codeql

mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00

Author	SHA1	Message	Date
Max Schaefer	a88bf4c9fa	Merge pull request #177 from sauyon/whitelist Use allow or allowlist instead of whitelist	2020-06-13 19:44:51 +01:00
Sauyon Lee	66f733d798	Use allow or allowlist instead of whitelist	2020-06-12 09:16:41 -07:00
Owen Mansel-Chan	282b8cb9e4	Merge pull request #175 from owen-mc/array-slice-literal Add classes for array and slice literals	2020-06-12 12:12:02 +01:00
Owen Mansel-Chan	e6217d90d7	Provide better strings for map and struct literals	2020-06-12 11:23:58 +01:00
Owen Mansel-Chan	dc113ab19f	Update tests for new strings	2020-06-12 10:40:13 +01:00
Owen Mansel-Chan	e9c2958095	Add classes for array and slice literals	2020-06-12 10:40:13 +01:00
Max Schaefer	47804d68c7	Merge pull request #176 from max-schaefer/update-data-flow Data flow: Allow nodes to be hidden from path explanations	2020-06-12 07:23:15 +01:00
Owen Mansel-Chan	f11b956583	Add a superclass for literals (#172 )	2020-06-11 19:53:40 +01:00
Max Schaefer	40ffa221bc	Merge pull request #171 from owen-mc/typeexprs-extend-typeexpr Make `ArrayTypeExpr` and so on extend `TypeExpr`	2020-06-11 17:20:29 +01:00
Max Schaefer	b164cf33c7	Merge pull request #174 from github/rc/1.24 Merge rc/1.24 into master	2020-06-11 17:19:23 +01:00
Max Schaefer	9e3681cda4	Merge pull request #173 from owen-mc/update-ast-class-reference Update AST class reference	2020-06-11 16:47:43 +01:00
Owen Mansel-Chan	71005f19c6	Update AST class reference To match https://github.com/github/codeql/pull/3685	2020-06-11 16:08:36 +01:00
Owen Mansel-Chan	c891d22f74	Make `ArrayTypeExpr` and so on extend `TypeExpr` To avoid a recursive definition, need to replace ArrayTypeExpr with@arraytypeexpr and so on in isTypeExprBottomUp(Expr e).	2020-06-11 11:06:15 +01:00
Max Schaefer	c6537f6d3b	Data flow: Allow nodes to be hidden from path explanations cf https://github.com/github/codeql/pull/3657	2020-06-11 09:59:40 +01:00
Max Schaefer	24e2a294ed	Merge pull request #169 from max-schaefer/rc/1.24 Merge rc/1.24 into master	2020-06-11 09:15:28 +01:00
Max Schaefer	d8f1873635	Merge branch 'master' into rc/1.24	2020-06-11 08:10:22 +01:00
Owen Mansel-Chan	c30893aba7	Add AST class reference (#164 )	2020-06-10 15:59:48 +01:00
Max Schaefer	8787f0b4f0	Merge pull request #165 from sauyon/support-actions autobuilder: Add support for GITHUB_REPOSITORY environment variable	2020-06-10 09:45:18 +01:00
Sauyon Lee	4cd3f89128	Merge pull request #168 from max-schaefer/make-autoformat Add Make target to autoformat all QL.	2020-06-09 12:55:57 -07:00
Sauyon Lee	ba0f922a28	autobuilder: Add support for GITHUB_REPOSITORY environment variable This is for use within GitHub actions	2020-06-09 11:52:23 -07:00
Max Schaefer	1342d8688e	Autoformat.	2020-06-09 17:38:18 +01:00
Max Schaefer	b4b78ff923	Use newer version of CodeQL.	2020-06-09 17:36:38 +01:00
Max Schaefer	6b5657b5fb	Add PR check to ensure everything is autoformatted.	2020-06-09 17:31:29 +01:00
Max Schaefer	04af08ca0d	Add Make target to autoformat all QL. Use ```sh make autoformat ``` to format all `.ql` and `.qll` files under `ql/src`. Use ```sh make AUTOFORMAT=--check-only autoformat ``` to check that all `.ql` and `.qll` files under `ql/src` are correctly formatted and fail if they are not.	2020-06-09 17:27:53 +01:00
Max Schaefer	524b11b81a	Merge pull request #163 from robertbrignull/more-suites Add more code-scanning suites	2020-06-04 09:53:14 +01:00
