hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,254 Commits 1,684 Branches 159 Tags
2d8fd711891877be50004e0cf6de7eecb44a6051
Commit Graph

2254 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
2d8fd71189 Comment on why summaryDataFlowCall is none() 2021-12-08 11:20:31 -05:00
Owen Mansel-Chan
adf3dc0c61 Move type assertion into declared type 2021-12-08 11:20:31 -05:00
Owen Mansel-Chan
9f763dd044 Move built-in models to ExternalFlow 2021-12-08 11:20:30 -05:00
Owen Mansel-Chan
d717734820 Do not allow "Argument" on its own 2021-12-08 11:20:30 -05:00
Owen Mansel-Chan
d2ca1fb2eb Address review comments #2 2021-12-08 11:20:29 -05:00
Owen Mansel-Chan
12058a2621 Fix containerStoreStep and containerReadStep 2021-12-08 11:20:29 -05:00
Owen Mansel-Chan
ab8096b717 Add tests for more content types (Element, MapKey, MapValue) 2021-12-08 11:20:28 -05:00
Owen Mansel-Chan
b7aa85b054 Address some review comments 2021-12-08 11:20:28 -05:00
Owen Mansel-Chan
f375553933 Add variadic functions test for function models 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
b75def62fe Add variadic functions test for external flow 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
d9848fe515 Add more tests for variadic functions 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
8044fb2519 Add more flow tests for external flow 2021-12-08 11:20:26 -05:00
Owen Mansel-Chan
63d997f820 (Unimportant) Fix module name for vendored stubs 
This doesn't affect the test, but does mean that you can run
`go build` to check the test would build.
 2021-12-08 11:20:26 -05:00
Owen Mansel-Chan
1929a1f7a7 Fix unrelated test in experimental 2021-12-08 11:20:25 -05:00
Owen Mansel-Chan
5e38f48b74 Autoformat 2021-12-08 11:20:25 -05:00
Owen Mansel-Chan
a3df3614a5 Convert completetest to an inline flow test 2021-12-08 11:20:24 -05:00
Owen Mansel-Chan
8f7a34f9cb Fix external flow tests 2021-12-08 11:20:24 -05:00
Owen Mansel-Chan
71bf834765 Fix incorrect assumption 
node2 doesn't have to be a PostUpdateNode
 2021-12-08 11:20:23 -05:00
Sauyon Lee
3379790686 add flow test involving CSV 2021-12-08 11:20:22 -05:00
Sauyon Lee
a632a58221 add CSV models of append 2021-12-08 11:20:22 -05:00
Sauyon Lee
070e383516 allow empty namespaces for Go 2021-12-08 11:20:21 -05:00
Owen Mansel-Chan
70c9ca5611 Update documentation in ExternalFlow.qll 2021-12-08 11:20:21 -05:00
Owen Mansel-Chan
038f951e9f Fix containerStoreStep 
Update some comments as well, and change a variable name
 2021-12-08 11:20:20 -05:00
Owen Mansel-Chan
be6501d8e4 Add tests for data and taint flow through arrays and var args 2021-12-08 11:20:20 -05:00
Sauyon Lee
2060731077 Add tests for external flow 2021-12-08 11:20:20 -05:00
Sauyon Lee
873f496038 Use basicLocalFlowStep instead of .getASuccessor 
This prevents non-monotonic recursion through summary post-update nodes
 2021-12-07 07:39:28 -05:00
Sauyon Lee
afe7edc093 Fix test output 
Includes a bunch of new edges, but no new results
 2021-12-07 07:39:28 -05:00
Sauyon Lee
0572c4785c Model net http sources as csv 2021-12-07 07:39:27 -05:00
Sauyon Lee
bebdb0ba53 Add RangeIndexNode 2021-12-07 07:39:27 -05:00
Sauyon Lee
3750af41d3 Add standard container steps 2021-12-07 07:39:27 -05:00
Sauyon Lee
8c4a1d2559 Consider CSV remote sources as untrusted flow sources 2021-12-07 07:39:26 -05:00
Sauyon Lee
d62f417130 Remove uses of getEnclosingCallable 2021-12-07 07:39:26 -05:00
Sauyon Lee
30ab22f5a6 Fix compilation errors with new DataFlowCallable 2021-12-07 07:39:26 -05:00
Chris Smowton
b10d5cf0b0 Broaden ReturnNode to include return nodes of summaries 2021-12-07 07:39:25 -05:00
Chris Smowton
94d9d08489 Fix DataFlow::Node::getEnclosingCallable 2021-12-07 07:39:25 -05:00
Sauyon Lee
c8a2a6356a Add summary parameter nodes 2021-12-07 07:39:25 -05:00
Sauyon Lee
4af4a11729 Make getACallee return DataFlowCallable 2021-12-07 07:39:24 -05:00
Sauyon Lee
8cba368ef5 Model archive/tar.FileInfoHeader in CSV 2021-12-07 07:39:24 -05:00
Sauyon Lee
86d3410041 Add asFunctionNode to new dataflowcallable 2021-12-07 07:39:23 -05:00
Sauyon Lee
d9383d9412 Don't use internal predicates in revel 2021-12-07 07:39:23 -05:00
Sauyon Lee
73684f483c Allow for Return[i] specifications 2021-12-07 07:39:22 -05:00
Sauyon Lee
aa747ea5ff Fix validation regexes for go 2021-12-07 07:39:22 -05:00
Sauyon Lee
0151cd4f2e Document SourceOrSinkElement 2021-12-07 07:39:22 -05:00
Sauyon Lee
0b50b7b2b1 Make DataFlowCallable either a Function or a FuncLit 2021-12-07 07:39:21 -05:00
Sauyon Lee
3ac2a50497 Update test output 2021-12-07 07:39:21 -05:00
Owen Mansel-Chan
763861bef9 Keep call to defaultTaintSanitizerGuard 2021-12-07 07:39:21 -05:00
Sauyon Lee
e41d609921 Use newtype for SourceOrSinkElement 2021-12-07 07:39:20 -05:00
Sauyon Lee
9bfe1c94b3 autoformat 2021-12-07 07:39:20 -05:00
Sauyon Lee
16371ac488 Add support for summary elements 2021-12-07 07:39:19 -05:00
Sauyon Lee
96c58b58dd Add EmptyInterfaceType 2021-12-07 07:39:19 -05:00