hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
636 Commits 1,684 Branches 159 Tags
5dac94d24cd75f8e202540fa4b993f4d2fa3bb1d
Commit Graph

636 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
5dac94d24c Merge pull request #116 from gagliardetto/CWE-681 
CWE 681
 2020-05-12 11:59:08 +01:00
Slavomir
556f527193 Exclude results in test files 2020-05-12 13:12:47 +03:00
Slavomir
e5e74f34d7 Add note on why the zero is commented out in Lt32BitFlowConfig 2020-05-12 13:06:11 +03:00
Slavomir
623d5b3a97 Add comments 2020-05-12 13:00:50 +03:00
Slavomir
ea7c38c99c Remove references section from qhelp file 2020-05-12 13:00:27 +03:00
Slavomir
67a7294d10 Simplify and remove deprecated; add severity 2020-05-12 12:51:13 +03:00
Max Schaefer
3e830b69b5 Merge pull request #121 from porcupineyhairs/conditionBypass 
User-controlled bypass of a comparision
 2020-05-11 10:41:33 +01:00
Slavomir
5df81d3210 Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-05-11 12:37:14 +03:00
Porcupiney Hairs
b32ac2a47f fix tests 2020-05-11 04:51:17 +05:30
Porcupiney Hairs
4aba80b0bd include changes from review 2020-05-11 04:05:41 +05:30
Max Schaefer
0e779d0b64 Merge pull request #62 from max-schaefer/update-data-flow 
Port recent data-flow improvements
 2020-05-07 16:07:33 +01:00
Max Schaefer
994536e93b Add change note. 2020-05-07 11:46:31 +01:00
Max Schaefer
70f87b59d2 Data flow: Support stores into nodes that are not PostUpdateNodes. 
cf https://github.com/github/codeql/pull/3312
 2020-05-06 19:43:27 +01:00
Max Schaefer
fd2e618be2 Data flow: No more summaries 
cf https://github.com/github/codeql/pull/3110
 2020-05-06 19:43:27 +01:00
Max Schaefer
968d4d9cdd Revert the join order fix from https://github.com/github/codeql/pull/2872. 
cf https://github.com/github/codeql/pull/3202
 2020-05-06 19:43:27 +01:00
Max Schaefer
f2b43f65f9 Data flow: Exclude param-param flow through identical params. 
cf https://github.com/Semmle/ql/pull/3060
 2020-05-06 19:43:27 +01:00
Max Schaefer
aabe2f2f82 Data flow: No magic in returnFlowCallableCand. 
cf https://github.com/Semmle/ql/pull/3142
 2020-05-06 19:43:27 +01:00
Max Schaefer
c9ba6dd672 Fix up hasLocationInfo predicate. 2020-05-06 19:43:27 +01:00
Max Schaefer
5cd9168e4d Data flow: Refactoring + performance improvements 
cf https://github.com/Semmle/ql/pull/2903
 2020-05-06 19:43:27 +01:00
Max Schaefer
96120e1e35 Update expected output. 2020-05-06 19:43:27 +01:00
Max Schaefer
8d10a8dd5b Fix bug in type pruning. 
cf https://github.com/Semmle/ql/pull/3020
 2020-05-06 19:43:27 +01:00
Max Schaefer
d008d2a6a8 Fix performance issue in partial paths exploration. 
cf https://github.com/Semmle/ql/pull/3021
 2020-05-06 19:43:27 +01:00
Max Schaefer
1d4a993d87 Merge pull request #132 from max-schaefer/extends-this-class 
Fix copy-pasted typo.
 2020-05-06 19:42:55 +01:00
Max Schaefer
d6a5a72c01 Fix copy-pasted typo. 2020-05-06 13:54:28 +01:00
Sauyon Lee
164149b29a Merge pull request #129 from max-schaefer/fix-argument-post-update-nodes 
Fix and improve taint-tracking through function arguments
 2020-05-06 02:57:01 -07:00
Max Schaefer
08f5451fce Address review comments. 2020-05-06 07:32:15 +01:00
Max Schaefer
9f59777cc9 Merge pull request #119 from jcreedcmu/jcreed/jump-to-def-ide 
Add queries for ide search.
 2020-05-05 15:10:58 +01:00
Jason Reed
5653889a39 Exclude IDE queries from query suites. 2020-05-05 09:22:44 -04:00
Max Schaefer
2fb3d39f61 Merge pull request #128 from sauyon/mux 
Add support for Mux library
 2020-05-05 13:57:37 +01:00
Max Schaefer
a79f2b4f44 Add change note for CleartextLogging. 2020-05-05 12:05:09 +01:00
Max Schaefer
b177d58c88 Tweak test. 
The query under test isn't a `@problem` query, so we should refer to "alerts".
 2020-05-05 12:05:09 +01:00
Max Schaefer
60a6c96863 Simplify modeling of NewContent. 2020-05-05 12:05:09 +01:00
Max Schaefer
5a96b0e8ac Add two function models for handling MIME APIs. 2020-05-05 12:05:09 +01:00
Max Schaefer
be94f2b9e6 Improve and extend various standard-library function models. 2020-05-05 12:05:09 +01:00
Max Schaefer
ca0d9cc66e Merge pull request #127 from max-schaefer/clean-up-email-injection 
Clean up `EmailInjection.qll` and related libraries.
 2020-05-05 11:56:43 +01:00
Sauyon Lee
a841077cbe Add support for Mux library 2020-05-05 03:25:08 -07:00
Max Schaefer
54f10157b0 Update ql/src/semmle/go/frameworks/Email.qll 
Co-authored-by: Sauyon Lee <sauyon@github.com>
 2020-05-05 11:24:19 +01:00
Max Schaefer
e632c75de3 Add support for taint models involving "backwards" taint propagation from results to arguments. 2020-05-04 16:36:38 +01:00
Max Schaefer
5e8e51993e Simplify SmtpData. 2020-05-04 16:36:38 +01:00
Max Schaefer
5b0c48e332 Add taint models for fmt.Fprintf and io.WriteString. 2020-05-04 16:36:38 +01:00
Max Schaefer
d0e8d6efda Fix post-update nodes for function arguments. 2020-05-04 16:36:38 +01:00
Max Schaefer
b1899374b9 Merge pull request #126 from max-schaefer/new-style-change-notes 
Switch to new-style change notes.
 2020-05-04 15:42:24 +01:00
Max Schaefer
04a19b7150 Clean up EmailInjection.qll and related libraries. 2020-05-04 09:13:23 +01:00
porcupineyhairs
657108d598 Add Email Content Injection Query (#108) 
This adds a query for Email content injection issues.
It models the Golang's net/smtp library as well as
the Sendgrid email library (581 stars).
 2020-05-04 07:54:30 +01:00
Max Schaefer
980241603b Switch to new-style change notes. 2020-05-01 07:57:13 +01:00
Sauyon Lee
cd1d699208 Improve BadRedirectCheck query 
We now look for a path from the variable being checked to a redirect.

Additionally, several sources of false positives have been eliminated, and a model of relevant parts of the Macaron framework has been added.
 2020-05-01 07:13:16 +01:00
Slavomir
836b8965e2 Beautify .qhelp file 2020-04-30 16:59:30 +03:00
Slavomir
127cd3d003 Refactor query 2020-04-30 16:46:19 +03:00
Slavomir
b9fae2e5d0 Add newline 2020-04-30 16:46:19 +03:00
Slavomir
6f1f60896a autoformat 2020-04-30 16:46:19 +03:00