codeql

mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00

Author	SHA1	Message	Date
Max Schaefer	864c85e886	Fix typo.	2020-03-13 10:27:58 +00:00
Max Schaefer	b2f1da8942	Simplify a condition.	2020-03-13 10:27:58 +00:00
Max Schaefer	d66888e651	Make query more extensible.	2020-03-13 10:27:58 +00:00
Max Schaefer	ea36d49218	Add new query `AllocationSizeOverflow`.	2020-03-13 10:18:51 +00:00
Max Schaefer	8136ebbb91	Merge pull request #54 from sauyon/vendor-support extractor: Use -mod=vendor when a vendor directory exists	2020-03-11 11:36:49 +00:00
Sauyon Lee	5056b5f161	Apply review comments. Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2020-03-11 03:26:18 -07:00
Sauyon Lee	1f83aa4586	Add a -mod=vendor change note	2020-03-11 03:10:35 -07:00
Max Schaefer	f1d489f6f9	Merge pull request #51 from singleghost/master Add integer overflow detection support for codeql-go.	2020-03-11 10:00:39 +00:00
Sauyon Lee	57b874e047	extractor: Only skip dependency installation when vendor folder is detected	2020-03-11 02:59:33 -07:00
Max Schaefer	a8c1731f9d	Merge pull request #50 from sauyon/uintptr Make uintptrtype a subclass of unsignedintegertype	2020-03-11 09:57:00 +00:00
Sauyon Lee	0aa46becf9	extractor: Use -mod=vendor when a vendor directory exists	2020-03-10 16:44:03 -07:00
singleghost	2aa2f608a3	Move files related to integer overflow detection under the src/experimental folder	2020-03-10 19:02:05 +08:00
Max Schaefer	7ec7b17ce7	Merge pull request #53 from sauyon/close-files extractor: Close files even when writes fail	2020-03-10 09:38:02 +00:00
Sauyon Lee	79ab831776	extractor: Close files even when writes fail	2020-03-10 00:52:33 -07:00
Sauyon Lee	cdf3bc4fa0	Merge pull request #52 from max-schaefer/issue-48 Improve taint-tracking through pointers and other fixes	2020-03-09 06:36:43 -07:00
Sauyon Lee	2428efcb6d	Make @uintptrtype a @unsignedintegertype	2020-03-09 04:40:02 -07:00
Sauyon Lee	5b81775670	Fix constant values test data	2020-03-09 04:40:01 -07:00
Max Schaefer	4dca00e99c	Merge pull request #45 from sauyon/go-mod-libs Go.mod extraction libraries and tests	2020-03-09 09:40:41 +00:00
singleghost	77ec4c913f	Add integer overflow detection support for codeql-go. I wrote a ql library which can perform range analysis on expression and can detect whether an arithmetic operation may overflow. I wrote this library with reference to the `SimpleRangeAnalysis.qll` for C language. I hope this helps a little bit for those who want to detect integer overflow issues in code.	2020-03-07 21:34:38 +08:00
Sauyon Lee	2d879458ba	Merge pull request #49 from max-schaefer/more-function-outputs Make `FunctionOutput` more useful	2020-03-06 09:41:40 -08:00
Max Schaefer	1be0cc57a8	Add test case from https://github.com/github/codeql-go/issues/48 .	2020-03-06 17:35:50 +00:00
Max Schaefer	bcb9ce2498	Add another test for StringBreak.	2020-03-06 17:35:50 +00:00
Max Schaefer	bf6865b96a	Add model of ioutil.ReadAll	2020-03-06 17:35:50 +00:00
Max Schaefer	f599243a34	Conflate references and referents more thoroughly in taint tracking.	2020-03-06 17:35:50 +00:00
Max Schaefer	aa8bc972d9	Address review comments.	2020-03-06 15:03:45 +00:00
Sauyon Lee	3d88032f81	Address review comments. Co-authored-by: Max Schaefer <max-schaefer@github.com>	2020-03-06 06:51:30 -08:00
Sauyon Lee	43fbf47da3	Add a change note about go.mod extraction	2020-03-06 06:51:28 -08:00
Sauyon Lee	555b0a9527	Add a GoModFile class	2020-03-06 06:51:27 -08:00
Sauyon Lee	38596dddc0	Address review comments. Co-authored-by: Max Schaefer <max-schaefer@github.com>	2020-03-06 06:51:26 -08:00
Sauyon Lee	34f34e2241	GoModExpr.qll: Rename getOffsetToken to GoModLine.getToken Also add getRawToken to do what getToken did before, and fix up documentation.	2020-03-06 06:51:25 -08:00
Sauyon Lee	4b9cc87c2e	Add test for replace line with versions	2020-03-06 06:51:24 -08:00
Sauyon Lee	25577a8108	Remove DependencyCustomizations	2020-03-06 06:51:24 -08:00
Sauyon Lee	78239accd5	Dependencies: Make getAnImport() more precise In particular, ensure that the go file importing the dependency is under the directory of the file where the dependency is declared. Co-authored-by: Max Schaefer <max-schaefer@github.com>	2020-03-06 06:51:23 -08:00
Sauyon Lee	b27e63ba83	Address review comments Co-authored-by: Max Schaefer <max-schaefer@github.com>	2020-03-06 06:51:22 -08:00
Sauyon Lee	dd3f98c549	extractor: Don't log directory being walked for go.mod files	2020-03-06 06:51:21 -08:00
Sauyon Lee	5911b7005a	Add tests for dependencies library	2020-03-06 06:51:20 -08:00
Sauyon Lee	dddc8cecd4	Add go.mod expression tests	2020-03-06 06:51:19 -08:00
Sauyon Lee	6c78490bbe	Add libraries modeling dependencies	2020-03-06 06:51:18 -08:00
Sauyon Lee	d92e49fb17	Add libraries for go.mod expressions	2020-03-06 06:51:17 -08:00
Max Schaefer	f875afca53	Merge pull request #47 from sauyon/use-bufio Use bufio and don't sync FS	2020-03-06 10:59:30 +00:00
Max Schaefer	3a7910da5a	Introduce (un-)marshaling functions as a concept and instantiate it with the functions in `encoding/json`.	2020-03-06 10:07:54 +00:00
Max Schaefer	9bcbfb2911	Fix flow step from global functions to their use. How does anything work.	2020-03-06 09:41:35 +00:00
Max Schaefer	a7ecb50a34	Add taint-tracking model for `append`.	2020-03-06 09:41:35 +00:00
Max Schaefer	4f061005cb	Add a taint-tracking model for `copy`.	2020-03-06 09:41:35 +00:00
Max Schaefer	3f8d2117d8	Introduce post-update nodes for arguments with a mutable type.	2020-03-06 09:41:35 +00:00
Max Schaefer	b99c63d180	Factor out an auxiliary predicate.	2020-03-06 09:41:35 +00:00
Max Schaefer	af2c7aae5d	Don't rely on flow through function models in definition of `PostUpdateNode`.	2020-03-06 09:41:35 +00:00
Max Schaefer	185d0910c3	Sharpen `stringConcatStep` to exclude addition.	2020-03-06 09:41:35 +00:00
Sauyon Lee	c027bbaadf	Use buffered writers	2020-03-05 21:12:15 -08:00
Max Schaefer	b8338896be	Merge pull request #33 from sauyon/extract-go-mod Add extraction for go.mod files	2020-03-05 09:38:21 +00:00

1 2 3 4 5 ...

347 Commits