hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-12 10:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,187 Commits 1,740 Branches 164 Tags
9b9fc186050e8ef326cf1c6e6810255cd22ea7bb
Commit Graph

38 Commits

Author SHA1 Message Date
Nick Rolfe
9b9fc18605 Add taint step for Base64.decode64 2021-09-08 17:49:23 +01:00
Nick Rolfe
adceb0a2a1 Add query rb/unsafe-deserialization 2021-09-08 17:49:23 +01:00
Nick Rolfe
414362db8d Rename .qll to match our naming scheme for other dataflow queries. 2021-09-07 17:38:08 +01:00
Nick Rolfe
7666d856b7 Merge remote-tracking branch 'origin/main' into polynomial_redos 2021-09-07 17:35:07 +01:00
Nick Rolfe
8fbe5c0adf Merge pull request #261 from github/getPrimaryQlClasses 
Implement getPrimaryQlClasses
 2021-09-07 12:02:15 +01:00
Nick Rolfe
060060bc0b Merge remote-tracking branch 'origin/main' into getPrimaryQlClasses 2021-09-06 19:34:34 +01:00
Tom Hvitved
3594794875 Use instanceof base classes in range patterns 2021-09-06 16:15:52 +02:00
Tom Hvitved
9b3b9a731f Move instanceof check from charpred in CfgScope 2021-09-06 10:31:16 +02:00
Harry Maclean
87253032e2 Add a query for URL redirect vulnerabilities 
This query finds instances of CWE-601: Redirection to Untrusted Site.

The structure is copied from a query of the same name in the Python
library. We add customisations specific to `ActionController`.
 2021-09-03 13:17:14 +01:00
Nick Rolfe
d62b41bdf4 Add query for polynomial ReDoS 2021-09-02 17:57:56 +01:00
Alex Ford
86073776b7 Merge pull request #249 from github/erb-lib 
Add codeql_ruby.ast.Erb library
 2021-09-02 16:26:52 +01:00
Tom Hvitved
2d0febeb04 Fix typo in comment 2021-09-02 10:24:37 +02:00
Tom Hvitved
c176d344ab Merge pull request #274 from github/hvitved/cfg/may-raise 
CFG: Model calls that may raise an exception
 2021-09-01 17:42:13 +02:00
Tom Hvitved
6e23a9ae7a Merge pull request #275 from github/hvitved/api-graphs-fix 
API graphs: Fix bug for resolvable modules
 2021-09-01 17:10:27 +02:00
Tom Hvitved
03e91a22bc API graphs: Performance fixes 2021-09-01 16:57:56 +02:00
Tom Hvitved
ae70af01cd API graphs: Fix bug for resolvable modules 2021-09-01 16:57:52 +02:00
Tom Hvitved
89e6c0e838 CFG: Model calls that may raise an exception 
In order to avoid dead `rescue`s, we assume that any call that happens in a
`rescue`/`ensure` context may raise an exception.
 2021-09-01 14:07:28 +02:00
Tom Hvitved
4eaa31d800 Add hasName predicates 2021-09-01 13:32:19 +02:00
Alex Ford
41e7ef11e6 add missing pragma back 2021-08-31 21:19:56 +01:00
Alex Ford
d47c8ee9a5 format 2021-08-31 21:04:43 +01:00
Tom Hvitved
2d08b0156a Merge pull request #271 from github/hvitved/cfg/shared 
Adopt shared CFG library
 2021-08-31 19:41:02 +02:00
Alex Ford
20b851a6e0 improve ErbExecutionDirective definition 2021-08-31 17:49:15 +01:00
Alex Ford
df9e0dfcb2 make strictlyBefore a member predicate on Location 2021-08-31 16:24:38 +01:00
Alex Ford
d84731bcc7 Add a library for working with the ERB AST 2021-08-31 16:24:38 +01:00
Harry Maclean
8901eba978 Include constants in jump-to-def query 
The previous version of this query inadvertently excluded constants
which weren't classes or modules. This version includes them, by
introducing a laxer version of `resolveScopeExpr` that doesn't require
the result to be a `TResolved`.
 2021-08-31 15:42:06 +01:00
Harry Maclean
e72f1399cb Include class variables in jump-to-def query 2021-08-31 15:42:06 +01:00
Harry Maclean
e84ebe2b94 Include instance variables in jump-to-def query 
By convention, instance variables are considered to be "defined" in the
`#initialize` method of their containing class. If an instance variable
is written to in `#initialize` and then read elsewhere in the program,
we will point from the read to the write. If it is not written to in
`#initialize` then we won't provide any jump-to-definition information
for it.
 2021-08-31 15:42:06 +01:00
Nick Rolfe
ad66f03f90 Fix typo in db upgrade script 2021-08-31 15:23:16 +01:00
Tom Hvitved
4677a0832f Adopt shared CFG library 2021-08-31 13:42:41 +02:00
Tom Hvitved
50158b82c8 Sync shared files 2021-08-31 13:42:25 +02:00
Tom Hvitved
c70407ae8c Update DB stats 2021-08-31 12:19:35 +02:00
Tom Hvitved
652d2a7a72 DB upgrade script 2021-08-31 12:19:35 +02:00
Tom Hvitved
7f03b87142 Drop redundant columns from files and folders relations 2021-08-31 12:16:26 +02:00
Dave Bartolomeo
42629b969f Move initial dbscheme 2021-08-26 19:43:06 -04:00
Dave Bartolomeo
2c1620f25e Move missed library file 2021-08-26 18:59:58 -04:00
Dave Bartolomeo
11ad664bfb Updated pack versions and lock files 2021-08-26 18:50:04 -04:00
Arthur Baars
ac2c315839 Fix merge conflicts during rebase 2021-08-26 18:48:53 -04:00
Arthur Baars
17fc6ab72c Refactor into separate library and query packs 2021-08-26 18:40:06 -04:00