hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
159 Commits 1,684 Branches 159 Tags
aa33595b0fbda445b7bcd3be7dd8d734331dec40
Commit Graph

53 Commits

Author SHA1 Message Date
Sauyon Lee
497bfeee83 BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity 2020-01-27 17:33:54 -08:00
Sauyon Lee
f897f68ead SsaWithFilds: Add a getQualifiedName predicate 2020-01-27 17:33:53 -08:00
Sauyon Lee
a31ad88fc9 BadRedirectSanitizer: Transition to using data-flow API 2020-01-27 17:33:53 -08:00
Sauyon Lee
aa28724f7c Add BadRedirectCheck query 2020-01-27 17:33:50 -08:00
Sauyon Lee
9c6aa80718 Move OpenUrlRedirect tests into their own directory 2020-01-27 17:33:49 -08:00
Max Schaefer
ebea811a83 Add example queries. 2020-01-24 10:26:59 +00:00
Sauyon Lee
2bd88d5b61 Merge pull request #225 from max/impossible-interface-nil-check-robustness 
Make ImpossibleInterfaceNilCheck more robust.
 2020-01-23 16:06:03 -08:00
Sauyon Lee
a6a8375ae5 Merge pull request #224 from max/make-implicit-deref-explicit 
Make implicit dereferences explicit
 2020-01-23 00:50:18 -08:00
Sauyon Lee
fe23f88468 Merge pull request #221 from max/cleanup 
Minor fixes
 2020-01-22 00:52:58 -08:00
Max Schaefer
fe56c207a3 Make ImpossibleInterfaceNilCheck more robust. 
It no longer flags alerts that may be simply caused by missing type information.
 2020-01-21 10:04:57 +00:00
Max Schaefer
baeae0f69c Add a few variants to test. 2020-01-21 09:56:59 +00:00
Max Schaefer
6671b61fd3 Model panic from out-of-bounds index expression. 2020-01-21 09:56:59 +00:00
Max Schaefer
a2879dc754 Model implicit dereferences in data flow. 2020-01-21 09:56:59 +00:00
Max Schaefer
ba9d2fb2eb Add IR instructions to model implicit pointer dereferences. 2020-01-21 09:56:59 +00:00
Max Schaefer
1d33a619d9 Add failing test case. 2020-01-20 20:46:12 +00:00
Sauyon Lee
471d843025 Merge pull request #222 from max/switch-guard-nodes 
Switch guard nodes
 2020-01-17 21:44:59 +00:00
Max Schaefer
2558e67c2b Give entities a location. 2020-01-17 13:08:43 +00:00
Max Schaefer
98c7c4a255 Autoformat. 2020-01-17 10:25:10 +00:00
Sauyon Lee
aa9489ea28 Merge pull request #218 from max/field-refs 
Fix handling of references to fields and methods
 2020-01-16 14:26:55 -08:00
Max Schaefer
b7a830593d Correctly create extract nodes for returns where we cannot infer the type of the returned expression, but know from context that it must be a tuple type. 2020-01-15 10:22:29 +00:00
Sauyon Lee
f32a785127 Merge pull request #217 from max/issue-24 
Switch RedundantExpr query back to using AST instead of global value numbering.
 2020-01-14 13:05:44 -08:00
Max Schaefer
3d508d44e7 Fix global value numbering. 2020-01-14 20:44:13 +00:00
Max Schaefer
2fdd45255c Add two new tests. 2020-01-14 17:06:42 +00:00
Max Schaefer
61976d8dea Fix code that does not account for the fact that Field is a subtype of ValueEntity. 2020-01-14 15:52:48 +00:00
Max Schaefer
efc72fa01a Remove Entity.getAUse() and replace uses with getAReference(). 
The former had result type `Ident`, so it wouldn't pick up references to methods and fields. Apart from that, it is subsumed by the latter anyway.
 2020-01-14 07:15:43 +00:00
Max Schaefer
36c620d1dd Add tests and change note. 2020-01-13 08:37:01 +00:00
Max Schaefer
384d21b0e9 Switch RedundantExpr query back to using AST instead of global value numbers. 
Most current alerts (https://lgtm.com/rules/1510380685982/alerts/), while technically correct, are likely intentional and harmless. This change keeps only the interesting ones: https://lgtm.com/query/2999122885894714237
 2020-01-10 14:46:54 +00:00
Max Schaefer
c60ddb0f7c Model Header.Get as a source of untrusted input. 2020-01-10 12:29:18 +00:00
Max Schaefer
1cafec56ad Add condition guard nodes for some switch statements. 
We now create condition guard nodes for `cond1` and `cond2` in

```
switch {
case cond1:
  s1
case cond2:
  s2
default:
  s3
}
```

