hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 17:34:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,352 Commits 1,683 Branches 158 Tags
400a8ffae5339c19af66ad90ae9b26643df0c991
Commit Graph

10352 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
400a8ffae5 Python: Use slightly better name than foobar 
I intended to rename before committing, but woops
 2020-02-26 14:08:10 +01:00
Rasmus Wriedt Larsen
bfa7553095 Python: urlsplit sanitizer handles in [KNOWN_VALUE] 2020-02-21 16:03:29 +01:00
Rasmus Wriedt Larsen
798db91f71 Python: Add more urlsplit tests 2020-02-21 15:51:33 +01:00
Rasmus Wriedt Larsen
31ff652cb3 Python: Make Sanitizer available for urlsplit taint 
It isn't used by default, it has to *actively* be enabled.
 2020-02-21 15:18:53 +01:00
Rasmus Wriedt Larsen
fd270cc02c Python: Add basic taint support for urlsplit/urlparse 2020-02-19 16:31:10 +01:00
Rasmus Wriedt Larsen
74345b1c05 Python: Make library-tests/taint/strings tests more transparent 
Following the setup I invented for library-tests/taint/unpacking.

TestStep is still a bit annoying, since the output is not easy to eyeball; but
for now I guess we can live with it :)

I honestly didn't get the point of DistinctStringKinds.ql, other than showing we
can handle multiple taint kinds
 2020-02-19 16:24:22 +01:00
Rasmus Wriedt Larsen
e4b83855d9 Python: Autoformat security/strings/External.qll 2020-02-19 16:24:13 +01:00
Geoffrey White
c94582a1c0 Merge pull request #2861 from MathiasVP/gvn-use-impl 
C++: Import AST GVN module for tests
 2020-02-19 11:16:11 +00:00
semmle-qlci
5e0f21a162 Merge pull request #2854 from max-schaefer/js/regexp-bounded-quantifier-fix 
Approved by esbena
 2020-02-19 10:12:13 +00:00
Mathias Vorreiter Pedersen
3a05a82c1d C++: Accept output 2020-02-19 10:35:03 +01:00
Mathias Vorreiter Pedersen
246ef694f6 Merge branch 'master' into gvn-use-impl 2020-02-19 10:29:46 +01:00
Max Schaefer
4346691cdc JavaScript: Distinguish {lo} and {lo,} in the regular expression parser. 2020-02-19 08:26:14 +00:00
Rebecca Valentine
9e3ed214d0 Python: ObjectAPI to ValueAPI: Foresight Additions (#2819) 
* Adds the...Type() predicates as foresight modernizations.

* Removes predicates that are not currently ported/portable

* Adds range types

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Swaps xType for just x, at least when it's new

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-02-18 21:29:20 -08:00
Mathias Vorreiter Pedersen
cc4c780573 Merge pull request #2860 from jbj/isInCycle-neighbors 
C++: Manual magic for `isInCycle`
 2020-02-18 17:41:19 +01:00
Robert Marsh
aaf6926c34 Merge pull request #2851 from jbj/ir-enable-only 
C++: Use IR for security.TaintTracking and GVN
 2020-02-18 11:37:34 -05:00
Taus
ffbb5d0529 Merge pull request #2739 from RasmusWL/python-modernise-security 
Python: modernise Security/ queries
 2020-02-18 16:28:53 +01:00
Mathias Vorreiter Pedersen
4cad5549ee C++: Directly import AST GVN module in tests 2020-02-18 12:21:14 +01:00
Esben Sparre Andreasen
abe7aeef7c Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
Jonas Jensen
0d239e8bd2 C++: Manual magic for isInCycle 
The `isInCycle` predicate would take a long time on Wireshark with 6GB
RAM, sometimes OOMing in the fastTC HOP. Analyzing wireshark with 6GB is
important because that's the standard configuration on our Jenkins
workers. With this commit, I can analyze Wireshark with 6GB on my
laptop.

