hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
20,261 Commits 1,742 Branches 166 Tags
7142ddcb25cdad191e8d1a302b3bc4c465f9be7c
Commit Graph

20261 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
b4e6f92505 rearange ArrayIndexingStep to avoid #shared predicate 2021-02-23 09:52:50 +01:00
yo-h
6213c20bc3 Merge pull request #5136 from aschackmull/java/csv-models 
Java: Add support for framework modelling through csv data.
 2021-02-22 19:00:41 -05:00
CodeQL CI
73e7b54bf1 Merge pull request #5214 from tausbn/actions-add-change-note-checker 
Approved by adityasharad
 2021-02-22 11:24:51 -08:00
Geoffrey White
362c12caea Merge pull request #5217 from MathiasVP/model-bsd-sockets-part-3 
C++: Implement models for poll, accept and select
 2021-02-22 18:34:59 +00:00
Owen Mansel-Chan
110f4072fd Merge pull request #5222 from owen-mc/update-go-supported-frameworks 
Update supported go frameworks
 2021-02-22 15:49:54 +00:00
Owen Mansel-Chan
31d6dbb9da Update supported go frameworks 2021-02-22 15:38:56 +00:00
Rasmus Wriedt Larsen
e160c855ad Merge pull request #5233 from yoff/python-for-tuple-iteration 
Python: `for`-iteration of tuples
 2021-02-22 15:28:13 +01:00
Rasmus Wriedt Larsen
127e778970 Merge pull request #5215 from github/RasmusWL/fix-acronym-style 
Style Guide: Fix two-letter acronym
 2021-02-22 15:05:26 +01:00
Rasmus Wriedt Larsen
5249b54a9b Python: Highlight missing flow from default value in functions 
Although it is becoming non-trivial to get an overview of what tests we have and
don't have, I didn't find any that highlighted this one

I used all 3 variants of parameters, just to be sure :)
 2021-02-22 14:52:51 +01:00
CodeQL CI
0a0bdcca4d Merge pull request #5204 from erik-krogh/inGuard 
Approved by asgerf
 2021-02-22 02:52:11 -08:00
Asger F
b8e1987cad Update javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.html 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-02-22 10:08:56 +00:00
Taus Brock-Nannestad
439f9f1d90 Actions: More cleanup 
Removes the checkout action, as this is no longer needed, and folds
the `grep` into `jq`.
 2021-02-22 11:05:54 +01:00
Asger Feldthaus
e964771e9c JS: Add test 2021-02-22 09:47:21 +00:00
Mathias Vorreiter Pedersen
f908d2f1de C++: Remove hasTaintFlow from poll and select functions. 2021-02-22 08:54:43 +01:00
Taus Brock-Nannestad
4680b25f23 Actions: Remove dependence on external actions 2021-02-21 15:14:33 +01:00
Rasmus Lerchedahl Petersen
d23a8ad016 Python: elide test output 2021-02-21 13:12:54 +01:00
Rasmus Lerchedahl Petersen
46faba69ff Python: Fix for-iteration of tuples 2021-02-21 12:41:16 +01:00
Rasmus Lerchedahl Petersen
0aecf33fe6 Python: test iteration through overflow parameters 
These are in a tuple, so the for-step does not fire
 2021-02-21 12:33:04 +01:00
Asger Feldthaus
e9c0f170a1 JS: Restrict names of extracted HTML attributes 2021-02-19 23:28:28 +00:00
Erik Krogh Kristensen
e6009ea8e0 cache getType 2021-02-19 21:25:48 +01:00
Erik Krogh Kristensen
772e78e386 change TypeInference related join-order in module-import predicates 2021-02-19 21:25:44 +01:00
Mathias Vorreiter Pedersen
576a872316 C++: Address review comments. 2021-02-19 20:24:02 +01:00
Mathias Vorreiter Pedersen
f65843a273 Merge pull request #5221 from geoffw0/cwe676 
C++: Add CWE-676 tag.
 2021-02-19 17:51:54 +01:00
Taus Brock-Nannestad
ca48e57e30 Actions: Peg external actions to specific SHAs 2021-02-19 16:50:08 +01:00
Tamas Vajk
e1b90912de Limit C# codeql analysis to the csharp folder 2021-02-19 16:13:22 +01:00
Geoffrey White
79338052ad C++: Add CWE-676 tag. 2021-02-19 14:55:31 +00:00
Shati Patel
d490bea9a9 Merge pull request #5211 from shati-patel/docs-telemetry 
Docs (CodeQL for VS Code): Move info about telemetry into codeql.github.com
 2021-02-19 13:59:18 +00:00
Shati Patel
97eb98e9eb Emphasize that telemetry is disabled by default 2021-02-19 13:42:47 +00:00
Mathias Vorreiter Pedersen
fef824c37a C++: Implement models for poll, accept and select. 2021-02-19 14:03:54 +01:00
Taus Brock-Nannestad
6095138acc Actions: Address comments on change note CI check 
- Fail the CI check if change note is missing.
- Disregards changes outside of `*/ql/src`.
- Runs the workflow on label changes, and upon moving the PR out of
  draft mode.
- Only fails the CI check if the PR is out of draft.
- Changes label to `no-change-note-required`.
 2021-02-19 13:55:35 +01:00
Felicity Chapman
f9ff1f2c9c Remove personal assignment 
This is part of the work to revise the process for requesting docs content team reviews on pull requests.
 2021-02-19 11:38:15 +00:00
Rasmus Wriedt Larsen
a19da54c9e Python: Exclude flask.request imports as RemoteFlowSource 
When I changed the taint modeling in 19b7ea8d85, that obviously also means that
some of the related locations for alerts will change. So that's why all the
examples needs to be updated.