to record the fact that `cond1` is known to be true at `s1` and false at `cond2`, and that `cond2` is known to be true at `s2` and false at `default`.
 2020-01-10 10:37:51 +00:00
Max Schaefer
e7514bf133 Add new test cases for CFG construction. 2020-01-09 17:20:39 +00:00
Max Schaefer
0d2fe473d7 Add IncompleteUrlSchemeCheck query. 2020-01-07 14:46:49 +00:00
Max Schaefer
9cff56b975 Rename StringConcatenation.qll to StringOps.qll and add HasPrefix class. 2020-01-07 14:46:49 +00:00
Max Schaefer
6f82310a9e Alert suppression through single-line /* */ style comments. 2020-01-02 14:34:11 +00:00
Max Schaefer
1df3585c92 Merge pull request #204 from Semmle/rc/1.23 
Merge rc/1.23 into master
 2019-12-11 10:28:00 +00:00
Max Schaefer
46c4670796 Make HardcodedCredentials query less noisy. 
Considering "cert" and "account" to be sensitive leads to a massive number of false positives, especially on cockroach and kubernetes.
 2019-12-10 14:14:36 +00:00
Sauyon Lee
10907c8b04 IncompleteHostnameRegexp: disallow unescaped dot before TLD 2019-12-09 08:47:17 -08:00
Sauyon Lee
bc8974d32d Merge pull request #201 from max/update-data-flow 
Update data flow and taint-tracking libraries
 2019-12-06 18:26:27 -08:00
Henning Makholm
7bc68c4302 Adapt Go tests to codeql test 
These changes make the tests work with the coming `codeql test` support.

The `queries.xml` file defines which extractor the `codeql test`
runner will use to extract databases for the tests. In the future one
will be able to write this information in `qlpack.yml`, but we can't
do that immediately because the _existing_ CodeQL tooling would refuse
to parse a `qlpack.yml` that has the new field in it.
 2019-12-06 18:27:47 +01:00
Max Schaefer
53f5e13af1 Update data-flow libraries. 
This brings `DataFlowImpl.qll` and `DataFlowImplCommon.qll` up-to-date with the other languages as of https://github.com/Semmle/ql/pull/2480.
 2019-12-06 12:14:53 +00:00
Max Schaefer
594824f19c Add test for handling of expressions without extracted type. 2019-12-06 09:21:55 +00:00
Shati Patel
e4346a17de Merge pull request #195 from max/impossible-interface-nil-check 
Add new query ImpossibleInterfaceNilCheck
 2019-11-27 11:15:05 +00:00
Max Schaefer
e5a12e9738 Add new query ImpossibleInterfaceNilCheck. 2019-11-26 20:28:53 +00:00
Max Schaefer
ee723d8a4f Fix DeadStoreOfField false positive. 
We should look into properly desugaring embedded types in the IR, but for now this workaround should suffice.
 2019-11-25 20:21:16 +00:00
Max Schaefer
adf9764085 Don't flag header injection as XSS. 
All results I have seen from this are uninteresting.
 2019-11-25 15:06:53 +00:00
Max Schaefer
e16a81cba9 Apply review suggestions. 2019-11-25 09:15:57 +00:00
Max Schaefer
1ff032d11e Add new query ConstantLengthComparison. 2019-11-22 20:55:14 +00:00
Sauyon Lee
4ea45dbf34 Use data-flow API in stringConcatStep 2019-11-21 23:48:23 -08:00
Max Schaefer
8cc60ba543 Add more codeql metadata files. 2019-11-14 10:35:21 +00:00
Max Schaefer
616d78e2a5 Teach CleartextLogging not to flag constant sources. 2019-11-13 14:25:32 +00:00
Max Schaefer
50cde34878 Merge pull request #181 from sauyon/hardcoded-sensitive 
HardcodedCredentials: Use SensitiveActions
 2019-11-13 09:21:45 +00:00