hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,962 Commits 1,741 Branches 165 Tags
533eeff7e8e145b8b7b82316242f248fabb2220d
Commit Graph

12962 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
533eeff7e8 C++: Fix MemoryLocation with multiple VirtualVariables 
While investigating a bug with `TInstruction` sharing, I discovered that we had a case where alias analysis could create two `VirtualVariable`s for the same `Allocation`. For an indirect parameter allocation, we were using the type of the pointer variable as the type of the indirect allocation, instead of just `Unknown`. If the `IRType` of the pointer variable was the same type as the type of at least one access to the indirect allocation, we'd create both an `EntireAllocationVirtualVariable` and a `VariableVirtualVariable` for the allocation.

I added a new consistency test to guard against this in the future. This also turned out to be the root cause of the one existing known consistency failure in the IR tests.
 2020-05-27 14:06:59 -04:00
semmle-qlci
674c184a97 Merge pull request #3566 from erik-krogh/XssAttributeSanitizer 
Approved by asgerf
 2020-05-27 15:45:41 +01:00
Erik Krogh Kristensen
33da82d884 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566 2020-05-27 12:21:14 +00:00
semmle-qlci
3cfc1e553c Merge pull request #3560 from erik-krogh/OptionalSanitizer 
Approved by asgerf
 2020-05-27 13:15:41 +01:00
Erik Krogh Kristensen
d05a61c745 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566 2020-05-27 12:12:08 +00:00
semmle-qlci
fd05314b2c Merge pull request #3531 from asger-semmle/js/node-version-check-notimeout 
Approved by esbena
 2020-05-27 11:13:22 +01:00
Erik Krogh Kristensen
3ae4e90902 change note 2020-05-27 09:45:49 +00:00
Mathias Vorreiter Pedersen
db557a45e7 Merge pull request #3570 from geoffw0/mysprintftest 
C++: Fix mysprintf in taint test
 2020-05-27 09:19:54 +02:00
yo-h
f952293ba0 Merge pull request #3526 from aschackmull/java/qltest-fps-nullness-rangeanalyis 
Java: Add a few qltest cases for nullness and range analysis FPs.
 2020-05-26 14:09:27 -04:00
Geoffrey White
95537ed26f C++: Fix mysprintf in test. 2020-05-26 18:06:14 +01:00
Geoffrey White
d96bf797ef C++: Test layout. 2020-05-26 18:06:06 +01:00
Erik Krogh Kristensen
319363f56c update expected output 2020-05-26 18:47:37 +02:00
Robert Marsh
2429e22709 Merge pull request #3548 from dbartol/github/codeql-c-analysis-team/69 
C++: Fix duplicate result types
 2020-05-26 09:44:12 -07:00
Erik Krogh Kristensen
63a14d1b96 use HtmlConcatenationLeaf 2020-05-26 18:33:29 +02:00
Geoffrey White
dea7be0884 Merge pull request #3557 from jbj/qldoc-external 
C++: QLDoc for legacy libraries in `external` dir
 2020-05-26 15:01:03 +01:00
Erik Krogh Kristensen
9b047f6f03 use the DOTALL flag 2020-05-26 14:53:33 +02:00
Erik Krogh Kristensen
fd561d1ce2 remove temporary comment 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-26 14:37:02 +02:00
Erik Krogh Kristensen
0c00331527 less -> fewer 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-26 14:30:29 +02:00
Erik Krogh Kristensen
124c4cb15e Merge branch 'master' of github.com:github/codeql into OptionalSanitizer 2020-05-26 13:59:57 +02:00
Erik Krogh Kristensen
e5afdc53be use HtmlSanitizerCall to recognize sanitizers 2020-05-26 13:34:49 +02:00
Erik Krogh Kristensen
3e3372be4b recognize DOMPurify.sanitize as a HTML sanitizer 2020-05-26 13:34:33 +02:00
Jonas Jensen
5deeda0337 Merge pull request #3387 from geoffw0/tostringperf 
C++: Eliminate recursion from toString().
 2020-05-26 13:24:43 +02:00
Calum Grant
f0499451d3 Merge pull request #3513 from hvitved/csharp/deprecate-override 
C#: Remove two deprecated predicates
 2020-05-26 12:22:41 +01:00
semmle-qlci
be5b343a0c Merge pull request #3564 from max-schaefer/js/reflective-argument-access 
Approved by asgerf
 2020-05-26 12:09:13 +01:00
Erik Krogh Kristensen
ad40c4b0f2 add a sanitizer guard for safe attribute string concatenations 2020-05-26 12:36:47 +02:00
Erik Krogh Kristensen
a9bea63019 recognize more HTML attribute concatenations 2020-05-26 12:36:24 +02:00
semmle-qlci
4b0354c4bc Merge pull request #3555 from max-schaefer/js/require-flow 
Approved by asgerf
 2020-05-26 10:54:21 +01:00
Max Schaefer
5b0a3b9673 JavaScript: Change "Less results" to "Fewer results" in change notes. 2020-05-26 10:49:30 +01:00
Max Schaefer
abfcc42133 JavaScript: Re-alphabetise change notes. 2020-05-26 10:49:30 +01:00
Max Schaefer
215682f67c JavaScript: Add change note. 2020-05-26 10:49:30 +01:00
Max Schaefer
7ddf5ced23 JavaScript: Update expected output for unrelated tests. 2020-05-26 10:49:30 +01:00
semmle-qlci
4b56229ca0 Merge pull request #3527 from esbena/js/fastify 
Approved by asgerf
 2020-05-26 10:44:59 +01:00
semmle-qlci
df205b617e Merge pull request #3539 from asger-semmle/js/capture-level-flow 
Approved by erik-krogh
 2020-05-26 10:42:14 +01:00
Max Schaefer
9d3a9d71f1 JavaScript: Add basic support for reasoning about reflective parameter accesses. 
Currently, only `arguments[c]` for a constant value `c` is supported.

