hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
356 Commits 1,684 Branches 159 Tags
2c751f2945e496cf47d8fd85b436ac03a0f2bc29
Commit Graph

239 Commits

Author SHA1 Message Date
Max Schaefer
b3022c9fc8 Standardise RangeAnalysis.qll. 
This brings the library in line with our usual syntactic conventions regarding QLDoc and names. I've also made a few superficial simplifications here and there.

Overall, the code would benefit from being rewritten to make use of the data-flow graph, but that is a larger undertaking.
 2020-03-11 11:20:59 +00:00
Max Schaefer
a95b9c8e02 Rename a few files and clean up wording. 2020-03-11 11:04:42 +00:00
Max Schaefer
2fd925fe90 Autoformat. 2020-03-11 10:47:23 +00:00
Max Schaefer
f1d489f6f9 Merge pull request #51 from singleghost/master 
Add integer overflow detection support for codeql-go.
 2020-03-11 10:00:39 +00:00
Max Schaefer
a8c1731f9d Merge pull request #50 from sauyon/uintptr 
Make uintptrtype a subclass of unsignedintegertype
 2020-03-11 09:57:00 +00:00
singleghost
2aa2f608a3 Move files related to integer overflow detection under the src/experimental folder 2020-03-10 19:02:05 +08:00
Sauyon Lee
cdf3bc4fa0 Merge pull request #52 from max-schaefer/issue-48 
Improve taint-tracking through pointers and other fixes
 2020-03-09 06:36:43 -07:00
Sauyon Lee
2428efcb6d Make @uintptrtype a @unsignedintegertype 2020-03-09 04:40:02 -07:00
Sauyon Lee
5b81775670 Fix constant values test data 2020-03-09 04:40:01 -07:00
Max Schaefer
4dca00e99c Merge pull request #45 from sauyon/go-mod-libs 
Go.mod extraction libraries and tests
 2020-03-09 09:40:41 +00:00
singleghost
77ec4c913f Add integer overflow detection support for codeql-go. 
I wrote a ql library which can perform range analysis on expression and
can detect whether an arithmetic operation may overflow. I wrote this library with reference to the `SimpleRangeAnalysis.qll` for C language. I hope this helps a little bit for those who want to detect integer overflow issues in code.
 2020-03-07 21:34:38 +08:00
Max Schaefer
1be0cc57a8 Add test case from https://github.com/github/codeql-go/issues/48. 2020-03-06 17:35:50 +00:00
Max Schaefer
bcb9ce2498 Add another test for StringBreak. 2020-03-06 17:35:50 +00:00
Max Schaefer
bf6865b96a Add model of ioutil.ReadAll 2020-03-06 17:35:50 +00:00
Max Schaefer
f599243a34 Conflate references and referents more thoroughly in taint tracking. 2020-03-06 17:35:50 +00:00
Max Schaefer
aa8bc972d9 Address review comments. 2020-03-06 15:03:45 +00:00
Sauyon Lee
3d88032f81 Address review comments. 
Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:30 -08:00
Sauyon Lee
555b0a9527 Add a GoModFile class 2020-03-06 06:51:27 -08:00
Sauyon Lee
38596dddc0 Address review comments. 
Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:26 -08:00
Sauyon Lee
34f34e2241 GoModExpr.qll: Rename getOffsetToken to GoModLine.getToken 
Also add getRawToken to do what getToken did before, and fix up
documentation.
 2020-03-06 06:51:25 -08:00
Sauyon Lee
4b9cc87c2e Add test for replace line with versions 2020-03-06 06:51:24 -08:00
Sauyon Lee
25577a8108 Remove DependencyCustomizations 2020-03-06 06:51:24 -08:00
Sauyon Lee
78239accd5 Dependencies: Make getAnImport() more precise 
In particular, ensure that the go file importing the dependency is under
the directory of the file where the dependency is declared.

Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:23 -08:00
Sauyon Lee
b27e63ba83 Address review comments 
Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:22 -08:00
Sauyon Lee
5911b7005a Add tests for dependencies library 2020-03-06 06:51:20 -08:00
Sauyon Lee
dddc8cecd4 Add go.mod expression tests 2020-03-06 06:51:19 -08:00
Sauyon Lee
6c78490bbe Add libraries modeling dependencies 2020-03-06 06:51:18 -08:00
Sauyon Lee
d92e49fb17 Add libraries for go.mod expressions 2020-03-06 06:51:17 -08:00
Max Schaefer
3a7910da5a Introduce (un-)marshaling functions as a concept and instantiate it with the functions in encoding/json. 2020-03-06 10:07:54 +00:00
Max Schaefer
9bcbfb2911 Fix flow step from global functions to their use. 
How does anything work.
 2020-03-06 09:41:35 +00:00
Max Schaefer
a7ecb50a34 Add taint-tracking model for append. 2020-03-06 09:41:35 +00:00
Max Schaefer
4f061005cb Add a taint-tracking model for copy. 2020-03-06 09:41:35 +00:00
Max Schaefer
3f8d2117d8 Introduce post-update nodes for arguments with a mutable type. 2020-03-06 09:41:35 +00:00
Max Schaefer
b99c63d180 Factor out an auxiliary predicate. 2020-03-06 09:41:35 +00:00
Max Schaefer
af2c7aae5d Don't rely on flow through function models in definition of PostUpdateNode. 2020-03-06 09:41:35 +00:00
Max Schaefer
185d0910c3 Sharpen stringConcatStep to exclude addition. 2020-03-06 09:41:35 +00:00
Sauyon Lee
e75497ed3b update stats sha and stats 2020-03-04 06:26:43 -08:00
Sauyon Lee
db4efd6124 Add support for extracting go.mod files 2020-03-04 06:26:42 -08:00
Max Schaefer
1ae0dd46ec Clarify method identity. 2020-03-04 12:53:37 +00:00
Max Schaefer
264478f4b8 Remove a mistaken uniqueness annotation. 2020-03-04 10:34:55 +00:00
Sauyon Lee
5e71a04fdf Merge pull request #42 from max-schaefer/experimental-guidelines 
Add guidelines for experimental CodeQL queries and libraries.
 2020-03-02 10:22:41 -08:00
Max Schaefer
56e07356fc Update ql/test/experimental/README.md 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-03-02 10:20:07 +00:00
Max Schaefer
cef017071f Move guidelines into ql folder. 2020-03-02 09:23:06 +00:00
Max Schaefer
2629f55d95 Add guidelines for experimental CodeQL queries and libraries. 2020-02-28 14:43:00 +00:00
Max Schaefer
90f1a7da75 Fix NamedType.getMethod to take interface embedding into account. 2020-02-28 10:37:14 +00:00
Max Schaefer
2eba7dee6f Add new table methodhosts associating interface methods with named types. 
In particular, methods from embedded interfaces will be associated with the same named type as those from the outer interface, even though their receiver types may be different.
 2020-02-28 10:24:04 +00:00
Max Schaefer
6dfd5fd934 Extend Types tests to cover interfaces. 2020-02-28 10:22:59 +00:00
Max Schaefer
9bf5a31351 Clarify field identity. 
Like-named fields declared in identical types are identical. This can be a little confusing, since such fields will have multiple declarations and multiple locations, so it's worth calling out explicitly in the documentation.
 2020-02-26 10:10:47 +00:00
Sauyon Lee
b931539f68 Merge pull request #36 from max-schaefer/remove-unused-predicate 
Remove an unused predicate.
 2020-02-25 09:40:42 -08:00
Max Schaefer
34c66c4245 Remove an unused predicate. 2020-02-25 10:46:09 +00:00