codeql

mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00

Author	SHA1	Message	Date
Max Schaefer	8dda4bd97f	Merge pull request #66 from intrigus-lgtm/CWE-643 CWE-643 XPathInjection on Go	2020-03-24 10:53:57 +00:00
Sauyon Lee	81e13473db	Merge pull request #69 from max-schaefer/issue-72 Track taint through element writes.	2020-03-24 03:41:05 -07:00
intrigus	1f635806b3	Fix copy-paste errors, remove debugging code	2020-03-23 16:49:45 +01:00
intrigus-lgtm	9187bacd3c	Apply suggestion from code review Use getUnderlyingType() to account for named aliases. Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2020-03-23 16:45:56 +01:00
Sauyon Lee	4ff3177fae	Merge pull request #67 from max-schaefer/more-qldoc Add missing Qldoc for modules.	2020-03-23 05:29:40 -07:00
Max Schaefer	62b79721ea	Track taint through element writes. This adds a taint step from `pred` to (the post-update node) of `succ` in `succ[idx] = pred` and its syntactic variants. Unlike for structs, where partially tainted values are quite common, the theory is that arrays, maps, and slices are usually either completely tainted or completely clean.	2020-03-23 09:15:01 +00:00
intrigus	d81c9b145e	Update query help to use goxpath	2020-03-20 21:38:46 +01:00
intrigus	948b79df87	Update xpath example, use goxpath package	2020-03-20 21:38:46 +01:00
intrigus	c7ead88b91	Restructure query, add default sanitizer	2020-03-20 21:38:46 +01:00
intrigus-lgtm	ec40cf0379	Apply suggestions from review Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2020-03-20 21:38:02 +01:00
Max Schaefer	60fe6f4390	Add missing Qldoc for modules.	2020-03-20 17:36:08 +00:00
intrigus	d6ff6b74c5	CWE-643 XPathInjection on Go	2020-03-19 22:26:37 +01:00
Max Schaefer	37aaba10b7	Merge pull request #64 from sauyon/examples-in-json Add examples qlpack.yml to CodeQL manifest	2020-03-19 07:54:39 +00:00
Sauyon Lee	f60f6ea7d0	Add examples qlpack.yml to CodeQL manifest	2020-03-18 09:30:45 -07:00
Max Schaefer	f53732ec5a	Merge pull request #39 from sauyon/go1.14 Go 1.14 support	2020-03-18 10:08:50 +00:00
Max Schaefer	0a59470640	Fix tests. (#3 )	2020-03-18 02:10:24 -07:00
Max Schaefer	60ce9c5acd	Merge pull request #59 from max-schaefer/go-pg Add model of `go-pg/pg`.	2020-03-18 07:35:23 +00:00
Max Schaefer	ad1324d2dd	Add test.	2020-03-17 12:08:42 +00:00
Max Schaefer	49c5779112	Add model of `go-pg/pg`.	2020-03-17 12:08:42 +00:00
Sauyon Lee	e9b47298ed	Merge pull request #61 from max-schaefer/better-method-sets Reformulate `Method.hasQualifiedName` in terms of method sets	2020-03-17 07:46:19 -04:00
Max Schaefer	8cadc94f49	Clarify behaviour of `getMethod` on struct types.	2020-03-17 10:58:58 +00:00
Max Schaefer	74bcfdd01c	Remove an unused and potentially confusing predicate.	2020-03-16 13:24:57 +00:00
Max Schaefer	0fc7febd1d	Add another test.	2020-03-13 15:54:39 +00:00
Max Schaefer	f41151350a	Merge pull request #60 from sauyon/bitwise-xor-fps MistypedExponentiation: Add a heuristic to reduce FPs	2020-03-13 15:46:03 +00:00
Max Schaefer	8898858fff	Add tests.	2020-03-13 14:19:27 +00:00
Max Schaefer	5175f1dcbe	Take promoted methods into account when computing method sets.	2020-03-13 14:19:27 +00:00
Max Schaefer	d0c6206a6a	Reformulate `hasQualifiedName` in terms of method sets.	2020-03-13 14:19:27 +00:00
Sauyon Lee	78ad006e68	Merge pull request #55 from max-schaefer/tainted-arithmetic Add new query `AllocationSizeOverflow`.	2020-03-13 07:16:54 -07:00
Max Schaefer	39fa6052e6	Also treat second argument to `make` (slice capacity) as an allocation size.	2020-03-13 12:17:53 +00:00
Max Schaefer	864c85e886	Fix typo.	2020-03-13 10:27:58 +00:00
Max Schaefer	b2f1da8942	Simplify a condition.	2020-03-13 10:27:58 +00:00
Max Schaefer	d66888e651	Make query more extensible.	2020-03-13 10:27:58 +00:00
Max Schaefer	ea36d49218	Add new query `AllocationSizeOverflow`.	2020-03-13 10:18:51 +00:00
Sauyon Lee	ea5e6a324d	Add change note	2020-03-13 03:10:55 -07:00
Sauyon Lee	630d0cef89	Address review comments	2020-03-12 09:13:52 -07:00
Sauyon Lee	6e681f829b	MistypedExponentiation: Add a heuristic to reduce FPs	2020-03-12 09:13:52 -07:00
Max Schaefer	2c751f2945	Merge pull request #58 from max-schaefer/desemmlify Docs: Remove some Semmle references.	2020-03-12 16:05:48 +00:00
Sauyon Lee	b64a43f578	Merge pull request #57 from max-schaefer/trap.gz Gzip TRAP files	2020-03-12 06:24:32 -07:00
Max Schaefer	270ae0926a	Docs: Remove some Semmle references.	2020-03-12 10:57:06 +00:00
Max Schaefer	6b0ba750e6	Put gzip writer on top of bufio writer.	2020-03-12 08:40:22 +00:00
Max Schaefer	d7d5447689	Merge pull request #46 from sauyon/force-extract-methods Extract methods when they don't exist	2020-03-12 08:16:44 +00:00
Sauyon Lee	2e8958583b	Merge pull request #56 from max-schaefer/issue-66 Standardize experimental contribution	2020-03-11 14:18:35 -07:00
Max Schaefer	8901ba62e0	Gzip TRAP files.	2020-03-11 15:14:37 +00:00
Max Schaefer	8136ebbb91	Merge pull request #54 from sauyon/vendor-support extractor: Use -mod=vendor when a vendor directory exists	2020-03-11 11:36:49 +00:00
Max Schaefer	b3022c9fc8	Standardise `RangeAnalysis.qll`. This brings the library in line with our usual syntactic conventions regarding QLDoc and names. I've also made a few superficial simplifications here and there. Overall, the code would benefit from being rewritten to make use of the data-flow graph, but that is a larger undertaking.	2020-03-11 11:20:59 +00:00
Max Schaefer	a95b9c8e02	Rename a few files and clean up wording.	2020-03-11 11:04:42 +00:00
Max Schaefer	2fd925fe90	Autoformat.	2020-03-11 10:47:23 +00:00
Sauyon Lee	5056b5f161	Apply review comments. Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2020-03-11 03:26:18 -07:00
Sauyon Lee	1f83aa4586	Add a -mod=vendor change note	2020-03-11 03:10:35 -07:00
Max Schaefer	f1d489f6f9	Merge pull request #51 from singleghost/master Add integer overflow detection support for codeql-go.	2020-03-11 10:00:39 +00:00

1 2 3 4 5 ...

396 Commits