hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,094 Commits 1,684 Branches 159 Tags
aed3ef4cde3fe706c8040a5a545926c7091dbda8
Commit Graph

1094 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
aed3ef4cde Improve performance of new barrier guard 
Some projects on lgtm were taking >1 hour, and with this commit they take
<10 minutes
 2020-08-24 16:18:08 +01:00
Owen Mansel-Chan
dbf1d24e19 Add new barrier guard for second half of path 2020-08-20 11:37:07 +01:00
Owen Mansel-Chan
35e336fe96 Add tests for sanitizers and sanitizer guards 2020-08-19 15:36:48 +01:00
Owen Mansel-Chan
17b3d56195 Remove unnecessary string concat 2020-08-19 15:36:48 +01:00
Chris Smowton
1e7bbcc23a Merge pull request #290 from sauyon/openredirect-uri 
Open URL Redirect: make isValidURI and the like sanitizers
 2020-08-18 10:07:43 +01:00
Sauyon Lee
5b9fb2a28b openurlredirect: make isValidURI and the like sanitizers 2020-08-17 10:45:46 -07:00
Chris Smowton
c07db2a373 Merge pull request #289 from smowton/gorand 
(admin) Slightly cleaned up version of Insufficient Randomness
 2020-08-17 12:00:26 +01:00
dilanbhalla
986f3c3084 Add experimental query detecting use of an insecure PRNG in a cryptographic context 2020-08-17 10:52:36 +01:00
Max Schaefer
d675daa1d1 Merge pull request #284 from dilanbhalla/gocrypto 
Adding Crypto Query/Library
 2020-08-14 12:00:18 +01:00
dilanbhalla
a58070f920 fixed build test error 2020-08-14 01:56:30 -07:00
dilanbhalla
7f980a4901 pr fixes 2020-08-14 00:45:08 -07:00
Max Schaefer
fe6cf8c625 Merge pull request #275 from owen-mc/incorrect-integer-conversion 
Incorrect integer conversion
 2020-08-13 20:19:47 +01:00
Owen Mansel-Chan
951d59752a Address review comments 7 2020-08-13 18:22:58 +01:00
dilanbhalla
40d3f22193 fixing commit error 2020-08-12 10:49:11 -07:00
Owen Mansel-Chan
2e60d40ccd Address review comments 6 2020-08-12 17:07:29 +01:00
Owen Mansel-Chan
69212b9ad9 Deal with build constraints 
Note that build constraints can be explicit (comments at the top of the
file) or implicit (part of the file name)
 2020-08-12 17:07:29 +01:00
dilanbhalla
37eca95d44 restructured library 2020-08-11 23:53:50 -07:00
dilanbhalla
79002b0c38 pr fixes 2020-08-11 10:34:45 -07:00
Owen Mansel-Chan
08d9af1bd7 Merge pull request #280 from owen-mc/negative-length-check-unsigned 
Extend negativeLengthCheck query to unsigned integers
 2020-08-11 11:59:24 +01:00
Owen Mansel-Chan
1e0b9cc6a3 Address review comments 5 2020-08-11 10:57:02 +01:00
Owen Mansel-Chan
97bbdca8a3 Extend negativeLengthCheck query to unsigned integers 
Like return values from len and cap, unsigned integers are never negative
 2020-08-11 10:48:03 +01:00
dilanbhalla
2ee654d643 attempting to fix autoformat build error 2020-08-11 01:07:53 -07:00
Max Schaefer
117fd686c4 Merge pull request #276 from gagliardetto/standard-lib-pt-3 
Add taint tracking for the compress/* packages
 2020-08-11 07:56:45 +01:00
Max Schaefer
cb5c596ab6 Merge pull request #283 from github/rc/1.25 
Merge rc/1.25 into main
 2020-08-11 07:51:17 +01:00
Owen Mansel-Chan
c7a8730c40 Improve tests of paths with more than one sink 2020-08-11 07:24:58 +01:00
Owen Mansel-Chan
4907f6529e Address review comments 4 2020-08-11 07:24:58 +01:00
dilanbhalla
4433f193f9 pr fixes for typo and qldoc 2020-08-10 16:06:02 -07:00
dilanbhalla
7ce9e976c2 removing precision tag 2020-08-10 12:06:10 -07:00
dilanbhalla
95342cdea7 adding go crypto library 2020-08-10 11:56:41 -07:00
Owen Mansel-Chan
ed469a355e Fix mistake in test 2020-08-10 17:32:49 +01:00
Max Schaefer
097775bf64 Merge pull request #282 from sauyon/tomain 
Fix one use of master in README
 2020-08-10 17:03:22 +01:00
Max Schaefer
61f4d8ddfc Merge pull request #278 from max-schaefer/fix-upgrade-performance 
Improve performance of upgrade script
 2020-08-10 17:01:49 +01:00
Max Schaefer
d31b4d262f Merge pull request #281 from max-schaefer/has_ellipsis 
Teach extractor to distinguish calls with an ellipsis from calls without
 2020-08-10 16:51:38 +01:00
Owen Mansel-Chan
30f176246a Address review comments 3 2020-08-10 15:21:20 +01:00
Max Schaefer
6d35c60acb Add pragma to prevent accidental inlining. 2020-08-10 14:51:28 +01:00
Max Schaefer
2ef421255a Add a clarifying comment. 2020-08-10 14:49:19 +01:00
Max Schaefer
9385857c39 Add a regression test. 2020-08-10 14:48:13 +01:00
Owen Mansel-Chan
89eae10d96 Address review comments 2 2020-08-10 11:07:44 +01:00
Owen Mansel-Chan
4bfb2b4138 Address review comments 1 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
681ca9065a Add change note 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
06d1eb9bdb Add tests for incorrect integer conversion 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
329888e62c Add query for incorrect integer conversion 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
34fa07267b Add modeling to Stdlib.qll 
Adds classes for some integer-parsing functions and a constant from
strconv, plus a class for calls to integer-parsing functions.
 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
ac49aa2527 Delete experimental query and tests for it 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
3a6aa58e48 Fix typo in QLDoc 2020-08-10 11:04:25 +01:00
Max Schaefer
c2a26f8ec9 Don't allow varargs as function outputs. 
In a call of the form `f(xs...)`, when we say that `f` taints its 0th argument its ambiguous whether that means that it taints the slice `xs` or its 0th element `xs[0]`.

In practice, it's usually the latter, but we have no way of expressing that using our current `FunctionOutput` implementation.
 2020-08-10 07:30:23 +01:00
Max Schaefer
bdfd1d131f Teach extractor to record the presence of an ellipsis in a call expression. 2020-08-10 07:30:23 +01:00
Sauyon Lee
0b97e486a2 Fix one use of master in README 2020-08-07 08:49:57 -07:00
Max Schaefer
97291e4c41 Merge pull request #279 from github/rc/1.25 
Merge rc/1.25 into master
 2020-08-06 11:18:11 +01:00
Max Schaefer
75795d80c4 Improve performance of upgrade script. 2020-08-06 09:51:36 +01:00