hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
165 Commits 1,684 Branches 159 Tags
2b92cd5ba5000c54baa8d2a02e1585b3e9763fd1
Commit Graph

165 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
2b92cd5ba5 Merge pull request #209 from sauyon/bad-redirect-sanitiser 
Bad redirect sanitiser
 2020-01-28 20:11:46 +00:00
Sauyon Lee
aa33595b0f Address review comments 2020-01-28 08:26:37 -08:00
Sauyon Lee
497bfeee83 BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity 2020-01-27 17:33:54 -08:00
Sauyon Lee
f897f68ead SsaWithFilds: Add a getQualifiedName predicate 2020-01-27 17:33:53 -08:00
Sauyon Lee
a31ad88fc9 BadRedirectSanitizer: Transition to using data-flow API 2020-01-27 17:33:53 -08:00
Sauyon Lee
abc9438cd3 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2020-01-27 17:33:52 -08:00
Sauyon Lee
3a73658a9c BadRedirectSanitizer: Bind e to hp 
Address doc review comments
 2020-01-27 17:33:51 -08:00
Sauyon Lee
aa28724f7c Add BadRedirectCheck query 2020-01-27 17:33:50 -08:00
Sauyon Lee
9c6aa80718 Move OpenUrlRedirect tests into their own directory 2020-01-27 17:33:49 -08:00
Sauyon Lee
c889cb3501 Add getAnOperand to OperatorExpr 2020-01-27 17:33:48 -08:00
Sauyon Lee
edecb4e128 Merge pull request #227 from max/redundant-expr-bug 
Fix hash-consing of literals
 2020-01-27 11:35:40 -08:00
Max Schaefer
3c1a68ee8f Fix hash-consing of literals. 
We shouldn't rely on the literal value given in the `literals` table, but use the exact value (where available) instead.
 2020-01-27 12:05:48 +00:00
Sauyon Lee
496ad5d051 Merge pull request #226 from max/fix-classify-files-regex 
Fix regex in ClassifyFiles.
 2020-01-24 21:01:01 -08:00
Sauyon Lee
6e4880bc53 Merge pull request #220 from max/example-queries 
Add example queries
 2020-01-24 09:42:31 -08:00
Max Schaefer
d293388172 Add failing test case for RedundantExpr. 2020-01-24 16:20:08 +00:00
Max Schaefer
77b86150d6 Fix regex in ClassifyFiles. 
`Comment.getText()` does not include the delimiter.
 2020-01-24 14:05:13 +00:00
Max Schaefer
c30b1d98ea Address review comments. 2020-01-24 10:26:59 +00:00
Max Schaefer
ebea811a83 Add example queries. 2020-01-24 10:26:59 +00:00
Max Schaefer
9507a22f48 Merge pull request #213 from sauyon/codeql-test 
Use codeql for testing and add binary cross compilation support
 2020-01-24 09:40:47 +00:00
Sauyon Lee
2bd88d5b61 Merge pull request #225 from max/impossible-interface-nil-check-robustness 
Make ImpossibleInterfaceNilCheck more robust.
 2020-01-23 16:06:03 -08:00
Sauyon Lee
3a53269a52 Merge pull request #223 from max/update-dataflow 
Add support for taint-getter/setter summaries in data flow.
 2020-01-23 16:03:05 -08:00
Sauyon Lee
a6a8375ae5 Merge pull request #224 from max/make-implicit-deref-explicit 
Make implicit dereferences explicit
 2020-01-23 00:50:18 -08:00
Max Schaefer
47104a3db8 Add explanatory comment. 2020-01-23 08:14:57 +00:00
Max Schaefer
5895c6ac69 Fix typo. 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-01-23 08:10:20 +00:00
Sauyon Lee
fe23f88468 Merge pull request #221 from max/cleanup 
Minor fixes
 2020-01-22 00:52:58 -08:00
Max Schaefer
fe56c207a3 Make ImpossibleInterfaceNilCheck more robust. 
It no longer flags alerts that may be simply caused by missing type information.
 2020-01-21 10:04:57 +00:00
Max Schaefer
d78ba06a8d Add change note. 2020-01-21 09:56:59 +00:00
Max Schaefer
baeae0f69c Add a few variants to test. 2020-01-21 09:56:59 +00:00
Max Schaefer
6671b61fd3 Model panic from out-of-bounds index expression. 2020-01-21 09:56:59 +00:00
Max Schaefer
f42a2b060c Take implicit dereferences in index and slice expressions into account as well. 2020-01-21 09:56:59 +00:00
Max Schaefer
a4f5ad7412 Refactor implementation of SliceNode. 2020-01-21 09:56:59 +00:00
Max Schaefer
44b9bcf7a1 Autoformat. 2020-01-21 09:56:59 +00:00
Max Schaefer
64049d8f3d Make taint tracking less syntactic. 2020-01-21 09:56:59 +00:00
Max Schaefer
9f897132f2 Update HTTP library. 2020-01-21 09:56:59 +00:00
Max Schaefer
a2879dc754 Model implicit dereferences in data flow. 2020-01-21 09:56:59 +00:00
Max Schaefer
ba9d2fb2eb Add IR instructions to model implicit pointer dereferences. 2020-01-21 09:56:59 +00:00
Max Schaefer
efc5f10f07 Streamline definition of UserControlledRequestField. 2020-01-21 09:56:59 +00:00
Max Schaefer
39b28a4969 Make CallNode.getReceiver() less syntactic. 2020-01-21 09:56:59 +00:00
Max Schaefer
ef964632be Remove CallExpr.getQualifier() and its single, pointless, use. 2020-01-21 09:56:59 +00:00
Max Schaefer
8fc414b93f Autoformat. 2020-01-21 09:56:59 +00:00
Max Schaefer
1d33a619d9 Add failing test case. 2020-01-20 20:46:12 +00:00
Max Schaefer
5eb95c7895 Add support for taint-getter/setter summaries in data flow. 2020-01-20 11:29:12 +00:00
Sauyon Lee
32fa033a55 Makefile: Add exe suffix back to tools/bin targets 2020-01-17 14:05:29 -08:00
Sauyon Lee
52fe0afa48 Makefile: Delete entire test db in clean 2020-01-17 14:05:27 -08:00
Sauyon Lee
1eb9466de2 Use codeql for testing and add binary cross compilation support 
Also add support for building the extractor inside this repository
so that users can build and use the extractor, and an up-to-date
version can be used for testing.
 2020-01-17 14:05:26 -08:00
Sauyon Lee
471d843025 Merge pull request #222 from max/switch-guard-nodes 
Switch guard nodes
 2020-01-17 21:44:59 +00:00
Sauyon Lee
2d97b396b7 Merge pull request #20 from github/sort-change-notes 
Sort lines in change notes.
 2020-01-17 09:01:46 -08:00
Max Schaefer
08ba795565 Sort lines in change notes. 2020-01-17 15:46:50 +00:00
Max Schaefer
d8b97afcab Implement Field.hasQualifiedName. 2020-01-17 13:16:35 +00:00
Max Schaefer
e5e6f73081 Make Field extend Variable. 2020-01-17 13:15:43 +00:00