hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
21 Commits 1,684 Branches 159 Tags
9651a0bfc4a802424253fedbc2cf6d0582078da7
Commit Graph

21 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
9651a0bfc4 Use the split taint predicate to emulate taint where required 
In particular, the OpenUrlRedirect and CleartextLogging queries, which both have taint flow into
an object when one of its fields is written.
 2019-11-21 22:58:36 -08:00
Sauyon Lee
c0730fe4cc Make taintStep public 2019-11-21 22:58:25 -08:00
Max Schaefer
a54d30c053 Merge pull request #186 from sauyon/taint-split 
Split taintStep into many predicates
 2019-11-20 20:39:27 +00:00
Sauyon Lee
3f437612e1 Add qldoc to all taint step predicates. 2019-11-20 11:27:24 -08:00
Max Schaefer
f94ce88ea4 Add .lgtm.yml to classify tests. 2019-11-20 10:24:54 +00:00
Sauyon Lee
09865a5f5c Add a field read taint step 2019-11-18 23:58:01 -08:00
Sauyon Lee
e0c589060a Split taintStep into many predicates 2019-11-18 23:58:00 -08:00
Max Schaefer
8cc60ba543 Add more codeql metadata files. 2019-11-14 10:35:21 +00:00
Sauyon Lee
eda858eafb Merge pull request #184 from max/cleartext-logging-constant 
Teach `CleartextLogging` not to flag constant sources.
 2019-11-14 01:21:04 -05:00
Max Schaefer
616d78e2a5 Teach CleartextLogging not to flag constant sources. 2019-11-13 14:25:32 +00:00
Max Schaefer
50cde34878 Merge pull request #181 from sauyon/hardcoded-sensitive 
HardcodedCredentials: Use SensitiveActions
 2019-11-13 09:21:45 +00:00
Max Schaefer
ed95cdea56 Merge pull request #183 from sauyon/regexp-improvements 
OpenUrlRedirect: Use the regexp library for RegexpCheck
 2019-11-13 09:20:19 +00:00
Max Schaefer
899ae102b0 Merge pull request #182 from sauyon/fix-newline 
autobuilder: Add a missing newline to the usage blurb
 2019-11-13 09:19:22 +00:00
Sauyon Lee
3b39f5c2e1 OpenUrlRedirect: Use the regexp library for RegexpCheck 2019-11-12 15:14:05 -08:00
Sauyon Lee
2ba680ef4c autobuilder: Add a missing newline to the usage blurb 2019-11-12 15:11:03 -08:00
Sauyon Lee
4e4d94da7b Merge pull request #180 from max/receiver-deref-update 
Conservatively handle indirect updates through pointer-type receiver.
 2019-11-12 17:56:13 -05:00
Sauyon Lee
50a008900c HardcodedCredentials: Use SensitiveActions 2019-11-12 14:08:44 -08:00
Max Schaefer
5726ec179c Merge pull request #9 from github/autobuilder-add-print 
autobuilder: Add line printing the environment and build versions of Go
 2019-11-12 16:24:19 +00:00
Max Schaefer
06fe00006a Conservatively handle indirect updates through pointer-type receiver. 
Method references `x.m` where the receiver of `m` is a pointer implicitly take the address of `x`, so they should be treated much the same as `&x` in terms of data flow. (Ideally we'd make this explicit in the data-flow graph itself, but that's for another PR.)
 2019-11-12 08:54:47 +00:00
Sauyon Lee
7c45316aa7 autobuilder: Add line printing the environment and build versions of Go 2019-11-08 19:59:52 -08:00
Max Schaefer
d14eb855fc Go analysis support for CodeQL. 2019-11-08 12:16:26 +00:00