codeql

mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00

Author	SHA1	Message	Date
Sauyon Lee	ae96bd88bc	Merge pull request #239 from max/virtual-dispatch Call-graph API cleanup	2020-02-10 15:05:13 -08:00
Max Schaefer	acd27cdee6	Merge pull request #238 from sauyon/semmle-to-github Rename the go module to github.com/github/codeql-go	2020-02-10 21:02:05 +00:00
Max Schaefer	6aa0d631dd	Address review comments.	2020-02-10 20:59:13 +00:00
Sauyon Lee	677ed6ebf4	Fix tests to use codeql-go repository name	2020-02-10 11:00:01 -08:00
Sauyon Lee	5417102c37	Rename the go module to github.com/github/codeql-go	2020-02-10 11:00:00 -08:00
Max Schaefer	d6f3005e0e	Merge branch '235-head'	2020-02-07 20:12:47 +00:00
Sauyon Lee	1a21c14f2f	Remove build ignore from HardcodedCredentials example	2020-02-07 03:13:14 -08:00
Sauyon Lee	e4d228fa0f	Fix CleartextStorage tests	2020-02-07 03:13:13 -08:00
Sauyon Lee	6300fdf85e	Remove accidentally added CleartextStorage tests	2020-02-07 03:13:12 -08:00
Sauyon Lee	559ac8f0d2	Fix squirrel test build	2020-02-07 03:12:19 -08:00
Max Schaefer	72de4728a2	Suppress unhelpful magic.	2020-02-07 11:09:33 +00:00
Max Schaefer	69edfe08df	Make regular expression for format strings more precise.	2020-02-07 11:05:44 +00:00
Max Schaefer	8b0d271717	Locally resolve calls to function expressions.	2020-02-07 11:05:44 +00:00
Max Schaefer	f6305f019d	Minor refactoring.	2020-02-07 11:05:44 +00:00
Max Schaefer	46a8f8c8ed	Remove `Function.getACallExpr`.	2020-02-07 11:05:44 +00:00
Max Schaefer	39b7272241	Teach `Function.getACall` to take virtual dispatch into account.	2020-02-07 11:05:44 +00:00
Max Schaefer	84002f585e	Remove `CallExpr.getACallee()`.	2020-02-07 11:05:44 +00:00
Max Schaefer	cf0e38b22c	Move virtual dispatch resolution from `CallExpr` to `CallNode` and generalise it very slightly.	2020-02-07 11:05:44 +00:00
Max Schaefer	253a394ae0	Make CallNode.getCalleeName() more robust to missing type information.	2020-02-07 11:05:44 +00:00
Max Schaefer	93a84684a5	Remove predicate `CallExpr.calls`. This sort of reasoning should be done at the data-flow level.	2020-02-07 11:05:44 +00:00
Max Schaefer	9400442bea	Add call graph test. This test uses annotations to encode the expected output directly into the source, hence the `.expected` files are trivial.	2020-02-07 11:05:41 +00:00
Sauyon Lee	5dbebe44f5	Package tests: also select raw database path	2020-02-07 02:25:26 -08:00
Sauyon Lee	2cb61911c3	Package tests: Limit to specific packages	2020-02-07 02:23:28 -08:00
Sauyon Lee	9a9561bb12	Remove vendored path prefix of vendored packages	2020-02-07 02:17:54 -08:00
Sauyon Lee	c94f5dafb3	Merge pull request #237 from Semmle/go-build-env-windows Fix extractor build on Windows.	2020-02-06 09:06:33 -08:00
Max Schaefer	d18eb9717a	Fix environment setup on Windows.	2020-02-06 14:28:16 +00:00
Max Schaefer	61ee9a45ca	Merge pull request #234 from sauyon/reflectedxss-fixes ReflectedXss: Remove FPs from constant prefix Fprintfs	2020-02-06 09:22:44 +00:00
Sauyon Lee	39f5376eed	ReflectedXss: Add change note for Fprintf FPs	2020-02-05 19:07:42 -08:00
Sauyon Lee	0dca13a5d9	Address review comments	2020-02-04 11:13:41 -08:00
Sauyon Lee	87865afa42	ReflectedXss: Remove FPs from constant prefix Fprintfs	2020-02-03 16:00:33 -08:00
Sauyon Lee	3c88eab84c	Merge pull request #229 from max/string-break Add query to find unsafe quoting	2020-02-03 09:47:36 -08:00
Max Schaefer	af3d91ffd3	Add query StringBreak.	2020-02-03 09:01:40 +00:00
Max Schaefer	63ca382a0c	Reorganise modelling of string concatenation.	2020-02-03 09:01:40 +00:00
Sauyon Lee	da2924251b	Merge pull request #230 from max/remove-deprecated-flow-predicates Remove deprecated flow predicates.	2020-01-30 11:29:05 -08:00
Max Schaefer	3afce956ab	Remove deprecated flow predicates.	2020-01-30 11:45:19 +00:00
Max Schaefer	69a91b537f	Add change note for autobuilder changes https://git.semmle.com/Semmle/go/pull/210 did not include a change note.	2020-01-30 11:36:23 +00:00
Max Schaefer	ef60f1cbf7	Merge pull request #210 from sauyon/autobuilder-run-make autobuilder: run build if relevant files exist	2020-01-29 16:32:43 +00:00
Max Schaefer	8bb769b4f9	Merge pull request #228 from sauyon/codeql-test Makefile: Make extractor-common extractor target	2020-01-29 09:23:53 +00:00
Max Schaefer	be183596c8	Merge pull request #211 from sauyon/open-redirect-fps OpenUrlRedirect: resolve some FPs	2020-01-29 09:18:07 +00:00
Sauyon Lee	7676a56af6	Makefile: Make extractor-common extractor target	2020-01-28 14:38:15 -08:00
Sauyon Lee	41d04f3d96	Revert "Add DataFlow2" This reverts commit 6a0203f33303847d9e7006ca67b1dba31428748b.	2020-01-28 13:01:37 -08:00
Sauyon Lee	478f906d7a	HTTP: Use Field.getQualifiedName in UserControlledRequestField Also autoformat.	2020-01-28 13:01:36 -08:00
Sauyon Lee	d2e5322b94	Apply review comments	2020-01-28 13:01:35 -08:00
Sauyon Lee	3eee780fdd	TaintTracking: minor functionNodeStep call improvement Co-Authored-By: Max Schaefer <max@semmle.com>	2020-01-28 13:01:34 -08:00
Sauyon Lee	9af436566f	OpenUrlRedirect: Use a data-flow configuration to track whole URLs	2020-01-28 13:01:33 -08:00
Sauyon Lee	a2b5bb85ab	OpenUrlRedirect: Fix test compilation	2020-01-28 13:01:19 -08:00
Sauyon Lee	e17f548780	Add DataFlow2	2020-01-28 12:59:47 -08:00
Sauyon Lee	30d2fb0b7f	TaintTracking: Make functionModelStep take a FunctionModel This makes using only some function models easier.	2020-01-28 12:59:46 -08:00
Sauyon Lee	260b33be7e	OpenUrlRedirect: Add untrusted methods Also use more up-to-date data-flow APIs	2020-01-28 12:59:45 -08:00
Sauyon Lee	abfdd7ee1e	OpenUrlRedirect: make functions like isValidRedirect barrier guards	2020-01-28 12:59:44 -08:00

1 2 3 4 5

219 Commits