hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,272 Commits 1,740 Branches 165 Tags
156a174cf494d0643cdc7bf04c2c6b80f6c19cac
Commit Graph

15272 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
816b8abd7c C++: Add a test case using a const int *. 2020-08-27 15:05:23 +01:00
Tamas Vajk
7e2cf9a858 Adjust code review findings 2020-08-27 15:11:55 +02:00
Tamas Vajk
fcd426210f C#: Add missing QlDoc for code duplication 2020-08-27 14:43:16 +02:00
Taus Brock-Nannestad
797e290a67 Python+CPP: Change values to value 2020-08-27 14:12:40 +02:00
Taus Brock-Nannestad
dccbcc15b3 Python: Sync InlineExpectationsTest.qll between Python and C++ 
Also changes `valuesasas` to `values` in the test example.
 2020-08-27 13:37:26 +02:00
Rasmus Wriedt Larsen
9da6da6106 Python: Fix imports in shraed dataflow tests 2020-08-27 13:29:41 +02:00
Taus
e7322d114f Merge pull request #4077 from yoff/MagicMethods 
Python: Add support for magic methods
 2020-08-27 13:20:56 +02:00
Taus
d3175a7899 Merge pull request #4110 from yoff/SharedDataflow_ParsimoniousFlowNodes 
Python: Shared dataflow, parsimonious flow nodes
 2020-08-27 13:19:23 +02:00
CodeQL CI
30ac2f9c84 Merge pull request #4143 from tausbn/python-add-inline-test-expectations-library 
Approved by RasmusWL
 2020-08-27 12:18:41 +01:00
Taus
a750252c07 Merge pull request #4147 from RasmusWL/python-remove-symlink 
Python: Remove symlink from experimental test
 2020-08-27 13:16:07 +02:00
Geoffrey White
a5a3078b58 C++: Add a test case using a typedef int. 2020-08-27 12:11:56 +01:00
Tom Hvitved
35e1c04b93 Merge pull request #4144 from hvitved/csharp/autobuilder/vsdevcmd 
C#: Teach autobuilder about `VsDevCmd.bat`
 2020-08-27 12:38:49 +02:00
Geoffrey White
6f62803e1f C++: Taint tests for array and reference assignments. 2020-08-27 11:26:25 +01:00
Rasmus Wriedt Larsen
909bff2313 Python: Make import of python private in shared dataflow 2020-08-27 11:48:56 +02:00
Rasmus Wriedt Larsen
627363d6ea Python: Test taint step for string augmented assignment 
Apprently it just works 😕 :magic:
 2020-08-27 11:37:56 +02:00
Geoffrey White
111da4c352 C++: Add a model of std::vector::assign. 2020-08-27 10:22:31 +01:00
Rasmus Wriedt Larsen
569e54e7bb Python: Remove symlink from experimental test 2020-08-27 11:19:55 +02:00
Geoffrey White
0952fb9777 C++: Minor correction in one of the string models. 2020-08-27 10:13:12 +01:00
Geoffrey White
fbac4ce44f C++: Split StdStringCStr and allow reverse flow on data. 2020-08-27 10:11:03 +01:00
Geoffrey White
fbff44ea45 C++: Add reverse taint as well. 2020-08-27 10:09:51 +01:00
Geoffrey White
6ae96baaf6 C++: Model std::vector::data. 2020-08-27 10:08:58 +01:00
Geoffrey White
2235c19593 C++: Add test cases for 'assign' and extra cases for 'data'. 2020-08-27 10:08:42 +01:00
Rasmus Wriedt Larsen
d0081dfbfa Python: Attempt at taint step for list.append/set.add 2020-08-27 10:57:07 +02:00
Rasmus Wriedt Larsen
af20c3e082 Python: Make new taint tracking tests runnable again 
since the files was called `collection`, that conflicted with import system :|
 2020-08-27 10:44:14 +02:00
Esben Sparre Andreasen
9aa1404646 JS: fix formatting of InsecureCookie.qll 2020-08-27 09:44:45 +02:00
Tom Hvitved
2ac732c50a C#: Teach autobuilder about VsDevCmd.bat 2020-08-27 09:05:37 +02:00
Rasmus Lerchedahl Petersen
09025c2198 Python: Fix test, update results and annotations 2020-08-27 08:40:13 +02:00
Esben Sparre Andreasen
67278d9c93 Merge pull request #4141 from esbena/js/clarify-sanitization 
JS: make sanitization a "common" technique rather than "important"
 2020-08-27 08:08:17 +02:00
Robert Marsh
c0edc08315 C++: Simplify non-member iterator operator models 2020-08-26 16:19:03 -07:00
Robert Marsh
994e845ab0 C++: use set literals in iterator models 2020-08-26 16:08:39 -07:00
Robert Marsh
6f0cc16979 C++: remove non-existent operators from model 2020-08-26 15:52:53 -07:00
ubuntu
cd1d50b637 Update expected output 2020-08-26 23:50:15 +02:00
Alessio Della Libera
dcf51c75e9 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 23:33:52 +02:00
Porcupiney Hairs
3f6eef8437 Java: add websocket reads as remote flow source. 
