hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
831 Commits 1,684 Branches 159 Tags
a89e4971acfc42bb99b6c0fc4d765003d296e76d
Commit Graph

497 Commits

Author SHA1 Message Date
Max Schaefer
a89e4971ac Merge pull request #221 from gagliardetto/bad-tls 
Add CWE-327 (unsafe TLS)
 2020-06-25 09:18:42 +01:00
Slavomir
95b76dceca Remove check 2020-06-24 21:39:23 +03:00
Sauyon Lee
6883a97628 Merge pull request #223 from max-schaefer/update-data-flow 
Data flow: Track precise types during field flow
 2020-06-24 00:10:54 -07:00
Max Schaefer
8c27e16190 Merge pull request #226 from smowton/smowton/fix/remove-spurious-cfg-edge-from-expressionless-switch 
Remove spurious control-flow edge around switch block without a test
 2020-06-24 07:47:37 +01:00
Chris Smowton
4882f277f5 Remove spurious control-flow edge around switch block without a test-expression 
Previously we thought it possible to get from top to bottom of a block like "switch { case f(): ... }", when in fact this is only possible if there are no case blocks to execute.

I also add tests for two possible corner cases of a switch without a test-expression: a completely empty switch (the 'true' is indeed the last node) and switch with an empty default block (a single 'skip' is generated for the default block and the 'true' is not the last node)
 2020-06-23 17:46:08 +01:00
Chris Smowton
1dc427a2c5 Cleanup: use TypeSwitchStmt.getAssign, not a raw child accessor 2020-06-23 17:46:08 +01:00
Slavomir
561c5b91d2 Implement code review feedback 2020-06-23 16:07:05 +03:00
Slavomir
56727b220b Try different ways of passing taint through a field 2020-06-23 12:14:49 +03:00
Sauyon Lee
ecff1e6a16 Unqualify uses of FunctionInput and FunctionOutput 2020-06-22 22:25:33 -07:00
Max Schaefer
d3e6e5c0b3 Data flow: Track precise types during field flow 
cf https://github.com/github/codeql/pull/3456
 2020-06-22 20:53:05 +01:00
Slavomir
4ab929a656 Simplify 2020-06-22 17:54:07 +03:00
Slavomir
29eba441d7 Determine TLS version from int value 2020-06-22 17:50:20 +03:00
Slavomir
70bc4c81a0 Fix typo 2020-06-22 17:15:56 +03:00
Slavomir
783f710188 Fix comments 2020-06-22 17:12:15 +03:00
Slavomir
e38d4ecd9c Fix typos 2020-06-22 17:00:31 +03:00
Slavomir
bbf8d7306b Add CWE-327 2020-06-22 16:54:14 +03:00
Max Schaefer
759e3d5632 Further refine potential call targets for interface calls. 
The call target must belong to the method set of a type that implements the interface type of the method call receiver, if any.

For example, assume `h` has type `hash.Hash`, then `h.Write(...)` should only be resolved to implementations of `Write` in types implementing `hash.Hash`, not arbitrary other `Writer`s.
 2020-06-22 09:22:47 +01:00
Max Schaefer
1c58028ae3 Expose receiver type in isInterfaceCallReceiver. 2020-06-22 09:22:47 +01:00
Max Schaefer
0e5e116217 Add a few more utility predicates to DataFlow::Node. 2020-06-22 09:22:47 +01:00
Max Schaefer
18db1fe79f Merge pull request #184 from max-schaefer/lookup-fields-in-cyclic-struct 
Fix field lookup in cyclic structs
 2020-06-21 09:23:57 +01:00
Max Schaefer
0f4297ff5c Add qldoc for three public predicates in PrintAst.qll. 
It's bland, but we try to maintain a 100% documentation coverage for our public library elements.
 2020-06-19 14:25:57 +01:00
Max Schaefer
79b0ea8d77 Merge pull request #183 from smowton/smowton/cleanup/field-parent 
Clean up @field and @fieldparent usage
 2020-06-19 11:30:52 +01:00
Chris Smowton
3c8153ca1e Clean up @field and @fieldparent usage 
* Centralise use of raw types and database predicates in FieldParent and FieldBase classes
* Deduplicate type predicates common to all fields
* Deduplicate predicates common to function parameters and results
 2020-06-19 11:00:42 +01:00
Max Schaefer
2df8c275e0 Fix field lookup in cyclic structs. 2020-06-19 08:16:09 +01:00
Max Schaefer
7c2358c1d0 Merge pull request #181 from sauyon/reflectedxss-fps 
ReflectedXSS refinement
 2020-06-18 11:14:13 +01:00
Max Schaefer
7af168fc3b Merge pull request #179 from smowton/smowton/feature/printast 
Add barebones PrintAST for Go
 2020-06-17 17:02:53 +01:00
Owen Mansel-Chan
2282def1e2 Merge pull request #180 from owen-mc/email-injection 
Move email injection query out of experimental folder
 2020-06-17 15:11:31 +01:00
Chris Smowton
1a823b21f1 PrintAst: Emit relative paths for file nodes 
This is a workaround for codeql run test not itself truncating absolute paths
when comparing against actual output.
 2020-06-17 15:03:29 +01:00
Owen Mansel-Chan
83697f62ac Address review comments on qhelp 2020-06-17 14:21:37 +01:00
Chris Smowton
bd7b7c06b5 Add AstNode.getCanonicalQlClass and use it in PrintAst 
This gives those classes satisfied by an AstNode that are considered useful for developer understanding, cf. getAQlClass which returns all satisfied classes and hides overridden ones, even if they are interesting.
 2020-06-17 13:47:23 +01:00
Owen Mansel-Chan
f926808c8a Address review comments 2020-06-17 10:11:41 +01:00
Sauyon Lee
4f3854c052 ReflectedXSS: Ignore whitespace for HTML content type detection 2020-06-17 00:28:02 -07:00
Chris Smowton
464773d99a Add initial implementation of PrintAST for Go 
Known shortcomings:

