hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,218 Commits 1,741 Branches 165 Tags
64cf0906b552be44e987388e7fdbe47be5d0bd8b
Commit Graph

12218 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cornelius Riemenschneider
64cf0906b5 Address review. 
Most important fix is that VNLength is now restricted to the subset
of value numbers that are Bounds in the RangeAnalysis.
 2020-04-29 15:10:30 +02:00
Cornelius Riemenschneider
9d2533c8ab Fix bug in handling of subtractions. 2020-04-29 13:07:15 +02:00
Cornelius Riemenschneider
e6d193294a Experimental library that tracks the length of memory. 
For each pointer, we start tracking (starting from the allocation or an array declaration)
1) how long is the chunk of memory allocated
2) where the current pointer is in this chunk of memory.
This information might not always exist, but when it does, it is reliable.
Currently only works intraprocedurally.
 2020-04-29 12:55:54 +02:00
Cornelius Riemenschneider
55cd0fac5c Move useful helper predicate and types from RangeAnalysis to RangeUtils. 2020-04-29 12:55:54 +02:00
Jonas Jensen
de3fa8e68b Merge pull request #3337 from Cornelius-Riemenschneider/alloc-type 
C++: Allocation.qll: Provide getAllocatedElementType predicate for AllocationExprs.
 2020-04-29 11:55:02 +02:00
Anders Schack-Mulligen
b6a7ab8bf4 Merge pull request #3372 from aibaars/spring-multipart 
Java: add `org.springframework.web.multipart.MultipartFile::getX` as RemoteFlowSource
 2020-04-29 11:35:04 +02:00
semmle-qlci
62b7cbfdb4 Merge pull request #3377 from shati-patel/mergeback 
Approved by jf205
 2020-04-29 09:15:04 +01:00
Shati Patel
5c80cd5032 Merge branch 'rc/1.24' into mergeback 2020-04-29 08:05:53 +01:00
semmle-qlci
c104898694 Merge pull request #3376 from felicitymay/1.24/SD-57-update-url 
Approved by shati-patel
 2020-04-28 19:49:50 +01:00
Felicity Chapman
7af7e8b3b4 Update URL to new location 2020-04-28 18:18:54 +01:00
Arthur Baars
d7774788b3 Java: add Spring MultipartFile as RemoteFlowSource 2020-04-28 16:57:03 +02:00
Arthur Baars
ae2bab7e9c Add test case 2020-04-28 16:57:03 +02:00
Shati Patel
606360c5ed Merge pull request #3370 from shati-patel/sd-88 
Docs: Delete "Technical information" articles
 2020-04-28 14:58:28 +01:00
Shati Patel
0260202ded Merge pull request #3371 from shati-patel/typo 
Docs: Update link text
 2020-04-28 14:18:55 +01:00
Felicity Chapman
b80d22ca92 Merge pull request #3369 from felicitymay/1.24/SD-16-go-cookbook-link 
Add link to new Go cookbook space
 2020-04-28 14:15:43 +01:00
Shati Patel
e18357525f Fix link 2020-04-28 14:11:36 +01:00
Shati Patel
4d31291c01 Fix typo 
Update link text
 2020-04-28 14:04:23 +01:00
Shati Patel
9705e00676 Docs: Delete "Technical information" articles 2020-04-28 13:50:13 +01:00
Felicity Chapman
118c1c97b9 Add link to new Go cookbook space 2020-04-28 13:27:24 +01:00
Shati Patel
90cce2a2f4 Merge pull request #3367 from shati-patel/docs-links 
Docs: update outdated links
 2020-04-28 12:05:33 +01:00
Shati Patel
7a4b6a62d7 Update outdated links 2020-04-28 11:52:49 +01:00
Anders Schack-Mulligen
bc7163aa68 Merge pull request #3216 from aibaars/message-digest 
Java: teach Encryption.qll about MessageDigest.getInstance
 2020-04-28 11:41:53 +02:00
yo-h
97f4cb64ef Merge pull request #3349 from aschackmull/java/qldoc1 
Java: Improve qldoc coverage.
 2020-04-27 12:49:23 -04:00
Jonas Jensen
36221fe69a Merge pull request #3334 from MathiasVP/get-an-assigned-value-join-order 
C++: Fix join order in getAnAssignedValue
 2020-04-27 17:50:12 +02:00
jcreedcmu
12f264ca63 Merge pull request #3354 from dbartol/dbartol/Recommendation 
Recommend the CodeQL for VSCode extension
 2020-04-27 10:26:02 -04:00
Esben Sparre Andreasen
04b5a794f1 Merge pull request #3313 from esbena/js/typical-bad-sanitizer 
New query: Incomplete HTML attribute sanitization
 2020-04-27 14:31:13 +02:00
Mathias Vorreiter Pedersen
b1a94d8809 Merge branch 'master' into get-an-assigned-value-join-order 2020-04-27 14:11:30 +02:00
Tom Hvitved
d28c4fb0f5 Merge pull request #3202 from jbj/pathStep-join-unique 
Java/C++/C#: Use `unique` to improve join order fix
 2020-04-27 13:06:27 +02:00
Cornelius Riemenschneider
3f7d68178c Use stripTopLevelSpecifiers() to get the allocated element type for malloc(). 2020-04-27 12:46:14 +02:00
Cornelius Riemenschneider
92e8604fa1 Provide getAllocatedElementType predicate for AllocationExprs. 
