hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
173 Commits 1,684 Branches 159 Tags
3eee780fddfb992af97f38d4e0fadd54514a8e43
Commit Graph

173 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
3eee780fdd TaintTracking: minor functionNodeStep call improvement 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2020-01-28 13:01:34 -08:00
Sauyon Lee
9af436566f OpenUrlRedirect: Use a data-flow configuration to track whole URLs 2020-01-28 13:01:33 -08:00
Sauyon Lee
a2b5bb85ab OpenUrlRedirect: Fix test compilation 2020-01-28 13:01:19 -08:00
Sauyon Lee
e17f548780 Add DataFlow2 2020-01-28 12:59:47 -08:00
Sauyon Lee
30d2fb0b7f TaintTracking: Make functionModelStep take a FunctionModel 
This makes using only some function models easier.
 2020-01-28 12:59:46 -08:00
Sauyon Lee
260b33be7e OpenUrlRedirect: Add untrusted methods 
Also use more up-to-date data-flow APIs
 2020-01-28 12:59:45 -08:00
Sauyon Lee
abfdd7ee1e OpenUrlRedirect: make functions like isValidRedirect barrier guards 2020-01-28 12:59:44 -08:00
Sauyon Lee
82635a46ad OpenUrlRedirect: only make some parts of the URL untrusted 2020-01-28 12:59:43 -08:00
Max Schaefer
2b92cd5ba5 Merge pull request #209 from sauyon/bad-redirect-sanitiser 
Bad redirect sanitiser
 2020-01-28 20:11:46 +00:00
Sauyon Lee
aa33595b0f Address review comments 2020-01-28 08:26:37 -08:00
Sauyon Lee
497bfeee83 BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity 2020-01-27 17:33:54 -08:00
Sauyon Lee
f897f68ead SsaWithFilds: Add a getQualifiedName predicate 2020-01-27 17:33:53 -08:00
Sauyon Lee
a31ad88fc9 BadRedirectSanitizer: Transition to using data-flow API 2020-01-27 17:33:53 -08:00
Sauyon Lee
abc9438cd3 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2020-01-27 17:33:52 -08:00
Sauyon Lee
3a73658a9c BadRedirectSanitizer: Bind e to hp 
Address doc review comments
 2020-01-27 17:33:51 -08:00
Sauyon Lee
aa28724f7c Add BadRedirectCheck query 2020-01-27 17:33:50 -08:00
Sauyon Lee
9c6aa80718 Move OpenUrlRedirect tests into their own directory 2020-01-27 17:33:49 -08:00
Sauyon Lee
c889cb3501 Add getAnOperand to OperatorExpr 2020-01-27 17:33:48 -08:00
Sauyon Lee
edecb4e128 Merge pull request #227 from max/redundant-expr-bug 
Fix hash-consing of literals
 2020-01-27 11:35:40 -08:00
Max Schaefer
3c1a68ee8f Fix hash-consing of literals. 
We shouldn't rely on the literal value given in the `literals` table, but use the exact value (where available) instead.
 2020-01-27 12:05:48 +00:00
Sauyon Lee
496ad5d051 Merge pull request #226 from max/fix-classify-files-regex 
Fix regex in ClassifyFiles.
 2020-01-24 21:01:01 -08:00
Sauyon Lee
6e4880bc53 Merge pull request #220 from max/example-queries 
Add example queries
 2020-01-24 09:42:31 -08:00
Max Schaefer
d293388172 Add failing test case for RedundantExpr. 2020-01-24 16:20:08 +00:00
Max Schaefer
77b86150d6 Fix regex in ClassifyFiles. 
`Comment.getText()` does not include the delimiter.
 2020-01-24 14:05:13 +00:00
Max Schaefer
c30b1d98ea Address review comments. 2020-01-24 10:26:59 +00:00
Max Schaefer
ebea811a83 Add example queries. 2020-01-24 10:26:59 +00:00
Max Schaefer
9507a22f48 Merge pull request #213 from sauyon/codeql-test 
Use codeql for testing and add binary cross compilation support
 2020-01-24 09:40:47 +00:00
Sauyon Lee
2bd88d5b61 Merge pull request #225 from max/impossible-interface-nil-check-robustness 
Make ImpossibleInterfaceNilCheck more robust.
 2020-01-23 16:06:03 -08:00
Sauyon Lee
3a53269a52 Merge pull request #223 from max/update-dataflow 
Add support for taint-getter/setter summaries in data flow.
 2020-01-23 16:03:05 -08:00
Sauyon Lee
a6a8375ae5 Merge pull request #224 from max/make-implicit-deref-explicit 
Make implicit dereferences explicit
 2020-01-23 00:50:18 -08:00
Max Schaefer
47104a3db8 Add explanatory comment. 2020-01-23 08:14:57 +00:00
Max Schaefer
5895c6ac69 Fix typo. 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-01-23 08:10:20 +00:00
Sauyon Lee
fe23f88468 Merge pull request #221 from max/cleanup 
Minor fixes
 2020-01-22 00:52:58 -08:00
Max Schaefer
fe56c207a3 Make ImpossibleInterfaceNilCheck more robust. 
It no longer flags alerts that may be simply caused by missing type information.
 2020-01-21 10:04:57 +00:00
Max Schaefer
d78ba06a8d Add change note. 2020-01-21 09:56:59 +00:00
Max Schaefer
baeae0f69c Add a few variants to test. 2020-01-21 09:56:59 +00:00
Max Schaefer
6671b61fd3 Model panic from out-of-bounds index expression. 2020-01-21 09:56:59 +00:00
Max Schaefer
f42a2b060c Take implicit dereferences in index and slice expressions into account as well. 2020-01-21 09:56:59 +00:00
Max Schaefer
a4f5ad7412 Refactor implementation of SliceNode. 2020-01-21 09:56:59 +00:00
Max Schaefer
44b9bcf7a1 Autoformat. 2020-01-21 09:56:59 +00:00
Max Schaefer
64049d8f3d Make taint tracking less syntactic. 2020-01-21 09:56:59 +00:00
Max Schaefer
9f897132f2 Update HTTP library. 2020-01-21 09:56:59 +00:00
Max Schaefer
a2879dc754 Model implicit dereferences in data flow. 2020-01-21 09:56:59 +00:00
Max Schaefer
ba9d2fb2eb Add IR instructions to model implicit pointer dereferences. 2020-01-21 09:56:59 +00:00
Max Schaefer
efc5f10f07 Streamline definition of UserControlledRequestField. 2020-01-21 09:56:59 +00:00
Max Schaefer
39b28a4969 Make CallNode.getReceiver() less syntactic. 2020-01-21 09:56:59 +00:00
Max Schaefer
ef964632be Remove CallExpr.getQualifier() and its single, pointless, use. 2020-01-21 09:56:59 +00:00
Max Schaefer
8fc414b93f Autoformat. 2020-01-21 09:56:59 +00:00
Max Schaefer
1d33a619d9 Add failing test case. 2020-01-20 20:46:12 +00:00
Max Schaefer
5eb95c7895 Add support for taint-getter/setter summaries in data flow. 2020-01-20 11:29:12 +00:00