hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
199 Commits 1,684 Branches 159 Tags
69edfe08dfd0b613ed237dedd979ff39f8407da8
Commit Graph

66 Commits

Author SHA1 Message Date
Max Schaefer
9400442bea Add call graph test. 
This test uses annotations to encode the expected output directly into the source, hence the `.expected` files are trivial.
 2020-02-07 11:05:41 +00:00
Sauyon Lee
3c88eab84c Merge pull request #229 from max/string-break 
Add query to find unsafe quoting
 2020-02-03 09:47:36 -08:00
Max Schaefer
af3d91ffd3 Add query StringBreak. 2020-02-03 09:01:40 +00:00
Max Schaefer
63ca382a0c Reorganise modelling of string concatenation. 2020-02-03 09:01:40 +00:00
Sauyon Lee
d2e5322b94 Apply review comments 2020-01-28 13:01:35 -08:00
Sauyon Lee
a2b5bb85ab OpenUrlRedirect: Fix test compilation 2020-01-28 13:01:19 -08:00
Sauyon Lee
abfdd7ee1e OpenUrlRedirect: make functions like isValidRedirect barrier guards 2020-01-28 12:59:44 -08:00
Sauyon Lee
82635a46ad OpenUrlRedirect: only make some parts of the URL untrusted 2020-01-28 12:59:43 -08:00
Max Schaefer
2b92cd5ba5 Merge pull request #209 from sauyon/bad-redirect-sanitiser 
Bad redirect sanitiser
 2020-01-28 20:11:46 +00:00
Sauyon Lee
497bfeee83 BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity 2020-01-27 17:33:54 -08:00
Sauyon Lee
f897f68ead SsaWithFilds: Add a getQualifiedName predicate 2020-01-27 17:33:53 -08:00
Sauyon Lee
a31ad88fc9 BadRedirectSanitizer: Transition to using data-flow API 2020-01-27 17:33:53 -08:00
Sauyon Lee
aa28724f7c Add BadRedirectCheck query 2020-01-27 17:33:50 -08:00
Sauyon Lee
9c6aa80718 Move OpenUrlRedirect tests into their own directory 2020-01-27 17:33:49 -08:00
Sauyon Lee
edecb4e128 Merge pull request #227 from max/redundant-expr-bug 
Fix hash-consing of literals
 2020-01-27 11:35:40 -08:00
Sauyon Lee
496ad5d051 Merge pull request #226 from max/fix-classify-files-regex 
Fix regex in ClassifyFiles.
 2020-01-24 21:01:01 -08:00
Max Schaefer
d293388172 Add failing test case for RedundantExpr. 2020-01-24 16:20:08 +00:00
Max Schaefer
77b86150d6 Fix regex in ClassifyFiles. 
`Comment.getText()` does not include the delimiter.
 2020-01-24 14:05:13 +00:00
Max Schaefer
ebea811a83 Add example queries. 2020-01-24 10:26:59 +00:00
Sauyon Lee
2bd88d5b61 Merge pull request #225 from max/impossible-interface-nil-check-robustness 
Make ImpossibleInterfaceNilCheck more robust.
 2020-01-23 16:06:03 -08:00
Sauyon Lee
a6a8375ae5 Merge pull request #224 from max/make-implicit-deref-explicit 
Make implicit dereferences explicit
 2020-01-23 00:50:18 -08:00
Sauyon Lee
fe23f88468 Merge pull request #221 from max/cleanup 
Minor fixes
 2020-01-22 00:52:58 -08:00
Max Schaefer
fe56c207a3 Make ImpossibleInterfaceNilCheck more robust. 
It no longer flags alerts that may be simply caused by missing type information.
 2020-01-21 10:04:57 +00:00
Max Schaefer
baeae0f69c Add a few variants to test. 2020-01-21 09:56:59 +00:00
Max Schaefer
6671b61fd3 Model panic from out-of-bounds index expression. 2020-01-21 09:56:59 +00:00
Max Schaefer
a2879dc754 Model implicit dereferences in data flow. 2020-01-21 09:56:59 +00:00
Max Schaefer
ba9d2fb2eb Add IR instructions to model implicit pointer dereferences. 2020-01-21 09:56:59 +00:00
Max Schaefer
1d33a619d9 Add failing test case. 2020-01-20 20:46:12 +00:00
Sauyon Lee
471d843025 Merge pull request #222 from max/switch-guard-nodes 
Switch guard nodes
 2020-01-17 21:44:59 +00:00
Max Schaefer
2558e67c2b Give entities a location. 2020-01-17 13:08:43 +00:00
Max Schaefer
98c7c4a255 Autoformat. 2020-01-17 10:25:10 +00:00
Sauyon Lee
aa9489ea28 Merge pull request #218 from max/field-refs 
Fix handling of references to fields and methods
 2020-01-16 14:26:55 -08:00
Max Schaefer
b7a830593d Correctly create extract nodes for returns where we cannot infer the type of the returned expression, but know from context that it must be a tuple type. 2020-01-15 10:22:29 +00:00
Sauyon Lee
f32a785127 Merge pull request #217 from max/issue-24 
Switch RedundantExpr query back to using AST instead of global value numbering.
 2020-01-14 13:05:44 -08:00
Max Schaefer
3d508d44e7 Fix global value numbering. 2020-01-14 20:44:13 +00:00
Max Schaefer
2fdd45255c Add two new tests. 2020-01-14 17:06:42 +00:00
Max Schaefer
61976d8dea Fix code that does not account for the fact that Field is a subtype of ValueEntity. 2020-01-14 15:52:48 +00:00
Max Schaefer
efc72fa01a Remove Entity.getAUse() and replace uses with getAReference(). 
The former had result type `Ident`, so it wouldn't pick up references to methods and fields. Apart from that, it is subsumed by the latter anyway.
 2020-01-14 07:15:43 +00:00
Max Schaefer
36c620d1dd Add tests and change note. 2020-01-13 08:37:01 +00:00
Max Schaefer
384d21b0e9 Switch RedundantExpr query back to using AST instead of global value numbers. 
Most current alerts (https://lgtm.com/rules/1510380685982/alerts/), while technically correct, are likely intentional and harmless. This change keeps only the interesting ones: https://lgtm.com/query/2999122885894714237
 2020-01-10 14:46:54 +00:00
Max Schaefer
c60ddb0f7c Model Header.Get as a source of untrusted input. 2020-01-10 12:29:18 +00:00
Max Schaefer
1cafec56ad Add condition guard nodes for some switch statements. 
We now create condition guard nodes for `cond1` and `cond2` in

```
switch {
case cond1:
  s1
case cond2:
  s2
default:
  s3
}
```

