hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-05 23:28:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,458 Commits 1,732 Branches 164 Tags
260763a7486fa3a3a94de249f0451ff0ceb9dbaf
Commit Graph

15458 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
5063e3820d update expected output 2020-01-22 11:18:47 +01:00
Erik Krogh Kristensen
750e9786f6 add change note for EventEmitter 2020-01-22 10:31:38 +01:00
Dave Bartolomeo
9d35ff73c4 C++/C#: Make escape analysis unsound by default 
When building SSA, we'll be assuming that stack variables do not escape, at least until we improve our alias analysis. I've added a new `IREscapeAnalysisConfiguration` class to allow the query to control this, and a new `UseSoundEscapeAnalysis.qll` module that can be imported to switch to the sound escape analysis. I've cloned the existing IR and SSA tests to have both sound and unsound versions. There were relatively few diffs in the IR dump tests, and the sanity tests still give the same results after one change described below.

Assuming that stack variables do not escape exposed an existing bug where we do not emit an `Uninitialized` instruction for the temporary variables used by `return` statements and `throw` expressions, even if the initializer is a constructor call or array initializer. I've refactored the code for handling elements that initialize a variable to share a common base class. I added a test case for returning an object initialized by constructor call, and ensured that the IR diffs for the existing `throw` test cases are correct.
 2020-01-22 00:15:30 -07:00
Grzegorz Golawski
c5a974788b Add check for disabled CSRF protection in Spring 
Fix the help according to review comments.
 2020-01-21 21:54:36 +01:00
Robert Marsh
c79d7acbfc Merge pull request #2656 from jbj/asDefiningArgument 
C++: Add DataFlow::Node.asDefiningArgument in IR
 2020-01-21 15:42:57 -05:00
Erik Krogh Kristensen
8370699344 add support for creating a promise with another resolved promise, e.g: Promise.resolve(otherPromise) 2020-01-21 20:11:27 +01:00
Erik Krogh Kristensen
8679132624 copy data from both callbacks in Promise data-flow 2020-01-21 18:00:06 +01:00
Erik Krogh Kristensen
86477a2249 changes based on review 2020-01-21 16:45:53 +01:00
Calum Grant
3d460aeb44 C#: ZipSlip query reports alert at source 2020-01-21 15:17:06 +00:00
Erik Krogh Kristensen
fe0b6a86d7 add data-flow steps for when Promise handlers return other promises 2020-01-21 16:15:18 +01:00
Erik Krogh Kristensen
d8b25ef5a2 add data-flow steps for resolved promises using pseudo-properties 2020-01-21 15:52:50 +01:00
Erik Krogh Kristensen
6648e2751f remove use of .getAlocalSource() i custom load/store test 2020-01-21 15:49:42 +01:00
Rasmus Wriedt Larsen
422658bbdb Python: Remove unused variable in example for py/url-redirection 2020-01-21 15:45:05 +01:00
Rasmus Wriedt Larsen
bbe93f43d3 Python: Only comparison with constant will clear taint 
tainted = SOURCE
    if tainted == tainted:
        SINK(tainted) # unsafe

