hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 21:20:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,352 Commits 1,679 Branches 158 Tags
4ccfdef71d77e3567873fbaff3fc41bfd80658d7
Commit Graph

13352 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ubuntu
4ccfdef71d Add CodeQL query to detect Log Injection in JS code 2020-06-17 19:44:58 +02:00
ubuntu
22cb45beab Merge remote-tracking branch 'upstream/master' 2020-06-17 11:13:13 +02:00
ubuntu
3104f8a37b Remove Fields in PostMessageEvent 2020-06-16 18:30:00 +02:00
Alessio Della Libera
68b2a6c848 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:27:21 +02:00
Alessio Della Libera
8843522d14 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:26:42 +02:00
Alessio Della Libera
72dc6510b2 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:22:55 +02:00
Robert Marsh
ab327b989d Merge pull request #3713 from MathiasVP/flow-diff-test 
C++: Add test for differences between AST and IR field flow
 2020-06-16 09:09:46 -07:00
Jonas Jensen
e5e373cff2 Merge pull request #3673 from MathiasVP/assign-op-using-swap 
C++: Add tests for taint through swap
 2020-06-16 15:43:52 +02:00
semmle-qlci
07bff646d8 Merge pull request #3641 from asger-semmle/js/pre-call-graph-steps 
Approved by erik-krogh
 2020-06-16 13:41:55 +01:00
Mathias Vorreiter Pedersen
c30d1a618e C++: Add charpred to partial definition node classes in qltest 2020-06-16 09:55:37 +02:00
Jonas Jensen
d80a033bed Merge pull request #3719 from dbartol/github/codeql-c-analysis-team/69-consistency 
C++/C#: Fix a couple new consistency failures, and improve consistency messages
 2020-06-16 08:48:35 +02:00
Aditya Sharad
d7d00bddf6 Merge pull request #3718 from adityasharad/cpp/formatting-function-doc 
C++: Fix QLDoc on `FormattingFunction` library
 2020-06-15 08:39:16 -07:00
Dave Bartolomeo
881b3c8e33 C#: Fix IR consistency errors 
We were creating a `TranslatedFunction` even for functions that were not from source code, but then telling the IR package that those functions didn't have IR. This resulted in having prologue/epilogue instructions (e.g. `EnterFunction`, `ExitFunction`) with no enclosing `IRFunction`.
 2020-06-15 11:33:00 -04:00
Owen Mansel-Chan
f9db197e17 Merge pull request #3683 from owen-mc/improve-ast-class-reference-for-java 
Improve ast class reference for java
 2020-06-15 16:25:25 +01:00
Dave Bartolomeo
fecffab8e7 C++: Fix consistency error 
`TTranslatedAllocationSideEffects` wasn't limiting itself to functions that actually have IR, so it was getting used even in template definitions.
 2020-06-15 10:47:00 -04:00
Dave Bartolomeo
8cbc7e8654 C++/C#: Improve consistency failure result messages 
Some of our IR consistency failure query predicates already produced results in the schema as an `@kind problem` query, including `$@` replacements for the enclosing `IRFunction` to make it easier to figure out which function to dump when debugging. This change moves the rest of the query predicates in `IRConsistency.qll` to do the same. In addition, it wraps each call to `getEnclosingIRFunction()` to return an `OptionalIRFunction`, which can be either a real `IRFunction` or a placeholder in case `getEnclosingIRFunction()` returned no results. This exposes a couple new consistency failures in `syntax-zoo`, which will be fixed in a subsequent commit.

This change also deals with consistency failures when the enclosing `IRFunction` has more than one `Function` or `Location`. For multiple `Function`s, we concatenate the function names. For multiple `Location`s, we pick the first one in lexicographical order. This changes the number of results produced in the existing tests, but does't change the actual number of problems.
 2020-06-15 10:46:46 -04:00
semmle-qlci
3728e1afd3 Merge pull request #3715 from asger-semmle/js/returned-functions 
Approved by erik-krogh, esbena
 2020-06-15 15:32:54 +01:00
Aditya Sharad
1033d22d1b C++: Fix QLDoc on FormattingFunction library 
Copy-paste typo from `DataFlowFunction`.
