hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
199 Commits 1,684 Branches 159 Tags
69edfe08dfd0b613ed237dedd979ff39f8407da8
Commit Graph

141 Commits

Author SHA1 Message Date
Max Schaefer
69edfe08df Make regular expression for format strings more precise. 2020-02-07 11:05:44 +00:00
Max Schaefer
8b0d271717 Locally resolve calls to function expressions. 2020-02-07 11:05:44 +00:00
Max Schaefer
f6305f019d Minor refactoring. 2020-02-07 11:05:44 +00:00
Max Schaefer
46a8f8c8ed Remove Function.getACallExpr. 2020-02-07 11:05:44 +00:00
Max Schaefer
39b7272241 Teach Function.getACall to take virtual dispatch into account. 2020-02-07 11:05:44 +00:00
Max Schaefer
84002f585e Remove CallExpr.getACallee(). 2020-02-07 11:05:44 +00:00
Max Schaefer
cf0e38b22c Move virtual dispatch resolution from CallExpr to CallNode and generalise it very slightly. 2020-02-07 11:05:44 +00:00
Max Schaefer
253a394ae0 Make CallNode.getCalleeName() more robust to missing type information. 2020-02-07 11:05:44 +00:00
Max Schaefer
93a84684a5 Remove predicate CallExpr.calls. 
This sort of reasoning should be done at the data-flow level.
 2020-02-07 11:05:44 +00:00
Max Schaefer
9400442bea Add call graph test. 
This test uses annotations to encode the expected output directly into the source, hence the `.expected` files are trivial.
 2020-02-07 11:05:41 +00:00
Sauyon Lee
3c88eab84c Merge pull request #229 from max/string-break 
Add query to find unsafe quoting
 2020-02-03 09:47:36 -08:00
Max Schaefer
af3d91ffd3 Add query StringBreak. 2020-02-03 09:01:40 +00:00
Max Schaefer
63ca382a0c Reorganise modelling of string concatenation. 2020-02-03 09:01:40 +00:00
Max Schaefer
3afce956ab Remove deprecated flow predicates. 2020-01-30 11:45:19 +00:00
Sauyon Lee
41d04f3d96 Revert "Add DataFlow2" 
This reverts commit 6a0203f33303847d9e7006ca67b1dba31428748b.
 2020-01-28 13:01:37 -08:00
Sauyon Lee
478f906d7a HTTP: Use Field.getQualifiedName in UserControlledRequestField 
Also autoformat.
 2020-01-28 13:01:36 -08:00
Sauyon Lee
d2e5322b94 Apply review comments 2020-01-28 13:01:35 -08:00
Sauyon Lee
3eee780fdd TaintTracking: minor functionNodeStep call improvement 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2020-01-28 13:01:34 -08:00
Sauyon Lee
9af436566f OpenUrlRedirect: Use a data-flow configuration to track whole URLs 2020-01-28 13:01:33 -08:00
Sauyon Lee
a2b5bb85ab OpenUrlRedirect: Fix test compilation 2020-01-28 13:01:19 -08:00
Sauyon Lee
e17f548780 Add DataFlow2 2020-01-28 12:59:47 -08:00
Sauyon Lee
30d2fb0b7f TaintTracking: Make functionModelStep take a FunctionModel 
This makes using only some function models easier.
 2020-01-28 12:59:46 -08:00
Sauyon Lee
260b33be7e OpenUrlRedirect: Add untrusted methods 
Also use more up-to-date data-flow APIs
 2020-01-28 12:59:45 -08:00
Sauyon Lee
abfdd7ee1e OpenUrlRedirect: make functions like isValidRedirect barrier guards 2020-01-28 12:59:44 -08:00
Sauyon Lee
82635a46ad OpenUrlRedirect: only make some parts of the URL untrusted 2020-01-28 12:59:43 -08:00
Max Schaefer
2b92cd5ba5 Merge pull request #209 from sauyon/bad-redirect-sanitiser 
Bad redirect sanitiser
 2020-01-28 20:11:46 +00:00
Sauyon Lee
aa33595b0f Address review comments 2020-01-28 08:26:37 -08:00
Sauyon Lee
497bfeee83 BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity 2020-01-27 17:33:54 -08:00
Sauyon Lee
f897f68ead SsaWithFilds: Add a getQualifiedName predicate 2020-01-27 17:33:53 -08:00
Sauyon Lee
a31ad88fc9 BadRedirectSanitizer: Transition to using data-flow API 2020-01-27 17:33:53 -08:00
Sauyon Lee
abc9438cd3 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2020-01-27 17:33:52 -08:00
Sauyon Lee
3a73658a9c BadRedirectSanitizer: Bind e to hp 
Address doc review comments
 2020-01-27 17:33:51 -08:00
Sauyon Lee
aa28724f7c Add BadRedirectCheck query 2020-01-27 17:33:50 -08:00
Sauyon Lee
9c6aa80718 Move OpenUrlRedirect tests into their own directory 2020-01-27 17:33:49 -08:00
Sauyon Lee
c889cb3501 Add getAnOperand to OperatorExpr 2020-01-27 17:33:48 -08:00
Sauyon Lee
edecb4e128 Merge pull request #227 from max/redundant-expr-bug 
Fix hash-consing of literals
 2020-01-27 11:35:40 -08:00
Max Schaefer
3c1a68ee8f Fix hash-consing of literals. 
We shouldn't rely on the literal value given in the `literals` table, but use the exact value (where available) instead.
 2020-01-27 12:05:48 +00:00
Sauyon Lee
496ad5d051 Merge pull request #226 from max/fix-classify-files-regex 
Fix regex in ClassifyFiles.
 2020-01-24 21:01:01 -08:00
Max Schaefer
d293388172 Add failing test case for RedundantExpr. 2020-01-24 16:20:08 +00:00
Max Schaefer
77b86150d6 Fix regex in ClassifyFiles. 
`Comment.getText()` does not include the delimiter.
 2020-01-24 14:05:13 +00:00
Max Schaefer
c30b1d98ea Address review comments. 2020-01-24 10:26:59 +00:00
Max Schaefer
ebea811a83 Add example queries. 2020-01-24 10:26:59 +00:00
Sauyon Lee
2bd88d5b61 Merge pull request #225 from max/impossible-interface-nil-check-robustness 
Make ImpossibleInterfaceNilCheck more robust.
 2020-01-23 16:06:03 -08:00
Sauyon Lee
3a53269a52 Merge pull request #223 from max/update-dataflow 
Add support for taint-getter/setter summaries in data flow.
 2020-01-23 16:03:05 -08:00
Sauyon Lee
a6a8375ae5 Merge pull request #224 from max/make-implicit-deref-explicit 
Make implicit dereferences explicit
 2020-01-23 00:50:18 -08:00
Max Schaefer
47104a3db8 Add explanatory comment. 2020-01-23 08:14:57 +00:00
Max Schaefer
5895c6ac69 Fix typo. 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-01-23 08:10:20 +00:00
Sauyon Lee
fe23f88468 Merge pull request #221 from max/cleanup 
Minor fixes
 2020-01-22 00:52:58 -08:00
Max Schaefer
fe56c207a3 Make ImpossibleInterfaceNilCheck more robust. 
It no longer flags alerts that may be simply caused by missing type information.
 2020-01-21 10:04:57 +00:00
Max Schaefer
baeae0f69c Add a few variants to test. 2020-01-21 09:56:59 +00:00