before, in the body of the if statement, `tainted` was not tainted
 2020-01-21 15:25:57 +01:00
Rasmus Wriedt Larsen
1498145415 Python: Highlight that any comparison will clear taint 2020-01-21 15:24:56 +01:00
Anders Schack-Mulligen
9cc0d3d1f4 Java/C++/C#: Remove DataFlowLocation as it's no longer needed. 2020-01-21 15:08:39 +01:00
Calum Grant
6692e61fa2 C#: Analysis change notes 2020-01-21 13:55:32 +00:00
Calum Grant
be68b6f938 C#: Add precision to queries 2020-01-21 13:24:48 +00:00
Jonas Jensen
84811f66a2 C++: autoformat 2020-01-21 13:21:16 +01:00
Erik Krogh Kristensen
569ee8fc8d add support for subclasses of EventEmitter 2020-01-21 12:08:50 +01:00
Jonas Jensen
6d46e4d946 C++: Wire up models to DefaultTaintTracking 
This adds support for arg-to-arg and arg-to-return taint.
 2020-01-21 12:04:45 +01:00
Jonas Jensen
fa00e96ba8 C++: Test IR taint through library functions 2020-01-21 12:03:43 +01:00
Jonas Jensen
5ac56c2e3a C++: Add DataFlow::Node.asDefiningArgument in IR 2020-01-21 11:52:06 +01:00
Geoffrey White
80997a3323 Merge pull request #2655 from Semmle/jbj-patch-1 
C++: Fix typo in MallocSizeExpr
 2020-01-21 09:44:41 +00:00
Jonas Jensen
cdcd3ed748 Merge pull request #2647 from geoffw0/modelpure 
CPP: Improve strlen model
 2020-01-21 09:42:10 +01:00
Jonas Jensen
0568ed6451 C++: Fix typo in MallocSizeExpr 
The first argument is index 0, not 1.
 2020-01-21 09:09:49 +01:00
Mathias Vorreiter Pedersen
c9cc459baf C++: Rename .qlhelp to .qhelp 2020-01-20 21:17:53 +01:00
Mathias Vorreiter Pedersen
fddd3660ab C++: Fix formatting in example 2020-01-20 16:05:16 +01:00
Geoffrey White
4f02183dc2 CPP: Re-layout test. 2020-01-20 15:00:09 +00:00
Geoffrey White
2133fbd155 CPP: Fix the nulltermination test. 2020-01-20 14:55:52 +00:00
Erik Krogh Kristensen
026092559c changes based on review 2020-01-20 15:53:58 +01:00
Calum Grant
86fa7e5c38 C#: Analysis change notes 2020-01-20 14:37:28 +00:00
Calum Grant
9d7c9e0ba4 C#: Default parameter values are maybe null 
C#: Update test output
 2020-01-20 14:37:20 +00:00
Geoffrey White
952b9e1581 CPP: Use hasGlobalName where appropriate. 2020-01-20 14:24:38 +00:00
Erik Krogh Kristensen
6494649125 fix a number of FPs in js/exception-xss 2020-01-20 15:11:57 +01:00
Erik Krogh Kristensen
5c6134db99 a bit of self-review and an auto-format 2020-01-20 14:55:49 +01:00
Erik Krogh Kristensen
ad813ef86c add flowsTo to the use of isAdditionalLoadStep 2020-01-20 14:16:29 +01:00
Mathias Vorreiter Pedersen
13fc8741d4 C++: Include malloc example in qlhelp 2020-01-20 13:28:00 +01:00
Geoffrey White
79811fcccd Merge pull request #2642 from jbj/TaintTracking-indirection 
C++: Indirection for security.TaintTracking impl
 2020-01-20 12:25:51 +00:00
Geoffrey White
5a20e85598 Merge pull request #2638 from jbj/ir-dispatch 
C++ IR: Support for global virtual dispatch
 2020-01-20 12:04:09 +00:00
Calum Grant
631b4248b5 C#: Add a nullness test 2020-01-20 11:13:31 +00:00
Mathias Vorreiter Pedersen
a43131a987 C++: Fix formatting 2020-01-20 11:39:48 +01:00
Jonas Jensen
391b80eac4 C++: Show virtual inheritance problem in vdispatch 2020-01-20 11:17:44 +01:00
Jonas Jensen
2a0fc31b68 C++: Comment and rename getSrc -> getDispatchValue 
Better clarity was requested in the PR review.
 2020-01-20 11:03:03 +01:00
Erik Krogh Kristensen
ffbd0f6632 update expected test output 2020-01-20 09:56:40 +01:00
Erik Krogh Kristensen
b3b132c66d Merge remote-tracking branch 'upstream/master' into ExceptionalPromise 2020-01-20 09:20:09 +01:00
Jonas Jensen
742bd1c6ad Merge pull request #2648 from rdmarsh2/getMemoryOperandDefinition-perf 
C++: Performance fix for getMemoryOperandDefinition
 2020-01-20 08:49:55 +01:00
Grzegorz Golawski
00ee3d2549 Query to detect LDAP injections in Java 
Cleanup
 2020-01-18 20:21:38 +01:00
Grzegorz Golawski
95723b08e1 Query to detect LDAP injections in Java 
Add help
 2020-01-18 19:01:35 +01:00
Grzegorz Golawski
8cec46342f Query to detect LDAP injections in Java 
Refactoring
 2020-01-18 17:14:22 +01:00