This allows us to detect the prototype-pollution vulnerabilities in (old versions of) `extend`, `jquery`, and `node.extend`.
 2020-05-26 09:59:29 +01:00
Max Schaefer
a39e8b4802 JavaScript: Add test for FlowSteps::argumentPassing predicate. 2020-05-26 09:51:06 +01:00
Anders Schack-Mulligen
6bc9624a4c Merge pull request #3236 from luchua-bc/java-improper-url-validation 
Java: Improper url validation
 2020-05-26 09:48:44 +02:00
Mathias Vorreiter Pedersen
5fb76df44f Merge pull request #3556 from jbj/qldoc-CodeDuplication 
C++/JavaScript: Improve CodeDuplication.qll QLDoc
 2020-05-26 09:17:28 +02:00
semmle-qlci
64aefc612f Merge pull request #3554 from jbj/too-few-arguments-ambiguous 
Approved by dbartol
 2020-05-26 07:26:53 +01:00
Erik Krogh Kristensen
3f66c04e12 change note 2020-05-26 00:09:11 +02:00
Erik Krogh Kristensen
9254df1f78 sanitize optionally sanitized values 2020-05-26 00:09:11 +02:00
Erik Krogh Kristensen
8fac3a1403 add IsEmptyGuard to TaintTracking 2020-05-26 00:09:08 +02:00
Dave Bartolomeo
5c20d56134 Merge pull request #3558 from jbj/qldoc-default-objc 
C++: Properly deprecate objc.qll and default.qll
 2020-05-25 14:31:25 -04:00
Dave Bartolomeo
12688f80ce Merge pull request #3559 from jbj/vcs-remove 
C++: Remove VCS.qll and all queries using it
 2020-05-25 14:30:31 -04:00
Jonas Jensen
e28ed848a4 C++: Remove VCS.qll and all queries using it 
All these queries have been deprecated since 2018. There is
unfortunately no way to deprecate a library, but it's been years since
we populated any databases using the VCS library, so nobody should be
using it.
 2020-05-25 19:28:06 +02:00
Jonas Jensen
85df60ea65 C++: Replace import default with import cpp 
Some tests still used the old name for the top-level library.
 2020-05-25 19:07:28 +02:00
Jonas Jensen
5fc2a3de92 C++: QLDoc for default.qll and objc.qll 
These are both deprecated.
 2020-05-25 19:05:41 +02:00
Jonas Jensen
357e14b2d2 C++: QLDoc for legacy libraries in external dir 
These docs were taken from the corresponding files in JavaScript, and
parameter names were changed to match.
 2020-05-25 19:03:14 +02:00
Jonas Jensen
6fc9e1d84c C++/JavaScript: Improve CodeDuplication.qll QLDoc 
I took most of the docs from the corresponding predicates in
JavaScript's `CodeDuplication.qll`. Where JavaScript had a corresponding
predicate but didn't have QLDoc, I added new QLDoc to both.
 2020-05-25 18:59:48 +02:00
Taus
7716cff3d8 Merge pull request #3551 from RasmusWL/python-fix-upcoming-deprecation 
Python: Fix (upcoming) deprecation compiler-warnings
 2020-05-25 16:17:57 +02:00
semmle-qlci
8146073c74 Merge pull request #3553 from RasmusWL/python-fix-tainttracking-import 
Approved by tausbn
 2020-05-25 14:18:54 +01:00