codeql

mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00

Author	SHA1	Message	Date
Sauyon Lee	830c3fce2a	RequestForgery: Add tests	2020-04-02 23:49:57 -07:00
Sauyon Lee	bc59fa40d7	Merge pull request #73 from intrigus-lgtm/make-CWE-643-supported Make cwe 643 supported	2020-04-01 17:45:45 -07:00
intrigus	615fe09ed7	Format go test stubs	2020-04-01 15:52:55 +02:00
intrigus	4924be54a7	Fix one test method	2020-03-31 16:46:29 +02:00
intrigus	0586fe9235	Add missing stubs in vendor/	2020-03-31 16:46:08 +02:00
intrigus	66451a776d	Add test cases for all libraries Note: This is currently missing appropriate vendoring so will probably fail for now.	2020-03-30 23:44:25 +02:00
intrigus	8278dd358e	Try to fix test	2020-03-27 16:13:00 +01:00
intrigus	35a6fdb589	Add XPath framework models	2020-03-26 20:18:16 +01:00
Sauyon Lee	bd5f0b01cf	Fix tests	2020-03-25 04:01:14 -07:00
Sauyon Lee	fd88d913f7	Fix tests	2020-03-25 04:01:09 -07:00
Sauyon Lee	cc13a5d618	OpenUrlRedirect: Expand safe URL flow configuration Also add some more tests	2020-03-25 04:01:08 -07:00
Max Schaefer	62b79721ea	Track taint through element writes. This adds a taint step from `pred` to (the post-update node) of `succ` in `succ[idx] = pred` and its syntactic variants. Unlike for structs, where partially tainted values are quite common, the theory is that arrays, maps, and slices are usually either completely tainted or completely clean.	2020-03-23 09:15:01 +00:00
Max Schaefer	f41151350a	Merge pull request #60 from sauyon/bitwise-xor-fps MistypedExponentiation: Add a heuristic to reduce FPs	2020-03-13 15:46:03 +00:00
Max Schaefer	39fa6052e6	Also treat second argument to `make` (slice capacity) as an allocation size.	2020-03-13 12:17:53 +00:00
Max Schaefer	ea36d49218	Add new query `AllocationSizeOverflow`.	2020-03-13 10:18:51 +00:00
Sauyon Lee	6e681f829b	MistypedExponentiation: Add a heuristic to reduce FPs	2020-03-12 09:13:52 -07:00
Max Schaefer	1be0cc57a8	Add test case from https://github.com/github/codeql-go/issues/48 .	2020-03-06 17:35:50 +00:00
Max Schaefer	bcb9ce2498	Add another test for StringBreak.	2020-03-06 17:35:50 +00:00
Max Schaefer	285f392a12	Sharpen the sources for `StringBreak`. `json.Marshal` returns two results, we only want to consider the first one as a source.	2020-02-21 10:19:09 +00:00
Sauyon Lee	3e6a96d21b	IncompleteHostnameRegexp: Use a reluctant regexp This should help make results more comprehensible by including the maximal string after an unescaped dot.	2020-02-19 13:04:16 -08:00
Sauyon Lee	e4d228fa0f	Fix CleartextStorage tests	2020-02-07 03:13:13 -08:00
Sauyon Lee	6300fdf85e	Remove accidentally added CleartextStorage tests	2020-02-07 03:13:12 -08:00
Sauyon Lee	559ac8f0d2	Fix squirrel test build	2020-02-07 03:12:19 -08:00
Sauyon Lee	87865afa42	ReflectedXss: Remove FPs from constant prefix Fprintfs	2020-02-03 16:00:33 -08:00
Sauyon Lee	3c88eab84c	Merge pull request #229 from max/string-break Add query to find unsafe quoting	2020-02-03 09:47:36 -08:00
Max Schaefer	af3d91ffd3	Add query StringBreak.	2020-02-03 09:01:40 +00:00
Sauyon Lee	d2e5322b94	Apply review comments	2020-01-28 13:01:35 -08:00
Sauyon Lee	a2b5bb85ab	OpenUrlRedirect: Fix test compilation	2020-01-28 13:01:19 -08:00
Sauyon Lee	abfdd7ee1e	OpenUrlRedirect: make functions like isValidRedirect barrier guards	2020-01-28 12:59:44 -08:00
Sauyon Lee	82635a46ad	OpenUrlRedirect: only make some parts of the URL untrusted	2020-01-28 12:59:43 -08:00
Max Schaefer	2b92cd5ba5	Merge pull request #209 from sauyon/bad-redirect-sanitiser Bad redirect sanitiser	2020-01-28 20:11:46 +00:00
Sauyon Lee	497bfeee83	BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity	2020-01-27 17:33:54 -08:00
Sauyon Lee	a31ad88fc9	BadRedirectSanitizer: Transition to using data-flow API	2020-01-27 17:33:53 -08:00
Sauyon Lee	aa28724f7c	Add `BadRedirectCheck` query	2020-01-27 17:33:50 -08:00
Sauyon Lee	9c6aa80718	Move OpenUrlRedirect tests into their own directory	2020-01-27 17:33:49 -08:00
Sauyon Lee	edecb4e128	Merge pull request #227 from max/redundant-expr-bug Fix hash-consing of literals	2020-01-27 11:35:40 -08:00
Max Schaefer	d293388172	Add failing test case for RedundantExpr.	2020-01-24 16:20:08 +00:00
Max Schaefer	77b86150d6	Fix regex in ClassifyFiles. `Comment.getText()` does not include the delimiter.	2020-01-24 14:05:13 +00:00
Sauyon Lee	2bd88d5b61	Merge pull request #225 from max/impossible-interface-nil-check-robustness Make ImpossibleInterfaceNilCheck more robust.	2020-01-23 16:06:03 -08:00
Max Schaefer	fe56c207a3	Make ImpossibleInterfaceNilCheck more robust. It no longer flags alerts that may be simply caused by missing type information.	2020-01-21 10:04:57 +00:00
Max Schaefer	baeae0f69c	Add a few variants to test.	2020-01-21 09:56:59 +00:00
Max Schaefer	a2879dc754	Model implicit dereferences in data flow.	2020-01-21 09:56:59 +00:00
Max Schaefer	1d33a619d9	Add failing test case.	2020-01-20 20:46:12 +00:00
Sauyon Lee	471d843025	Merge pull request #222 from max/switch-guard-nodes Switch guard nodes	2020-01-17 21:44:59 +00:00
Max Schaefer	98c7c4a255	Autoformat.	2020-01-17 10:25:10 +00:00
Sauyon Lee	aa9489ea28	Merge pull request #218 from max/field-refs Fix handling of references to fields and methods	2020-01-16 14:26:55 -08:00
Max Schaefer	b7a830593d	Correctly create extract nodes for `return`s where we cannot infer the type of the returned expression, but know from context that it must be a tuple type.	2020-01-15 10:22:29 +00:00
Sauyon Lee	f32a785127	Merge pull request #217 from max/issue-24 Switch RedundantExpr query back to using AST instead of global value numbering.	2020-01-14 13:05:44 -08:00
Max Schaefer	36c620d1dd	Add tests and change note.	2020-01-13 08:37:01 +00:00
Max Schaefer	384d21b0e9	Switch RedundantExpr query back to using AST instead of global value numbers. Most current alerts (https://lgtm.com/rules/1510380685982/alerts/), while technically correct, are likely intentional and harmless. This change keeps only the interesting ones: https://lgtm.com/query/2999122885894714237	2020-01-10 14:46:54 +00:00

1 2

68 Commits