hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 22:14:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,116 Commits 1,740 Branches 165 Tags
7bc7ffffd694ee80872283e5d4e90ffd85d3ee21
Commit Graph

11116 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
7bc7ffffd6 autoformat 2020-03-23 14:10:07 +01:00
Erik Krogh Kristensen
2c43d1d731 fix FP in superfluous-trailing-arguments related to Function.arguments 2020-03-23 10:40:35 +01:00
Anders Schack-Mulligen
888c504f55 Merge pull request #2903 from hvitved/dataflow/performance 
Data flow: Refactoring + performance improvements
 2020-03-23 10:01:20 +01:00
yo-h
16f2957029 Merge pull request #3081 from aschackmull/java/urldecoder-step 
Java: Add URLDecoder.decode as taint step.
 2020-03-20 13:53:20 -04:00
yo-h
bcda481d4a Merge pull request #3086 from aschackmull/java/apache-base64-taint 
Java: Add apache Base64 taint steps.
 2020-03-20 13:49:20 -04:00
Mathias Vorreiter Pedersen
67cb8525bf Merge pull request #3082 from dbartol/dbartol/VarArgIR 
C++: Model varargs in IR, Part I
 2020-03-19 18:05:46 +01:00
Dave Bartolomeo
74f61dc148 C++: Fix formatting 2020-03-19 09:18:32 -04:00
semmle-qlci
deb20fc37f Merge pull request #3076 from esbena/js/even-more-mongoose-improvements 
Approved by erik-krogh
 2020-03-19 12:03:53 +00:00
semmle-qlci
2821b01017 Merge pull request #2915 from tausbn/python-add-points-to-for-missing-builtin-return-types 
Approved by RasmusWL
 2020-03-19 11:02:46 +00:00
Rasmus Wriedt Larsen
f4e5079dd3 Merge pull request #2991 from BekaValentine/python-objectapi-to-valueapi-unguardednextingenerator 
Python: ObjectAPI to ValueAPI: UnguardedNextInGenerator
 2020-03-19 10:33:32 +01:00
Rebecca Valentine
06f0947318 Update python/ql/src/Exceptions/UnguardedNextInGenerator.ql 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-18 14:16:00 -07:00
Rebecca Valentine
9560c804b8 Update python/ql/test/query-tests/Exceptions/generators/test.py 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-18 14:15:49 -07:00
Robert Marsh
a30954599d Merge pull request #3085 from jbj/inStaticInitializer-AggregateLiteral 
C++: Manual magic in inStaticInitializer
 2020-03-18 13:23:04 -07:00
Dave Bartolomeo
30d2b865c6 C++: Fix formatting 2020-03-18 14:06:28 -04:00
Tom Hvitved
937924571c Data flow: Sync files 2020-03-18 18:16:27 +01:00
Tom Hvitved
d0aaaad537 Address review comments 2020-03-18 18:16:11 +01:00
Rasmus Wriedt Larsen
9a0b2b1843 Merge pull request #2989 from BekaValentine/python-objectapi-to-valueapi-incorrectexceptorder 
Python: ObjectAPI to ValueAPI: IncorrectExceptOrder
 2020-03-18 18:03:25 +01:00
Taus
ae1268f241 Merge branch 'master' into python-add-points-to-for-missing-builtin-return-types 2020-03-18 17:59:17 +01:00
Rasmus Wriedt Larsen
290e33a912 Merge pull request #2922 from tausbn/python-fix-multi-assign-points-to 
Python: Fix bug in `multi_assignment_points_to`.
 2020-03-18 17:50:37 +01:00
Rasmus Wriedt Larsen
b0303158a5 Merge pull request #3088 from tausbn/python-prepare-autoformatting 
Python: Prepare for autoformatting.
 2020-03-18 17:48:46 +01:00
Dave Bartolomeo
0329327f9f C++: Move VarArgs utilities location 2020-03-18 11:24:44 -04:00
Dave Bartolomeo
fed1bce015 C++: Make vararg utilities internal for now. 2020-03-18 11:18:38 -04:00
Dave Bartolomeo
4fce20116e C++: Fix formatting 2020-03-18 09:53:01 -04:00
Dave Bartolomeo
26ea93af58 Merge remote-tracking branch 'upstream/master' into dbartol/VarArgIR 2020-03-18 09:52:21 -04:00
Jonas Jensen
a23077af11 C++: Comments for future maintainers 2020-03-18 14:11:37 +01:00
Taus Brock-Nannestad
57af7b84aa Python: Prepare for autoformatting. 
Mostly fixes up a bunch of comments that were made wonky by the autoformatter.
 2020-03-18 13:59:38 +01:00
Tom Hvitved
3bd6429072 Data flow: Sync files 2020-03-18 13:28:26 +01:00
Tom Hvitved
321b91209f Address review comments 2020-03-18 13:28:16 +01:00
Jonas Jensen
f1ad0dafdc Merge pull request #2849 from geoffw0/model-gets 
C++: Model for gets
 2020-03-18 11:06:23 +01:00
Anders Schack-Mulligen
396678fd55 Java: Add apache Base64 taint steps. 2020-03-18 10:54:40 +01:00
Esben Sparre Andreasen
b1a722fcda JS: typo fix 2020-03-18 10:11:38 +01:00
Esben Sparre Andreasen
12d8177b4b Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:12:05 +01:00
Esben Sparre Andreasen
ce3b196b93 Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:57 +01:00
Esben Sparre Andreasen
b9860d3444 Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:49 +01:00
Esben Sparre Andreasen
d74c16f86c Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:36 +01:00
Jonas Jensen
260bfe7b1d C++: Manual magic in inStaticInitializer 
Since `runtimeExprInStaticInitializer` only looks at expressions at the
top level of an initializer or directly below some number of top-level
aggregate literals, there is no need for `inStaticInitializer` to
include expressions strictly below those in the AST.

