hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
491 Commits 1,684 Branches 159 Tags
407493094de3d6bc3be7e5f1065fb765f760ed09
Commit Graph

138 Commits

Author SHA1 Message Date
Sauyon Lee
830c3fce2a RequestForgery: Add tests 2020-04-02 23:49:57 -07:00
Max Schaefer
77c282824e Merge pull request #81 from gagliardetto/system-executors 
Expand system executors (continuation of #70)
 2020-04-03 07:24:05 +01:00
Sauyon Lee
bc59fa40d7 Merge pull request #73 from intrigus-lgtm/make-CWE-643-supported 
Make cwe 643 supported
 2020-04-01 17:45:45 -07:00
intrigus
615fe09ed7 Format go test stubs 2020-04-01 15:52:55 +02:00
Slavomir
33c18b0d11 expand system executors 2020-04-01 15:12:48 +03:00
intrigus
4924be54a7 Fix one test method 2020-03-31 16:46:29 +02:00
intrigus
0586fe9235 Add missing stubs in vendor/ 2020-03-31 16:46:08 +02:00
intrigus
66451a776d Add test cases for all libraries 
Note: This is currently missing appropriate vendoring
so will probably fail for now.
 2020-03-30 23:44:25 +02:00
intrigus
8278dd358e Try to fix test 2020-03-27 16:13:00 +01:00
Sauyon Lee
080d14ea50 Add a test for the Read taint step 2020-03-27 04:22:13 -07:00
intrigus
35a6fdb589 Add XPath framework models 2020-03-26 20:18:16 +01:00
Sauyon Lee
541c82a7f3 HTTP: Add some more untrusted fields and methods 
Also, fix up broken tests.
 2020-03-26 07:20:14 -07:00
Sauyon Lee
e1b0bed6b3 Merge pull request #72 from max-schaefer/improve-virtual-call-resolution 
Refine virtual call targets by local reasoning where possible
 2020-03-26 06:00:59 -07:00
Max Schaefer
46a1a4e010 Add a test. 2020-03-25 20:34:34 +00:00
Sauyon Lee
bd5f0b01cf Fix tests 2020-03-25 04:01:14 -07:00
Sauyon Lee
fd88d913f7 Fix tests 2020-03-25 04:01:09 -07:00
Sauyon Lee
cc13a5d618 OpenUrlRedirect: Expand safe URL flow configuration 
Also add some more tests
 2020-03-25 04:01:08 -07:00
Max Schaefer
62b79721ea Track taint through element writes. 
This adds a taint step from `pred` to (the post-update node) of `succ` in `succ[idx] = pred` and its syntactic variants.

Unlike for structs, where partially tainted values are quite common, the theory is that arrays, maps, and slices are usually either completely tainted or completely clean.
 2020-03-23 09:15:01 +00:00
Max Schaefer
f53732ec5a Merge pull request #39 from sauyon/go1.14 
Go 1.14 support
 2020-03-18 10:08:50 +00:00
Max Schaefer
0a59470640 Fix tests. (#3) 2020-03-18 02:10:24 -07:00
Max Schaefer
ad1324d2dd Add test. 2020-03-17 12:08:42 +00:00
Sauyon Lee
e9b47298ed Merge pull request #61 from max-schaefer/better-method-sets 
Reformulate `Method.hasQualifiedName` in terms of method sets
 2020-03-17 07:46:19 -04:00
Max Schaefer
74bcfdd01c Remove an unused and potentially confusing predicate. 2020-03-16 13:24:57 +00:00
Max Schaefer
0fc7febd1d Add another test. 2020-03-13 15:54:39 +00:00
Max Schaefer
f41151350a Merge pull request #60 from sauyon/bitwise-xor-fps 
MistypedExponentiation: Add a heuristic to reduce FPs
 2020-03-13 15:46:03 +00:00
Max Schaefer
8898858fff Add tests. 2020-03-13 14:19:27 +00:00
Max Schaefer
39fa6052e6 Also treat second argument to make (slice capacity) as an allocation size. 2020-03-13 12:17:53 +00:00
Max Schaefer
ea36d49218 Add new query AllocationSizeOverflow. 2020-03-13 10:18:51 +00:00
Sauyon Lee
6e681f829b MistypedExponentiation: Add a heuristic to reduce FPs 2020-03-12 09:13:52 -07:00
Max Schaefer
a8c1731f9d Merge pull request #50 from sauyon/uintptr 
Make uintptrtype a subclass of unsignedintegertype
 2020-03-11 09:57:00 +00:00
Sauyon Lee
cdf3bc4fa0 Merge pull request #52 from max-schaefer/issue-48 
Improve taint-tracking through pointers and other fixes
 2020-03-09 06:36:43 -07:00
Sauyon Lee
5b81775670 Fix constant values test data 2020-03-09 04:40:01 -07:00
Max Schaefer
4dca00e99c Merge pull request #45 from sauyon/go-mod-libs 
Go.mod extraction libraries and tests
 2020-03-09 09:40:41 +00:00
Max Schaefer
1be0cc57a8 Add test case from https://github.com/github/codeql-go/issues/48. 2020-03-06 17:35:50 +00:00
Max Schaefer
bcb9ce2498 Add another test for StringBreak. 2020-03-06 17:35:50 +00:00
Sauyon Lee
4b9cc87c2e Add test for replace line with versions 2020-03-06 06:51:24 -08:00
Sauyon Lee
b27e63ba83 Address review comments 
Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:22 -08:00
Sauyon Lee
5911b7005a Add tests for dependencies library 2020-03-06 06:51:20 -08:00
Sauyon Lee
dddc8cecd4 Add go.mod expression tests 2020-03-06 06:51:19 -08:00
Max Schaefer
9bcbfb2911 Fix flow step from global functions to their use. 
How does anything work.
 2020-03-06 09:41:35 +00:00
Max Schaefer
a7ecb50a34 Add taint-tracking model for append. 2020-03-06 09:41:35 +00:00
Max Schaefer
4f061005cb Add a taint-tracking model for copy. 2020-03-06 09:41:35 +00:00
Max Schaefer
185d0910c3 Sharpen stringConcatStep to exclude addition. 2020-03-06 09:41:35 +00:00
Sauyon Lee
14e758a6ea HTTP: Add model for Header.Values() 2020-03-05 13:44:16 -08:00
Sauyon Lee
c243bb4243 Add tests for go1.14 overlapping embedded methods 2020-03-05 13:44:15 -08:00
Sauyon Lee
5e71a04fdf Merge pull request #42 from max-schaefer/experimental-guidelines 
Add guidelines for experimental CodeQL queries and libraries.
 2020-03-02 10:22:41 -08:00
Max Schaefer
56e07356fc Update ql/test/experimental/README.md 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-03-02 10:20:07 +00:00
Max Schaefer
cef017071f Move guidelines into ql folder. 2020-03-02 09:23:06 +00:00
Max Schaefer
2629f55d95 Add guidelines for experimental CodeQL queries and libraries. 2020-02-28 14:43:00 +00:00
Max Schaefer
90f1a7da75 Fix NamedType.getMethod to take interface embedding into account. 2020-02-28 10:37:14 +00:00