Besides this, I had to fix a minor problem with having too many alerts. If
running a query agaisnt code like in the example below, there would be 3 alerts,
2 of them originating from the import.

```
from flask import Flask, request
app = Flask(__name__)
@app.route("/route")
def route():
    SINK(request.args.get['input'])
```

The 2 import sources where:

- ControlFlowNode for ImportMember
- GSSA Variable request

I removed these from being a RemoteFlowSource, as seen in the diff.

I considered restricting `FlaskRequestSource` so it only extends
`DataFlow::CfgNode` (and make the logic a bit simpler), but I wasn't actually
sure if that was safe to do or not... If you know, please let me know :)
 2021-02-19 12:22:05 +01:00
Rasmus Wriedt Larsen
9798e60d0f Merge pull request #5203 from tausbn/python-add-typebacktrackers 
Python: Add `TypeBackTracker`
 2021-02-19 12:02:53 +01:00
Rasmus Wriedt Larsen
6ad3ce19d7 Style Guide: Fix two-letter acronym 
The old text was based on what was in the [Dart guideline](https://dart.dev/guides/language/effective-dart/style#do-capitalize-acronyms-and-abbreviations-longer-than-two-letters-like-words) and was not adjusted in the PR when we changed our inspiration to be the [.NET guideline](https://docs.microsoft.com/en-us/dotnet/standard/design-guidelines/capitalization-conventions) -- (it was only changed in the examples in our internal discussion)
 2021-02-19 11:51:45 +01:00
Anders Schack-Mulligen
9721182523 Merge pull request #5080 from github/RasmusWL/naming-for-acronyms 
Update CodeQL Style guide to mention acronyms
 2021-02-19 11:38:25 +01:00
Taus Brock-Nannestad
03d3f2c8e8 Actions: Add change note checker 2021-02-19 10:16:50 +01:00
Anders Schack-Mulligen
dae65f687a Merge pull request #5150 from Marcono1234/marcono1234/conditional-expr-branch 
Java: Add ConditionalExpr.getBranchExpr(boolean)
 2021-02-19 10:12:43 +01:00
Rasmus Wriedt Larsen
779a464dad Update ql-style-guide.md to not mention abbreviation 
This rule is only really intended for acronyms, and not abbreviations in general (like `Stmt` instead of `Statement`).
 2021-02-18 17:54:59 +01:00
Rasmus Wriedt Larsen
12511440fe Update ql-style-guide.md 
Replacing the HTTP example with a SSA variable example. I didn't want to keep both, to not bloat this section.
 2021-02-18 17:52:24 +01:00
Geoffrey White
c4cca83019 Merge pull request #5196 from MathiasVP/fix-dataflow-regression-const-member-function 
C++: Fix missing dataflow "out of" const member functions
 2021-02-18 16:43:38 +00:00
Shati Patel
4dd1be5ba1 Polish headings and formatting 2021-02-18 15:45:17 +00:00
Shati Patel
28848ecf32 Link to new article 2021-02-18 15:44:17 +00:00
Erik Krogh Kristensen
814b5577f5 improve join-order for Configuration::barrierGuardBlocksEdge 2021-02-18 16:43:43 +01:00
Erik Krogh Kristensen
33f310b91e use manual recursion in Refinements::inGuard 2021-02-18 16:42:40 +01:00
CodeQL CI
f81860c402 Merge pull request #5200 from erik-krogh/apiJoin 
Approved by max-schaefer
 2021-02-18 07:40:38 -08:00
CodeQL CI
3062f4160a Merge pull request #5207 from github/RasmusWL/js-backtrack-grammar 
Approved by erik-krogh
 2021-02-18 07:11:23 -08:00
Rasmus Wriedt Larsen
cc72fc82f0 Merge branch 'main' into flask-clean-models 2021-02-18 16:08:18 +01:00
Rasmus Wriedt Larsen
9a42f2fb26 Python: Add missing QLdoc for FlaskMethodViewClass 2021-02-18 16:07:47 +01:00
Taus Brock-Nannestad
880451f659 Python: Add change note 2021-02-18 15:59:34 +01:00
Chris Smowton
321df82851 Apply review feedback: comment style, bracketing, and use proper MISSING test annotations 2021-02-18 14:56:52 +00:00