hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,177 Commits 1,684 Branches 159 Tags
271e239dee097fdbc3d4b1d6bf40b1bd030fac65
Commit Graph

2177 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
271e239dee Introduce manual magic to TaintedPathSanitizerGuardAsBacktrackingSanitizerGuard 
This avoids computing the full `localTaint` relation when actually there are few `TaintedPath::SanitizerGuard` instances to start from.
 2021-11-22 17:41:56 +00:00
Chris Smowton
8bf78b07e5 Avoid recursively defining DataFlow::BarrierGuard 
In fact there never was true recursion, but the compiler thought there could be because it supposed that ZipSlip::SanitizerGuard growing may introduce instances that happen to also satisfy TaintedPath::SanitizerGuard. In fact this never happens, but here we make it clear by defining the shared sanitizer guards outside the DataFlow::BarrierGuard hierarchy and then introducing the sanitizers in each query that uses them.
 2021-11-22 17:36:06 +00:00
Chris Smowton
4cae4b23fc Merge pull request #606 from github/criemen/update-tracing-config 
Update tracing-config.lua to newest API.
 2021-11-17 10:49:20 +00:00
Chris Smowton
b190c4ed4a Merge pull request #608 from smowton/smowton/fix/missing-id 
Add missing @id tag
 2021-11-16 20:06:06 +00:00
Chris Smowton
33fd1aaf2a Add missing @id tag 2021-11-16 18:52:41 +00:00
Cornelius Riemenschneider
b3e2a83298 Update tracing-config.lua to newest API. 2021-11-15 12:35:53 +01:00
Chris Smowton
792bc4bce0 Merge pull request #596 from pupiles/feature/cwe-090 
CWE-090: Ldap Injection
 2021-11-10 11:31:36 +00:00
Chris Smowton
f3ba40e29d Update test expectations 2021-11-10 09:42:19 +00:00
Chris Smowton
1ebb47feb3 Fix filename spelling error 2021-11-10 09:29:50 +00:00
Chris Smowton
2953a44b36 Revert changes to go.sum 2021-11-10 09:25:40 +00:00
pupiles
4d9ce49816 use stubs libs && add heuristic sanitizers 2021-11-10 14:12:45 +08:00
pupiles
70a268dc6d remove redundant reference lib 2021-11-09 21:35:46 +08:00
pupiles
97d4359881 add test code 2021-11-09 21:31:35 +08:00
Chris Smowton
f7e6b0ad5d Merge pull request #603 from github/criemen/lua-tracing-config 
Add port of the existing compiler-tracing.spec files to the new Lua tracing infrastructure.
 2021-11-09 11:36:03 +00:00
Chris Smowton
2c5fe1dedc File names should be camel-case 2021-11-09 10:45:09 +00:00
Chris Smowton
bc9300ebf5 Copyedit examples 
Fragments suffice for illustration, and the two bad and good examples can be easily combined
 2021-11-09 10:42:58 +00:00
Chris Smowton
c18b11a470 Copy-edit query: 
* Regular comments to qldoc
* Improve naming
* Update out-of-date documentation from earlier versions of the query
 2021-11-09 10:31:30 +00:00
Chris Smowton
dda425ca8d Improve query style 
No need to highlight the sink again in the message when the sink is the alert location to begin with
 2021-11-09 10:08:02 +00:00
Chris Smowton
f7c19dea71 Copyedit qhelp 2021-11-09 10:05:18 +00:00
pupiles
7f68f85002 fomat .ql inline comment 2021-11-09 14:42:32 +08:00
Chris Smowton
f96733f270 Merge pull request #602 from github/criemen/update-tracing-config 
Remove macos compatibility stanzas from tracing config.