Robert Brignull	9ee57374cb	add more code-scanning suites	2020-06-01 10:58:49 +01:00
Max Schaefer	b37bdec66c	Merge pull request #157 from owen-mc/isresult-consistency Make FunctionOutput.isResult(0) and CallNode.getResult(0) match single results	2020-05-29 17:13:21 +01:00
Max Schaefer	2f7ff6b56c	Merge pull request #162 from max-schaefer/open-url-redirect-formvalue Consider `Request.FormValue(...)` as a source for URL redirects.	2020-05-29 15:56:50 +01:00
Max Schaefer	8f0592a079	Consider `Request.FormValue(...)` as a source for URL redirects. Despite its name, this method doesn't just handle form values but also query parameters.	2020-05-29 15:03:05 +01:00
Sauyon Lee	b1db53e733	Merge pull request #161 from max-schaefer/more-mutable-types Broaden definition of mutable types for taint tracking	2020-05-29 06:55:16 -07:00
Max Schaefer	64c60f6153	Merge pull request #160 from sauyon/readme Add links to the CodeQL CLI and LGTM.com	2020-05-29 07:13:20 +01:00
Sauyon Lee	51026a7142	Add links to the CodeQL CLI and LGTM.com	2020-05-28 22:38:23 -07:00
Owen Mansel-Chan	36fa2c29fa	Simplify more code	2020-05-28 17:40:23 +01:00
Owen Mansel-Chan	65608a2912	Address review comments	2020-05-28 17:24:37 +01:00
Max Schaefer	e3501ddb44	Introduce more post-update nodes. To model (taint) flow through functions, we introduce post-update nodes for arguments (including receivers), but only if that argument is mutable. However, previously our criterion for determining whether an argument is mutable was a little too restrictive. In particular, we would not consider a struct-typed argument as mutable, since structs are passed by value. While this is reasonable for data flow, it is unnecessarily restrictive for taint, since it makes perfect sense to track deep taint through structs. So instead we now turn things round and instead consider _all_ types to be mutable except for primitive types (booleans, numbers, and strings).	2020-05-28 15:33:09 +01:00
Max Schaefer	0dd7676bd8	Add another function-model test.	2020-05-28 15:31:00 +01:00
Max Schaefer	1c5dd51992	Add codespaces configuration	2020-05-28 13:09:21 +00:00
Owen Mansel-Chan	bbce7d1f05	Simplify existing code	2020-05-28 13:07:08 +01:00
Owen Mansel-Chan	1c5a4605d6	Add CallNode.getAResult()	2020-05-28 12:49:05 +01:00
Owen Mansel-Chan	1580591b73	Address review comments	2020-05-28 12:49:05 +01:00
Max Schaefer	e7095baa39	Fix `nonHtmlContentType`.	2020-05-27 16:52:11 +01:00
Owen Mansel-Chan	f0e1147551	Make CallNode.getResult(0) match single results	2020-05-27 10:24:09 +01:00
Owen Mansel-Chan	4be805966f	Make FunctionOutput.isResult(0) match single results	2020-05-27 10:24:09 +01:00
Owen Mansel-Chan	ae2ed877ee	Add tests for CallNode.getResult	2020-05-27 10:24:09 +01:00
Owen Mansel-Chan	53cfbcc255	Add tests for FunctionOutput.isResult	2020-05-27 10:24:03 +01:00
Max Schaefer	8596a99f9d	Merge pull request #156 from max-schaefer/update-data-flow Data flow: Remove deprecated predicates.	2020-05-26 16:16:44 +01:00
Max Schaefer	a59e754403	Data flow: Remove deprecated predicates. cf https://github.com/github/codeql/pull/3515	2020-05-26 11:09:35 +01:00
Max Schaefer	1f54edfe99	Add make target for synchronising data-flow libraries.	2020-05-26 11:09:07 +01:00
Max Schaefer	63fddfc705	Merge pull request #155 from sauyon/dbscheme-binary Create a new entry point for generating dbschemes	2020-05-26 10:17:39 +01:00
Sauyon Lee	aef7524f35	Add a go-gen-dbscheme for generating dbschemes	2020-05-22 08:04:40 -07:00

1 2 3 4 5 ...

775 Commits