 2020-06-15 07:32:53 -07:00
Shati Patel
3520f2c737 Merge pull request #3714 from shati-patel/name-res-114 
QL handbook: Update process for module resolution
 2020-06-15 15:29:56 +01:00
Shati Patel
947ccb06c7 Update docs/language/ql-handbook/name-resolution.rst 
Co-authored-by: Henning Makholm <hmakholm@github.com>
 2020-06-15 15:15:44 +01:00
Shati Patel
e69c946f31 Mention libraryPathDependencies 2020-06-15 14:56:57 +01:00
Asger Feldthaus
17010e25a1 JS: Update another test 2020-06-15 13:55:46 +01:00
semmle-qlci
57c8dd85a4 Merge pull request #2801 from esbena/js/bulky-route-handler-registration 
Approved by asgerf
 2020-06-15 13:06:22 +01:00
Asger Feldthaus
4b3faabcc8 JS: Autoformat 2020-06-15 11:16:55 +01:00
Asger Feldthaus
c4179eb81d JS: Update test 2020-06-15 11:13:20 +01:00
Asger Feldthaus
c7f74e47e2 JS: Autoformat 2020-06-15 09:51:42 +01:00
Calum Grant
0d1fb0f248 Merge pull request #3509 from hvitved/csharp/html-raw 
C#: Recognize more calls to `IHtmlHelper.Raw`
 2020-06-15 09:31:58 +01:00
Shati Patel
3dd529035d QL reference: Update process for name resolution 2020-06-15 08:45:30 +01:00
Mathias Vorreiter Pedersen
6748f3887e C++: Add test demonstrating differences between AST and IR field flow. Also refactored the partial definitions test 2020-06-15 09:39:15 +02:00
Max Schaefer
cafbe14dc8 Merge pull request #3703 from shati-patel/mergeback 
Merge rc/1.24 into master
 2020-06-12 11:37:47 +01:00
Shati Patel
07d5ee6126 Merge branch 'rc/1.24' into mergeback 2020-06-12 11:30:47 +01:00
Asger Feldthaus
4c536dde20 JS: Propagate locally returned functions out of calls 2020-06-12 10:07:37 +01:00
Asger Feldthaus
6531db3cca JS: Add test 2020-06-12 09:56:38 +01:00
Anders Schack-Mulligen
041af38934 Merge pull request #3697 from intrigus-lgtm/patch-1 
Fix typo
 2020-06-12 10:04:40 +02:00
semmle-qlci
6f40fc2eae Merge pull request #3678 from Marcono1234/patch-1 
Approved by shati-patel
 2020-06-12 08:49:53 +01:00
Jonas Jensen
abd05bcff1 Merge pull request #3596 from robertbrignull/more-suites 
Add more code-scanning suites
 2020-06-12 09:08:20 +02:00
semmle-qlci
035d8ea24c Merge pull request #3690 from asger-semmle/js/fix-lgtm-filters-comment 
Approved by max-schaefer
 2020-06-12 07:40:58 +01:00
Marcono1234
7cd6dd27a6 Add link to Java regex Pattern documentation to language.rst 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-06-11 23:02:59 +02:00
intrigus-lgtm
422b059aec Fix typo 2020-06-11 22:54:13 +02:00
Mathias Vorreiter Pedersen
b78c06559e Merge pull request #3691 from geoffw0/reftest 
C++: Add a test case for CWE-114 involving pointers and references.
 2020-06-11 22:02:45 +02:00
Robert Marsh
ae46a8d8a1 Merge pull request #3692 from igfoo/blockstmt 
C++: Fix reference to `Block`
 2020-06-11 09:49:19 -07:00
Ian Lynagh
fd88289e46 C++: Fix reference to Block 
We don't call it `BlockStmt`.
 2020-06-11 16:50:23 +01:00
Asger Feldthaus
475c631ff9 JS: Fix a misleading javadoc comment 2020-06-11 16:16:51 +01:00
semmle-qlci
c2de54f5ca Merge pull request #3685 from shati-patel/ast-go-edits 
Approved by felicitymay, owen-mc
 2020-06-11 12:43:20 +01:00
Shati Patel
2874050503 CodeQL for Go: Edit AST reference 2020-06-11 10:49:19 +01:00
Tom Hvitved
ca531cbb9a C#: Rename a class 2020-06-11 11:26:25 +02:00
Tom Hvitved
8395980fb1 C#: Recognize more calls to IHtmlHelper.Raw 
Generalize logic by recognizing not only calls to
`Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw()`, but calls to all `Raw()`
methods that implement `Microsoft.AspNetCore.Mvc.Rendering.IHtmlHelper.Raw()`.
 2020-06-11 11:26:25 +02:00
Owen Mansel-Chan
ab52010674 Give general syntax instead of examples for exprs 2020-06-11 10:06:46 +01:00
Owen Mansel-Chan
3ca5d34d9b Add more links to java AST class reference 
Using the explicit hyperlink target feature of rst to keep the text in
the tables short and put all the URLs at the end of the document
 2020-06-11 10:06:46 +01:00
Owen Mansel-Chan
84a4630eaf Move explicit hyperlink targets to the bottom 2020-06-11 10:06:42 +01:00