hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
865 Commits 1,684 Branches 159 Tags
87c2ac3cafdc47672806d73db32e4df71eb54fd0
Commit Graph

865 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Slavomir
87c2ac3caf Remove deprecated; plus aesthetic fix 2020-07-01 12:11:41 +03:00
Slavomir
37af579f27 Implement code review feedback 2020-07-01 12:02:12 +03:00
Slavomir
7475170ced Fix getBaseType 2020-07-01 11:21:15 +03:00
Slavomir
7f65424556 Fix comments and tests 2020-07-01 10:40:34 +03:00
Slavomir
9421476bea Add IndexExpr logic and example 2020-07-01 10:21:16 +03:00
Slavomir
036a1faffa Remove redundancy 2020-06-30 23:00:19 +03:00
Slavomir
c5354a88f0 Update tests 2020-06-30 22:11:05 +03:00
Slavomir
22e9c75d68 If pointer is to an IndexExpr, the use base type of that index expression 2020-06-30 22:07:40 +03:00
Slavomir
8238d111b5 Fix tests 2020-06-30 13:37:44 +03:00
Slavomir
c28e83a793 Add references 2020-06-30 12:53:51 +03:00
Slavomir
3181ac6ec8 Add qhelp file and examples 2020-06-30 12:43:42 +03:00
Slavomir
27ac4c3236 Fix comment 2020-06-30 12:12:03 +03:00
Slavomir
6f396b9ad8 Add comments to codeql query 2020-06-30 11:47:14 +03:00
Slavomir
8473ed0d81 Add tests 2020-06-30 11:31:24 +03:00
Slavomir
c71ecd678e Initial commit for: wrong use of package unsafe 2020-06-30 10:45:03 +03:00
Max Schaefer
76f482682c Merge pull request #182 from owen-mc/gin-framework 
Move model for Gin framework out of experimental
 2020-06-26 20:26:48 +01:00
Max Schaefer
91ca2bb434 Merge pull request #231 from max-schaefer/taint-through-range 
Propagate taint through `range` statements
 2020-06-26 19:58:53 +01:00
Sauyon Lee
468d9812c4 Merge pull request #227 from max-schaefer/cve-2018-15798 
Teach `OpenUrlRedirect` to propagate out of `URL.Path` and a few other fields.
 2020-06-26 06:21:59 -07:00
Max Schaefer
57f8b08568 Update expected test output. 
The tests for `UnsafeTLS` now work as expected.
 2020-06-26 11:30:26 +01:00
Max Schaefer
66ec160f64 Add change note. 2020-06-26 11:20:45 +01:00
Max Schaefer
258a276242 Propagate taint through range loops. 2020-06-26 11:20:45 +01:00
Max Schaefer
ce3007395f Rename arrayStep to elementStep, which is more accurate. 2020-06-26 11:20:45 +01:00
Max Schaefer
ba82a76948 Merge pull request #229 from max-schaefer/getAPrimaryQlClass 
Rename `describeQlClass` to `getAPrimaryQlClass`.
 2020-06-26 07:51:04 +01:00
Max Schaefer
9904b9e926 Allow flow through more URL fields. 2020-06-26 07:50:08 +01:00
Max Schaefer
3bf934d64b Add change note. 2020-06-25 22:23:49 +01:00
Owen Mansel-Chan
82361ce060 Fix modelling of Params part 2 2020-06-25 21:55:10 +01:00
Owen Mansel-Chan
cf47159a30 Change how Param and Params are modeled 
Previously any read of type Param or Params was a source. Now reading
Context.Params is a source. This should reduce the number of duplicate
paths.
 2020-06-25 21:55:10 +01:00
Owen Mansel-Chan
9fd892ab94 Fix context bind sources 
Using FunctionOutput was recommended in the first PR but not implemented.
 2020-06-25 21:55:00 +01:00
Owen Mansel-Chan
93399c6348 Add tests for bind methods with pointer-typed variables 2020-06-25 16:17:57 +01:00
Max Schaefer
d290bea39a Rename describeQlClass to getAPrimaryQlClass. 2020-06-25 15:08:01 +01:00
Max Schaefer
a89e4971ac Merge pull request #221 from gagliardetto/bad-tls 
Add CWE-327 (unsafe TLS)
 2020-06-25 09:18:42 +01:00
Slavomir
95b76dceca Remove check 2020-06-24 21:39:23 +03:00
Slavomir
4dc1399385 Update comments on the lines that have incorrect flagging 2020-06-24 15:11:33 +03:00
Sauyon Lee
6883a97628 Merge pull request #223 from max-schaefer/update-data-flow 
Data flow: Track precise types during field flow
 2020-06-24 00:10:54 -07:00
Max Schaefer
8c27e16190 Merge pull request #226 from smowton/smowton/fix/remove-spurious-cfg-edge-from-expressionless-switch 
Remove spurious control-flow edge around switch block without a test
 2020-06-24 07:47:37 +01:00
Slavomir
3aa9b25673 Fix comment 2020-06-23 22:40:25 +03:00
Chris Smowton
4882f277f5 Remove spurious control-flow edge around switch block without a test-expression 
Previously we thought it possible to get from top to bottom of a block like "switch { case f(): ... }", when in fact this is only possible if there are no case blocks to execute.

I also add tests for two possible corner cases of a switch without a test-expression: a completely empty switch (the 'true' is indeed the last node) and switch with an empty default block (a single 'skip' is generated for the default block and the 'true' is not the last node)
 2020-06-23 17:46:08 +01:00
Chris Smowton
1dc427a2c5 Cleanup: use TypeSwitchStmt.getAssign, not a raw child accessor 2020-06-23 17:46:08 +01:00
Max Schaefer
4e6d9b3811 Teach OpenUrlRedirect to propagate out of URL.Path and a few other fields. 2020-06-23 15:29:18 +01:00
Slavomir
561c5b91d2 Implement code review feedback 2020-06-23 16:07:05 +03:00
Max Schaefer
95011cebc2 Merge pull request #225 from sauyon/unqualify-functioninput 
Unqualify uses of FunctionInput and FunctionOutput
 2020-06-23 11:24:46 +01:00
Slavomir
56727b220b Try different ways of passing taint through a field 2020-06-23 12:14:49 +03:00
Sauyon Lee
ecff1e6a16 Unqualify uses of FunctionInput and FunctionOutput 2020-06-22 22:25:33 -07:00
Max Schaefer
d3e6e5c0b3 Data flow: Track precise types during field flow 
cf https://github.com/github/codeql/pull/3456
 2020-06-22 20:53:05 +01:00
Slavomir
4ab929a656 Simplify 2020-06-22 17:54:07 +03:00
Slavomir
29eba441d7 Determine TLS version from int value 2020-06-22 17:50:20 +03:00
Slavomir
70bc4c81a0 Fix typo 2020-06-22 17:15:56 +03:00
Slavomir
783f710188 Fix comments 2020-06-22 17:12:15 +03:00
Slavomir
e38d4ecd9c Fix typos 2020-06-22 17:00:31 +03:00
Slavomir
bbf8d7306b Add CWE-327 2020-06-22 16:54:14 +03:00