to record the fact that `cond1` is known to be true at `s1` and false at `cond2`, and that `cond2` is known to be true at `s2` and false at `default`.
 2020-01-10 10:37:51 +00:00
Max Schaefer
e7514bf133 Add new test cases for CFG construction. 2020-01-09 17:20:39 +00:00
Max Schaefer
0d2fe473d7 Add IncompleteUrlSchemeCheck query. 2020-01-07 14:46:49 +00:00
Max Schaefer
9cff56b975 Rename StringConcatenation.qll to StringOps.qll and add HasPrefix class. 2020-01-07 14:46:49 +00:00
Max Schaefer
6f82310a9e Alert suppression through single-line /* */ style comments. 2020-01-02 14:34:11 +00:00
Max Schaefer
1df3585c92 Merge pull request #204 from Semmle/rc/1.23 
Merge rc/1.23 into master
 2019-12-11 10:28:00 +00:00
Max Schaefer
46c4670796 Make HardcodedCredentials query less noisy. 
Considering "cert" and "account" to be sensitive leads to a massive number of false positives, especially on cockroach and kubernetes.
 2019-12-10 14:14:36 +00:00
Sauyon Lee
10907c8b04 IncompleteHostnameRegexp: disallow unescaped dot before TLD 2019-12-09 08:47:17 -08:00
Sauyon Lee
bc8974d32d Merge pull request #201 from max/update-data-flow 
Update data flow and taint-tracking libraries
 2019-12-06 18:26:27 -08:00