* Uses getAQlClass rather than tagging AST nodes with a canonical class, as the C++ version of the same query does
* Types and go.mod lines are not printed informatively (typically we just get a short description of the node kind, e.g. 'function type')
* Children are always named for their child indices; we should give informative names to the edges where an accessor is declared (e.g. IfStmt names its children 'init', 'cond', 'if', 'else')
 2020-06-16 17:21:56 +01:00
Owen Mansel-Chan
336eba1be4 Add Hash.Write and similar as sanitizers 2020-06-16 12:48:43 +01:00
Sauyon Lee
1853e990a3 ReflectedXss: Allow regexp to match newlines 2020-06-16 00:43:12 -07:00
Owen Mansel-Chan
f27ecdabb8 Set precision to high 2020-06-15 17:42:19 +01:00
Owen Mansel-Chan
4f6ce61de2 Move EmailInjection query out of experimental 2020-06-15 17:42:19 +01:00
Max Schaefer
a88bf4c9fa Merge pull request #177 from sauyon/whitelist 
Use allow or allowlist instead of whitelist
 2020-06-13 19:44:51 +01:00
Sauyon Lee
66f733d798 Use allow or allowlist instead of whitelist 2020-06-12 09:16:41 -07:00
Owen Mansel-Chan
282b8cb9e4 Merge pull request #175 from owen-mc/array-slice-literal 
Add classes for array and slice literals
 2020-06-12 12:12:02 +01:00
Owen Mansel-Chan
e6217d90d7 Provide better strings for map and struct literals 2020-06-12 11:23:58 +01:00
Owen Mansel-Chan
e9c2958095 Add classes for array and slice literals 2020-06-12 10:40:13 +01:00
Max Schaefer
47804d68c7 Merge pull request #176 from max-schaefer/update-data-flow 
Data flow: Allow nodes to be hidden from path explanations
 2020-06-12 07:23:15 +01:00
Owen Mansel-Chan
f11b956583 Add a superclass for literals (#172) 2020-06-11 19:53:40 +01:00
Owen Mansel-Chan
c891d22f74 Make ArrayTypeExpr and so on extend TypeExpr 
To avoid a recursive definition, need to replace ArrayTypeExpr with@arraytypeexpr and so on in isTypeExprBottomUp(Expr e).
 2020-06-11 11:06:15 +01:00
Max Schaefer
c6537f6d3b Data flow: Allow nodes to be hidden from path explanations 
cf https://github.com/github/codeql/pull/3657
 2020-06-11 09:59:40 +01:00
Max Schaefer
24e2a294ed Merge pull request #169 from max-schaefer/rc/1.24 
Merge rc/1.24 into master
 2020-06-11 09:15:28 +01:00
Max Schaefer
d8f1873635 Merge branch 'master' into rc/1.24 2020-06-11 08:10:22 +01:00
Owen Mansel-Chan
c30893aba7 Add AST class reference (#164) 2020-06-10 15:59:48 +01:00
Max Schaefer
1342d8688e Autoformat. 2020-06-09 17:38:18 +01:00