hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 22:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,549 Commits 1,699 Branches 161 Tags
22b61852a1438ba1ca91e6c8dfa8da67a4eacca2
Commit Graph

425 Commits

Author SHA1 Message Date
Michael Nebel
34a91f1aac C#: Rename CaptureSummaryModelsQuery to CaptureSummaryModels. 2022-03-14 13:48:56 +01:00
Michael Nebel
36e0c683bd C#: Add QL Doc to the primary predicate used for capturing flow. 2022-03-14 13:48:56 +01:00
Michael Nebel
e8aacb710e C#: Add file level QL Doc to Capture Summary models specific implementations. 2022-03-14 13:48:56 +01:00
Michael Nebel
d114582b56 C#: Add QLDoc to the shared Capture summary models library. 2022-03-14 13:48:51 +01:00
Michael Nebel
82d93d0f9e Java: Refactor CaptureSummaryModels code to enable re-use in C#. 2022-03-14 13:47:20 +01:00
Michael Nebel
ba233ed7a1 Java: Rearrange and refactor language specific content into standalone predicates. 2022-03-14 13:46:24 +01:00
Michael Nebel
9ca199c9ae Java: Move generic code out of language specific file for model generation. 2022-03-14 13:43:45 +01:00
Michael Nebel
a2d9f4f6f4 Java: Introduce language specific file for model generator code. 2022-03-14 13:40:40 +01:00
Michael Nebel
a1c642685a Java: Re-arrange code in ModelGeneratorUtils. 2022-03-14 13:35:56 +01:00
Jeroen Ketema
4c2081b7fc Merge pull request #8401 from jketema/taint-flow 
Extend taint tracking interface with flow states
 2022-03-14 12:06:10 +01:00
Jeroen Ketema
93a0da75b6 Fix taint tracking configurations that broke due to interface change 2022-03-11 12:18:04 +01:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Michael Nebel
7bde1cbfb3 Java: Add case for Synthetic Fields in isRelevantTaintStep. 2022-03-01 09:15:01 +01:00
Michael Nebel
66fe0e74b5 Java: Don't require that the source is directly within the TargetApi itself (in that case wrappers get excluded). 2022-02-28 16:48:23 +01:00
Michael Nebel
4a0b2b64b3 Java: Explicitly tie ReturnNode to TargetApi before calling returnNodeAsOutput. 2022-02-28 16:48:23 +01:00
Tom Hvitved
44949b6353 Java: Add bindingset to returnNodeAsOutput 2022-02-28 16:48:23 +01:00
Anders Schack-Mulligen
908cc40c9f Java: Fix bug in model flow sanitizer. 2022-02-28 16:48:23 +01:00
Anders Schack-Mulligen
16a5ccddea Java: Simplify model generator query using flow state. 2022-02-28 16:48:23 +01:00
Ian Lynagh
1e62b485a5 Merge pull request #8241 from igfoo/igfoo/stats4 
Java: Update stats and make some performance tweaks
 2022-02-28 12:58:06 +00:00
Ian Lynagh
7ce9b160d0 Java: Performance tweaks 2022-02-21 17:05:00 +00:00
Asger Feldthaus
a121b73181 Java: update CSV rows to dot-separated syntax 2022-02-21 08:16:55 +01:00
Asger Feldthaus
7f808710ec Java: update model generator 2022-02-21 08:16:54 +01:00
Benjamin Muskalla
bc5753cb20 Fix path expression 2022-02-04 11:43:18 +01:00
Benjamin Muskalla
b747391c74 Improve error handling and refactor base path 2022-02-04 11:26:19 +01:00
Benjamin Muskalla
c1b5565e4d Automation to regenerate framework models 2022-01-27 11:15:10 +01:00
Erik Krogh Kristensen
a235f8f023 remove redundant inline type casts 2022-01-21 11:46:33 +01:00
Benjamin Muskalla
52406dc8df Exclude logging sinks 
Those sinks are too coarse grained to be exposed as sinks on any model.
 2022-01-19 16:11:59 +01:00
Benjamin Muskalla
25d251c24f Exclude main methods from models 2022-01-19 16:11:59 +01:00
Nick Rolfe
28912c508f Fix non-US spelling of 'behavior' 2021-12-17 15:29:31 +00:00
Erik Krogh Kristensen
6ff8d4de5c add all remaining explicit this 2021-11-26 13:50:10 +01:00
Benjamin Muskalla
0e6bb28016 Only consider store steps 2021-11-16 10:46:24 +01:00
Benjamin Muskalla
fd9199c0c0 Simplify handling of tainting fields 2021-11-15 16:40:09 +01:00
Benjamin Muskalla
d7ed325b3f Refactor content flow into predicate 2021-11-15 16:30:55 +01:00
Benjamin Muskalla
f4310898b3 Capture sources flowing into parameters 2021-11-15 16:28:28 +01:00
Benjamin Muskalla
8040d9cfcf Only consider true return statements as sinks 2021-11-15 15:29:01 +01:00
Benjamin Muskalla
e6e52a3b32 190 2021-11-15 15:18:03 +01:00
Benjamin Muskalla
dc022430ee Remove superflous instanceof 2021-11-15 13:07:02 +01:00
Benjamin Muskalla
412bd32f45 Move more predicates into configuration 2021-11-15 13:04:23 +01:00
Benjamin Muskalla
b84c03672d Prefer types to TargetAPI 2021-11-15 12:43:46 +01:00
Benjamin Muskalla
bca6cecd1c Remove basic support for lambda flow 2021-11-15 12:38:30 +01:00
Benjamin Muskalla
78e3906ea7 Exclude more JDK internals 2021-11-15 11:58:10 +01:00
Benjamin Muskalla
cce3780481 Restrict param2return value features 2021-11-15 09:57:23 +01:00
Benjamin Muskalla
a0b7f267ff Only capture taint from own fields 
Also exclude `Charset` as relevant taint-carrying type. This is generally
what we want to lets us avoid tracking arguments that lead to FP.
 2021-11-12 10:15:15 +01:00
Benjamin Muskalla
0234e77d2f Let sink node be pluggable in any call context 2021-11-12 09:43:05 +01:00
Benjamin Muskalla
b8809a20d8 Support propagating taint of inner object 2021-11-12 09:39:59 +01:00
Benjamin Muskalla
2d4176bec0 Ignore Number-derived types 2021-11-10 16:30:27 +01:00
Benjamin Muskalla
dbd393b77a Support flow into field of referenced objects 2021-11-10 16:30:27 +01:00
Benjamin Muskalla
974c7b0898 Avoid cross-class flow for field writes 2021-11-10 16:30:26 +01:00
Benjamin Muskalla
74ac234f1c Restrict field access to same type 2021-11-10 16:30:26 +01:00
Benjamin Muskalla
8740e879b4 Fix docs 2021-11-10 16:30:26 +01:00