I tested this on Wireshark, which has very large static initializers,
but found no measureable difference in run time. There are some
differences in tuple counts and iteration counts, though:

- `inStaticInitializer` changes from 6,241,153 rows (86 iterations) to
  5,031,617 rows (7 iterations).
- `runtimeExprInStaticInitializer` changes from 386,350 rows to 4,705
  rows.
- `hasDynamicInitialization` has 410 rows both before and after, which
  suggests that this change does not affect results.

Even though there is no impact on this snapshot at this time, things
might look different if/when the restriction on aggregate literals to
100 children is removed in the extractor.
 2020-03-18 09:28:45 +01:00
Jonas Jensen
93c6f8f1f7 Merge pull request #3056 from dbartol/dbartol/static-locals 
C++: Model dynamic initialization of static local variables in IR
 2020-03-18 08:16:21 +01:00
Dave Bartolomeo
309ccf3daf C++: Factor out common code to avoid recursion 2020-03-17 18:44:29 -04:00
Dave Bartolomeo
772324fafa C++: Add comment with IR for dynamic init of static var 2020-03-17 18:44:00 -04:00
Dave Bartolomeo
709757f7f2 Merge remote-tracking branch 'upstream/master' into dbartol/static-locals 2020-03-17 18:35:13 -04:00
Taus
46567a5842 Merge pull request #3029 from BekaValentine/python-objectapi-to-valueapi-handles 
Python: ObjectAPI to ValueAPI: Handles
 2020-03-17 22:37:27 +01:00
Rebecca Valentine
f351916418 Merge branch 'master' into testmerge 2020-03-17 12:32:45 -07:00
Taus
ca26feefbf Merge pull request #2978 from BekaValentine/python-objectapi-to-valueapi-illegalexceptionhandlertype 
Python: ObjectAPI to ValueAPI: IllegalExceptionHandlerType
 2020-03-17 17:56:34 +01:00
Rebecca Valentine
a7a64952e2 Python: ObjectAPI.qll: Fixes docstring 2020-03-17 09:48:54 -07:00
Robert Marsh
84a74f406a Merge pull request #3002 from theopolis/cpp-linux-drop-privileges-outoforder 
CPP: Add query for CWE-273 that detects out-of-order setuid
 2020-03-17 09:10:51 -07:00
Dave Bartolomeo
9cc3cda58e C++: Model varargs in IR, Part I 
This change introduces a new synthesized `IRVariable` in every varargs function. This variable represents the entire set of arguments passed to the ellipsis by the caller. We give it an opaque type big enough hold all of the arguments passed by the largest vararg call in the database. It is treated just like any other parameter. It is initialized the same, it has indirect buffers, etc.

I had to introduce a couple new APIs to `Call` and `Function`. The QLDoc comments should explain these. I added tests for these new APIs as well.

The next step will be to change the IR generation for the `va_*` macros to manipulate the ellipsis parameter.
 2020-03-17 11:11:48 -04:00
Tom Hvitved
2e8bd5ccba Data flow: Sync files 2020-03-17 15:16:12 +01:00
Tom Hvitved
0645940a5c Address review comments 2020-03-17 15:16:01 +01:00
semmle-qlci
8792d0d248 Merge pull request #3070 from erik-krogh/DataPerf 
Approved by asgerf
 2020-03-17 13:47:09 +00:00
semmle-qlci
fa08258c14 Merge pull request #3036 from erik-krogh/CustomTrack 
Approved by asgerf
 2020-03-17 13:44:51 +00:00