The `getNonPhiOperandDef` predicate on Wireshark is 34M tuples, while
`getDefIfHasNeighbors` is 11M tuples, and the TC of
`getDefIfHasNeighbors` is 23M tuples (487 MB).
 2020-02-18 08:33:43 +01:00
semmle-qlci
ecad925101 Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries 
Approved by aschackmull
 2020-02-17 18:22:46 +00:00
yo-h
d3b1729864 Merge pull request #2793 from aschackmull/java/format-taint-step 
Java: Add String.format as default taint step.
 2020-02-17 12:50:12 -05:00
Alexander Eyers-Taylor
c685b348c3 Merge pull request #2837 from jf205/monotonic-aggregates 
docs: expand QL book entry on monotonic aggregates
 2020-02-17 17:05:54 +00:00
james
d5ff8f2b8e docs: technical feedback 2020-02-17 16:20:31 +00:00
Tom Hvitved
0e7838aca5 Data flow: Sync files 2020-02-17 15:08:26 +01:00
Tom Hvitved
c7aa31d90a Address review comments 2020-02-17 15:07:53 +01:00
Anders Schack-Mulligen
cabe627d1e Java: Fix qldoc. 2020-02-17 14:44:12 +01:00
Rasmus Wriedt Larsen
f3ab52b1fe Python: Use StringValue instead of Value::forString 2020-02-17 14:41:32 +01:00
Rasmus Wriedt Larsen
6d5a8e4995 Python: Fix typos 2020-02-17 14:34:22 +01:00
semmle-qlci
23ed2bcc64 Merge pull request #2782 from asger-semmle/js/export-as-ns 
Approved by erik-krogh, max-schaefer
 2020-02-17 11:22:58 +00:00
Taus
03ae7831ad Merge pull request #2711 from RasmusWL/python-fix-import-deprecated-module 
Python: fix alerts for py/import-deprecated-module
 2020-02-17 11:46:12 +01:00
Taus
df3ac49c28 Merge pull request #2700 from RasmusWL/python-taint-iterable-unpacking 
Python: Handle iterable unpacking in taint tracking
 2020-02-17 11:44:25 +01:00
Taus
990d1c1663 Merge pull request #2802 from RasmusWL/python-fix-fp-py/import-own-module 
Python: Fix FP for py/import own module
 2020-02-17 11:23:11 +01:00
Tom Hvitved
8e325ead91 Add change notes 2020-02-17 11:00:10 +01:00
Tom Hvitved
dcdb5299f0 C#: Update expected test output 2020-02-17 10:52:02 +01:00
Tom Hvitved
7eae5f913c C#: Update data-flow test 2020-02-17 10:45:44 +01:00
Tom Hvitved
28307399f8 Data flow: Sync files 2020-02-17 10:45:35 +01:00
Tom Hvitved
bc6c4744b1 Data flow: Follow-up changes to FlowExploration module 2020-02-17 10:43:26 +01:00
Tom Hvitved
307ac7f0b3 Data flow: Remove UntypedAccessPath again 2020-02-17 10:32:27 +01:00
Jonas Jensen
0aba965a9e C++: Don't mention deprecated class 
The language tests were failing because they don't tolerate mentioning a
deprecated class anywhere.
 2020-02-16 09:43:25 +01:00
Jonas Jensen
a59c0facee C++: Accept test changes for IR libs 
This is for the tests in the ql repo. There are also changed tests in
the internal repo.
 2020-02-15 21:12:20 +01:00
Jonas Jensen
f4ba56f0c0 C++: Use IR for security.TaintTracking and GVN 2020-02-15 21:10:29 +01:00
Jonas Jensen
e95ebb25a5 C++: Ensure tainted_diff.ql keeps using old lib 
Without this, the test will compare the IR to itself after we enable it.
 2020-02-15 21:10:29 +01:00
Jonas Jensen
0628625a76 Merge pull request #2835 from MathiasVP/value-number-perf 
C++: Value number performance fix
 2020-02-15 20:40:53 +01:00
Mathias Vorreiter Pedersen
8cda847dbc C++: Add TLoadTotalOverlapValueNumber to getKind predicate in AST GVN wrapper 2020-02-15 09:37:45 -07:00
Jonas Jensen
49d2f5a60b C++: autoformat 2020-02-15 09:41:27 +01:00
Dave Bartolomeo
867581df91 Merge pull request #2844 from MathiasVP/value-numbering-performance-fix-2 
C++: Ensure that there is just one overlap for an operand in value numbering
 2020-02-14 16:40:03 -07:00
Robert Marsh
7abd289d7d C++: reinclude IRType in total load value numbers 2020-02-14 13:34:29 -08:00
Robert Marsh
f3c788d1e9 Merge pull request #2843 from jbj/ValueNumbering-import-order 
C++: Change import order for stable cache checksum
 2020-02-14 13:34:20 -05:00
Mathias Vorreiter Pedersen
8b8a8cae5b C++/C#: Sync identical files 2020-02-14 16:11:57 +01:00
Mathias Vorreiter Pedersen
4a7b865dc0 C++: Move overlap fix into SSAConstruction 2020-02-14 16:11:00 +01:00