Currently, JAX-WS reads are considered as untrusted. However, `java.net.http.WebSocket` reads are not marked as such.

This PR adds support for the same.
 2020-08-27 02:45:59 +05:30
Rasmus Wriedt Larsen
bd21fc5601 Python: Autoformat 2020-08-26 20:37:48 +02:00
Rasmus Wriedt Larsen
c24e3452f5 Python: Add more expected collection taint steps 2020-08-26 20:28:33 +02:00
Rasmus Wriedt Larsen
423139bc22 Python: Add additional taint steps for iterable-unpacking 2020-08-26 20:21:15 +02:00
Esben Sparre Andreasen
d27442e846 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-26 20:18:54 +02:00
Rasmus Wriedt Larsen
afb160fbbb Python: Add additional taint steps for for-iteration 2020-08-26 20:18:31 +02:00
Rasmus Wriedt Larsen
e2a89aa296 Python: Add additional taint steps for copy 
deepcopy was already handled somehow, don't really know how :D
 2020-08-26 19:39:38 +02:00
Rasmus Wriedt Larsen
b974dadca1 Python: Add additional taint steps for containers 2020-08-26 19:39:37 +02:00
Rasmus Wriedt Larsen
b6049765a8 Python: Add a few more collection taint tests 2020-08-26 19:39:36 +02:00
Rasmus Wriedt Larsen
32f9d30136 Python: Add syntactic taint steps for json methods 2020-08-26 19:39:36 +02:00
Rasmus Wriedt Larsen
41e24ae93f Python: Add non-syntactical test for taint of json methods 2020-08-26 19:39:35 +02:00
Rasmus Wriedt Larsen
5f9aa4c3b9 Python: Restructure defaultAdditionalTaintStep tests 
This makes it easier to add a new test-case, and makes it easier to work with
the existing files. It does have a downside on making it a bit more annoying
looking at TestTaint.expected, and possible longer runtime, but I think it's
still worth it.
 2020-08-26 19:39:33 +02:00
Rasmus Wriedt Larsen
a1ada62596 Python: Remodel taint tests for shared lib 
I took the bits from ql/test/library-tests/taint/ that seemed easy to port. I
left out namedtuple for now, but it is part of internal tracking ticket, so
won't be forgotten.
 2020-08-26 19:39:32 +02:00
Dave Bartolomeo
01a61469d3 Merge pull request #4137 from tausbn/python-cpp-make-inline-test-libs-language-agnostic 
CPP: Make inline expectation test library language agnostic.
 2020-08-26 13:00:19 -04:00
Rasmus Lerchedahl Petersen
dcabd37974 Python: Update test expectations 2020-08-26 17:58:35 +02:00
Rasmus Lerchedahl Petersen
bf6211f639 Merge branch 'main' of github.com:github/codeql into SharedDataflow_ParsimoniousFlowNodes 2020-08-26 17:50:17 +02:00
Rasmus Lerchedahl Petersen
6c173047e6 Merge branch 'MagicMethods' of github.com:yoff/codeql into MagicMethods 2020-08-26 17:43:27 +02:00