hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,672 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

2995 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
a761eea2dc Dataflow: Autoformat 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
4f2d2361a4 Dataflow: Eliminate TypedContent. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
5373b4d466 Dataflow: Remove superfluous predicates. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
b534e7b6d5 Dataflow: Remove superfluous columns 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
a2fa97ac22 Dataflow: Replace TypedContent with Content in access paths. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
123534a676 Dataflow: Eliminate front type in AccessPathFront. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
ff3e45e1ba Dataflow: Eliminate TypedContentApprox. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
748bcba0ae Dataflow: Eliminate now-redundant type in nil accesspath approximations. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
95b95e5c27 Dataflow: Duplicate type info for AccessPathApprox tails. 2023-04-27 14:52:24 +02:00
Anders Schack-Mulligen
52f50b8d9d Dataflow: Replace AccessPath push/pop with isCons. 2023-04-27 14:52:24 +02:00
Anders Schack-Mulligen
142479eeb7 Dataflow: Duplicate type info for AccessPath tails. 2023-04-27 14:52:24 +02:00
Anders Schack-Mulligen
69202d2dae Dataflow: Include type in post-stage-5 tail relation. 2023-04-27 14:52:24 +02:00
Anders Schack-Mulligen
933d2fbb9f Dataflow: Replace RevPartialAccessPath with the now identical PartialAccessPath. 2023-04-27 14:52:24 +02:00
Anders Schack-Mulligen
2cf58fccf7 Dataflow: Remove type from PartialAccessPath. 2023-04-27 14:52:24 +02:00
Anders Schack-Mulligen
e5d36ff461 Dataflow: Add type to stage 2-5 summary ctx. 2023-04-27 14:52:24 +02:00
Anders Schack-Mulligen
77b09f3660 Dataflow: Add type to partial flow summary context 2023-04-27 14:52:24 +02:00
Anders Schack-Mulligen
11c05257d4 Dataflow: Duplicate accesspath type info in partial flow. 2023-04-27 14:52:20 +02:00
Anders Schack-Mulligen
fd36304da2 Dataflow: Add type to PathNode.toString 2023-04-27 14:50:55 +02:00
Anders Schack-Mulligen
5a027b95bd Dataflow: Duplicate accesspath type info in PathNode and pathStep. 2023-04-27 14:33:33 +02:00
Anders Schack-Mulligen
209d9143be Dataflow: Add type column to filter predicate 2023-04-27 14:33:33 +02:00
Anders Schack-Mulligen
c79daf0116 Dataflow: Duplicate accesspath type info of the tail in cons relations. 2023-04-27 14:33:33 +02:00
Anders Schack-Mulligen
b84b1a46d6 Dataflow: Duplicate accesspath type info as separate column. 2023-04-27 14:33:33 +02:00
Anders Schack-Mulligen
cda26ba7c0 Dataflow: Split TypedContent in store relation. 2023-04-27 14:33:32 +02:00
Anders Schack-Mulligen
32a738b082 Dataflow: Add type to PathNode.toString. 2023-04-26 14:43:53 +02:00
Tony Torralba
1e66a544fd Promote exxperimental XXE sinks 2023-04-26 12:11:48 +02:00
Tony Torralba
8b65937159 Move ConstantStringExpr to RangeUtils.qll 2023-04-26 12:11:08 +02:00
Jami
cff7f63193 Merge pull request #12838 from jcogs33/jcogs33/add-class-for-callables-interesting-for-modeling 
Java: add class that represents callables that are interesting for MaD models
 2023-04-25 09:28:56 -04:00
Anders Schack-Mulligen
934a455908 Apply suggestions from code review 
Update qldoc.
 2023-04-25 09:35:26 +02:00
Jami Cogswell
85542638d7 Java: refactor CaptureModelsSpecific; resolve conflict for isInTestFile 2023-04-20 16:23:12 -04:00
Jami Cogswell
94f11029ee Java: refactor ExternalApi 2023-04-20 16:19:15 -04:00
Jami Cogswell
2ca8103a7e Java: remove isImplicitlyPublic predicate since not needed for this use-case 2023-04-20 16:19:15 -04:00
Jami Cogswell
5dbd11a584 Java: move veryPublic predicate 2023-04-20 16:19:15 -04:00
Jami Cogswell
9828ad0fc3 Java: add draft of class to represent callables we are interested in modeling 2023-04-20 16:19:15 -04:00
Jami Cogswell
2e76e12316 Java: add class and predicates to approximate an effectively public method 2023-04-20 16:19:15 -04:00
Michael Nebel
656d8d2451 Sync files. 2023-04-20 11:29:51 +02:00
Tony Torralba
f5702f5c69 Address review comment 
Handle more regex cases that cover line breaks
 2023-04-17 09:33:44 +02:00
Tony Torralba
e167d3ce00 Add line break sanitizers 2023-04-17 09:33:44 +02:00
Tony Torralba
f106783c39 SensitiveResultReceiverFlow needs to be public 2023-04-14 09:04:56 +02:00
Ed Minnix
7b56383b52 Make SensitiveResultReceiver modules private 2023-04-13 23:08:46 -04:00
Ed Minnix
0a26916245 Re-Add SensitiveResultReceiverConf as deprecated 2023-04-13 23:06:16 -04:00
Ed Minnix
0fc775027f Fix SensitiveResultReceiver test case 2023-04-13 23:06:16 -04:00
Ed Minnix
3826b9be6c Re-add allowImplicitRead 2023-04-13 23:06:16 -04:00
Ed Minnix
74b71ff7e3 Replace allowImplicitRead with default implementation 2023-04-13 23:06:16 -04:00
Ed Minnix
ea54ea47b1 Deprecate sensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
cd661f1d9f Refactor SensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
735a7383c6 Refactor HardcodedCredentialsSourceCall 2023-04-13 23:06:16 -04:00
Michael Nebel
52bc43b22b Merge pull request #12595 from michaelnebel/enhanceprovenance 
Java/C# : Enhance provenance.
 2023-04-13 14:27:53 +02:00
Tony Torralba
4c6df3fdb9 Merge pull request #12813 from atorralba/atorralba/java/sensitive-expr-fix-and-tests 
Java: Add tests for SensitiveActions and fix getCommonSensitiveInfoRegex
 2023-04-13 13:13:37 +02:00
Tony Torralba
d7feaf4098 Merge pull request #12685 from atorralba/atorralba/java/command-injection-mad 
Java: Add command-injection sink kind and refactor command injection queries
 2023-04-13 11:38:14 +02:00
Tony Torralba
485709a133 Fix getCommonSensitiveInfoRegex 2023-04-13 10:33:03 +02:00