This predicate tries to determine the type of the allocated elements of an allocation expression.
 2020-04-27 12:41:19 +02:00
Cornelius Riemenschneider
203315ae33 Assign malloc results in test to variables. 2020-04-27 12:40:35 +02:00
Esben Sparre Andreasen
c0250894de Apply suggestions from code review 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-27 12:37:39 +02:00
Geoffrey White
230e5a3a9a Merge pull request #3326 from Cornelius-Riemenschneider/alloc-size-mul 
C++: Allocation.qll: Analyze common pattern of malloc() invocations to provide more accurate getSizeMult()
 2020-04-27 11:18:54 +01:00
Jonas Jensen
20c956e0a9 Merge pull request #3320 from Semmle/rdmarsh/cpp/taint-tracking-util-port 
C++: move logic from DefaultTaintTracking into TaintTrackingUtil
 2020-04-27 11:34:03 +02:00
Taus
de08433bd3 Merge pull request #3212 from RasmusWL/python-fix-tests-filter 
Python: Fix (some) shortcomings of tests filter
 2020-04-27 11:26:35 +02:00
James Fletcher
73c29ec189 Merge pull request #3346 from jf205/sd-48 
Learn CodeQL docs: add note about path queries to data flow tutorials
 2020-04-27 09:12:51 +01:00
Cornelius Riemenschneider
a50d5b7c6a Accept changed test output. 2020-04-27 09:17:16 +02:00
Esben Sparre Andreasen
0a8e371b0e Update javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.qhelp 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-27 09:09:26 +02:00
semmle-qlci
cbe417f5eb Merge pull request #3336 from erik-krogh/MoarJQuery 
Approved by esbena
 2020-04-25 15:17:55 +01:00
Arthur Baars
59869ace63 Java: teach Encryption.qll about MessageDigest.getInstance 
We already modelled usage of the protected `MessageDigest(String algo)`
constructor as a crypto algorithm specification. For some reason we did
not model the more commonly used public `MessageDigest.getInstance` method.
 2020-04-25 00:41:10 +02:00
Robert Marsh
4eea62cbde Merge pull request #3345 from Cornelius-Riemenschneider/openssl-allocators 
C++: Allocation.qll: Add support for openssl allocation/deallocation functions.
 2020-04-24 14:48:05 -07:00
Dave Bartolomeo
5e09d6d02d Tell GitHub to allow JSON files with comments 2020-04-24 14:04:05 -04:00
Dave Bartolomeo
5180b44e1e Recommend the CodeQL for VSCode extension 
I've added a `.vscode/extensions.json` file that will automatically recommend the CodeQL for Visual Studio Code extension to anyone who opens the repo in VS Code (without the extension already installed).
 2020-04-24 13:46:35 -04:00
Mathias Vorreiter Pedersen
38ebb81036 Merge pull request #3352 from jbj/SuspiciousAddWithSizeof-select 
C++: Speed up SuspiciousAddWithSizeof select
 2020-04-24 18:27:25 +02:00
Jonas Jensen
5917ce60b7 Merge pull request #3342 from dbartol/dbartol/SyncTask 
Add a VS Code task to run `sync-files.py`
 2020-04-24 16:42:44 +02:00
Dave Bartolomeo
c539e84071 Update README.md with VSCode info 2020-04-24 10:36:16 -04:00
Taus
bcb980b3d5 Merge pull request #3302 from RasmusWL/python-str-taint-add-methods 
Python: Add taint for string methods
 2020-04-24 16:29:11 +02:00
Rasmus Wriedt Larsen
b2b0296120 Merge pull request #3242 from BekaValentine/python-objectapi-to-valueapi-incorrectlyoverridenmethod 
Python: ObjectAPI to ValueAPI: IncorrectlyOverriddenMethod
 2020-04-24 16:28:11 +02:00
semmle-qlci
4c7a5007d8 Merge pull request #3314 from RasmusWL/python-model-stdlib-http.server 
Approved by tausbn
 2020-04-24 15:27:21 +01:00
Dave Bartolomeo
97565fd90f Add Sync Identical Files tasks to build group 2020-04-24 10:24:17 -04:00