:12:02 +01:00
Owen Mansel-Chan
e6217d90d7 Provide better strings for map and struct literals 2020-06-12 11:23:58 +01:00
Owen Mansel-Chan
dc113ab19f Update tests for new strings 2020-06-12 10:40:13 +01:00
Owen Mansel-Chan
e9c2958095 Add classes for array and slice literals 2020-06-12 10:40:13 +01:00
Max Schaefer
47804d68c7 Merge pull request #176 from max-schaefer/update-data-flow 
Data flow: Allow nodes to be hidden from path explanations
 2020-06-12 07:23:15 +01:00
Owen Mansel-Chan
f11b956583 Add a superclass for literals (#172) 2020-06-11 19:53:40 +01:00
Max Schaefer
40ffa221bc Merge pull request #171 from owen-mc/typeexprs-extend-typeexpr 
Make `ArrayTypeExpr` and so on extend `TypeExpr`
 2020-06-11 17:20:29 +01:00
Max Schaefer
b164cf33c7 Merge pull request #174 from github/rc/1.24 
Merge rc/1.24 into master
 2020-06-11 17:19:23 +01:00
Max Schaefer
9e3681cda4 Merge pull request #173 from owen-mc/update-ast-class-reference 
Update AST class reference
 2020-06-11 16:47:43 +01:00
Owen Mansel-Chan
71005f19c6 Update AST class reference 
To match https://github.com/github/codeql/pull/3685
 2020-06-11 16:08:36 +01:00
Owen Mansel-Chan
c891d22f74 Make ArrayTypeExpr and so on extend TypeExpr 
To avoid a recursive definition, need to replace ArrayTypeExpr with@arraytypeexpr and so on in isTypeExprBottomUp(Expr e).
 2020-06-11 11:06:15 +01:00
Max Schaefer
c6537f6d3b Data flow: Allow nodes to be hidden from path explanations 
cf https://github.com/github/codeql/pull/3657
 2020-06-11 09:59:40 +01:00
Max Schaefer
24e2a294ed Merge pull request #169 from max-schaefer/rc/1.24 
Merge rc/1.24 into master
 2020-06-11 09:15:28 +01:00
Max Schaefer
d8f1873635 Merge branch 'master' into rc/1.24 2020-06-11 08:10:22 +01:00
Owen Mansel-Chan
c30893aba7 Add AST class reference (#164) 2020-06-10 15:59:48 +01:00
Max Schaefer
8787f0b4f0 Merge pull request #165 from sauyon/support-actions 
autobuilder: Add support for GITHUB_REPOSITORY environment variable
 2020-06-10 09:45:18 +01:00
Sauyon Lee
4cd3f89128 Merge pull request #168 from max-schaefer/make-autoformat 
Add Make target to autoformat all QL.
 2020-06-09 12:55:57 -07:00
Sauyon Lee
ba0f922a28 autobuilder: Add support for GITHUB_REPOSITORY environment variable 
This is for use within GitHub actions
 2020-06-09 11:52:23 -07:00
Max Schaefer
1342d8688e Autoformat. 2020-06-09 17:38:18 +01:00
Max Schaefer
b4b78ff923 Use newer version of CodeQL. 2020-06-09 17:36:38 +01:00
Max Schaefer
6b5657b5fb Add PR check to ensure everything is autoformatted. 2020-06-09 17:31:29 +01:00
Max Schaefer
04af08ca0d Add Make target to autoformat all QL. 
Use

```sh
make autoformat
```

to format all `.ql` and `.qll` files under `ql/src`.

Use

```sh
make AUTOFORMAT=--check-only autoformat
```

to check that all `.ql` and `.qll` files under `ql/src` are correctly formatted and fail if they are not.
 2020-06-09 17:27:53 +01:00
Max Schaefer
524b11b81a Merge pull request #163 from robertbrignull/more-suites 
Add more code-scanning suites
 2020-06-04 09:53:14 +01:00
Robert Brignull
9ee57374cb add more code-scanning suites 2020-06-01 10:58:49 +01:00
Max Schaefer
b37bdec66c Merge pull request #157 from owen-mc/isresult-consistency 
Make FunctionOutput.isResult(0) and CallNode.getResult(0) match single results
 2020-05-29 17:13:21 +01:00
Max Schaefer
2f7ff6b56c Merge pull request #162 from max-schaefer/open-url-redirect-formvalue 
Consider `Request.FormValue(...)` as a source for URL redirects.
 2020-05-29 15:56:50 +01:00