 2021-11-08 11:46:44 +00:00
Cornelius Riemenschneider
17a9dbfb62 Add port of the existing compiler-tracing.spec files to the new Lua tracing infrastructure. 2021-11-08 12:29:06 +01:00
Cornelius Riemenschneider
a49265fb63 Remove macos compatibility stanzas from tracing config. 2021-11-08 11:27:27 +01:00
pupiles
c97d0c6ce5 Remove redundant code 2021-11-05 13:14:28 +08:00
Chris Smowton
d1a2fbe96b Merge pull request #573 from npesaresi/feature/SSRF 
Yet another SSRF query for Golang
 2021-11-04 17:36:21 +00:00
Chris Smowton
233269869c Tidy sanitizers, using instanceof not extends or a charpred where possible 2021-11-04 16:26:14 +00:00
Chris Smowton
23855979d5 Include UntrustedFlowSource into ServerSideRequestForgery::Source but not vice versa 2021-11-04 16:19:22 +00:00
Chris Smowton
9e218a70bb Make imports private 2021-11-04 15:32:37 +00:00
Chris Smowton
18028dca2d Share repeated regex 2021-11-04 15:30:34 +00:00
Chris Smowton
648a70945d Copyedit docs and improve naming 2021-11-04 15:30:29 +00:00
Chris Smowton
a9c853257d Fix qhelp good example 2021-11-04 14:42:54 +00:00
Chris Smowton
5256725359 Copyedit qhelp 2021-11-04 14:41:38 +00:00
valeria-meli
b84f31e918 format 2021-11-04 10:01:38 -03:00
Valeria
9f52a6654e Merge branch 'main' into feature/SSRF 2021-11-04 09:56:10 -03:00
pupiles
4f1052b3a7 feature add common sanitizer 2021-11-04 13:16:24 +08:00
Chris Smowton
6d90b81655 Merge pull request #597 from owen-mc/var-args 
Update dbscheme to add table for variadic signature types
 2021-11-03 11:29:45 +00:00
Chris Smowton
b023b405b1 Merge pull request #599 from smowton/smowton/fix/comparison-barrier-join-order 
Improve join order in InsufficientKeySize.ql
 2021-11-03 10:08:25 +00:00
Chris Smowton
a10407823a Merge pull request #600 from owen-mc/incorrect-integer-conversion 
Improve "Incorrect integer conversion" query
 2021-11-02 17:00:29 +00:00
Owen Mansel-Chan
8ea1f87d2b Add change note 2021-11-02 15:09:43 +00:00
Owen Mansel-Chan
7c1b7b8810 Fix strictnessOffset in isBoundFor 2021-11-02 15:09:39 +00:00
Owen Mansel-Chan
7de6e17d86 Recognise math.MaxInt and math.MaxUint 
Treat them as if we were on a 32-bit architecture.
 2021-11-02 15:09:06 +00:00
Owen Mansel-Chan
a104a50940 Move max int value call into UpperBoundCheckGuard 2021-11-02 15:09:06 +00:00
Owen Mansel-Chan
5027d3fa44 Avoid using getIntValue() 
Because it does not have a result if the value is
too large to fit in a 32-bit signed integer type
 2021-11-02 15:09:05 +00:00
Owen Mansel-Chan
2cc0c80188 Add extra tests 2021-11-02 15:09:05 +00:00
Owen Mansel-Chan
be22373f3e Move Incorrect Integer Conversion tests to InlineFlowTest 2021-11-02 15:09:00 +00:00
Owen Mansel-Chan
109e3660f8 Split Incorrect Integer Conversion into query and lib files 
This is in preparation for changing the tests to use inline
expectations
 2021-11-02 12:43:54 +00:00
Owen Mansel-Chan
7d333d7dbe Add InlineFlowTest as simple inline expectation test 2021-11-02 12:43:54 +00:00
Chris Smowton
a92f144469 Improve join order in InsufficientKeySize.ql 2021-11-02 10:54:51 +00:00
Owen Mansel-Chan
644c89b751 Update expected values for tests in the same folders 2021-11-01 21:38:41 +00:00
Owen Mansel-Chan
f2757135f2 Add tests for isVariadic() on FuncDef and Function 2021-11-01 16:00:50 +00:00