hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 02:00:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,929 Commits 1,673 Branches 157 Tags
b359802dd43893f04db45cbe4f557d96e449ec7d
Commit Graph

16929 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
luchua-bc
b359802dd4 Replace non-ASCII apostrophe in Java stub classes 2020-10-15 14:53:32 +01:00
luchua-bc
6f6ec9d51a Change the source class type and simplify the data-flow step 2020-10-15 14:53:32 +01:00
luchua-bc
f5e9690594 Update the doc comments 2020-10-15 14:53:32 +01:00
luchua-bc
c7750fd8c2 Fine tune the query 2020-10-15 14:53:32 +01:00
luchua-bc
5338332648 Enhance the query and add more test cases 2020-10-15 14:53:31 +01:00
luchua-bc
55af37312b Text changes to the help file 2020-10-15 14:53:31 +01:00
luchua-bc
ebc2bd9a58 Text changes to the help file 2020-10-15 14:53:31 +01:00
luchua-bc
bd0c577ffd Unsafe resource loading in Android webview 2020-10-15 14:53:30 +01:00
James Fletcher
b05cc2eafd Merge pull request #4475 from github/banner-template 
[CodeQL docs] Update footer in Sphinx template
 2020-10-15 14:39:52 +01:00
James Fletcher
fb05f02489 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-15 14:24:28 +01:00
CodeQL CI
ab7d28b3fb Merge pull request #4482 from RasmusWL/promote-script 
Approved by tausbn
 2020-10-15 06:15:55 -07:00
Geoffrey White
1b8d14077a Merge pull request #4481 from rvermeulen/patch-1 
C++: Fix qldoc for getIncludeText
 2020-10-15 13:00:33 +01:00
Rasmus Wriedt Larsen
43cee8567c Python: Add script to promote experimental security queries 2020-10-15 13:25:01 +02:00
Tamás Vajk
e62c9b1382 Merge pull request #4472 from tamasvajk/feature/cleanup-3 
C#: Change public fields to properties
 2020-10-15 12:16:53 +02:00
Tom Hvitved
36f6e97cad Merge pull request #4371 from hvitved/csharp/library-flow-refactor 
C#: Reimplement flow-summary compilation
 2020-10-15 11:56:32 +02:00
Remco Vermeulen
7848c5f54d Fix qldoc for getIncludeText 
The '<' was HTML encoded for some reason.
 2020-10-15 11:49:18 +02:00
Taus
c8b93148a2 Merge pull request #4424 from RasmusWL/python-model-python2-specific-command-execution 
Python: model Python 2 specific command execution
 2020-10-15 10:52:43 +02:00
Anders Schack-Mulligen
60ce02ac18 Merge pull request #4469 from JLLeitschuh/additional-file-taint 
Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile
 2020-10-15 10:46:35 +02:00
Tom Hvitved
8728017328 C#: Increase fieldFlowBranchLimit in test 
68014fd3bf means that more accessors are properly
extracted, and consequently the calls to `get_Item` in the test have more dispatch
targets. Increasing `fieldFlowBranchLimit` makes the test pass again.
 2020-10-15 10:40:19 +02:00
Rasmus Wriedt Larsen
c5810d623b Merge pull request #4474 from tausbn/python-fix-tostring-divergence 
Python: Fix divergence in tuple/subscripted type `toString`
 2020-10-15 10:29:33 +02:00
Rasmus Wriedt Larsen
ce967e1249 Merge branch 'main' into python-model-python2-specific-command-execution 2020-10-15 10:00:02 +02:00
james
98d8ec488e add banner to sphinx template 2020-10-14 20:09:19 +01:00
Taus
466c22f4a8 Merge pull request #4435 from RasmusWL/python-port-code-injection 
Python: port code injection query
 2020-10-14 16:41:42 +02:00
Taus Brock-Nannestad
f8190feef2 Python: Fix divergence in tuple/subscripted type toString 
A slightly more complicated version of the situation in
https://github.com/github/codeql/pull/2507 could cause the `toString`
calculation to diverge. Although the previous PR took tuples nested
inside tuples into account (and subscripted types cannot be nested
inside each other in our modelling), it did not account for having
this nesting be interleaved, and this is what caused the divergence.

I have not done the usual "test case first to show the problem
exists", since this would also diverge and take forever to fail. The
instance observed in `scipy` was likely caused by something akin to

```python
x = ()
while True:
    x = x[(x,)]
```

Finally, to prevent this from happening with other types, I went
through and checked each instance where the string representation of
an `ObjectInternal` might potentially contain a reference to
itself (and thus explode). I encapsulated this in a
`bounded_toString` helper predicate, and used this in all the cases
where I was able to determine that the above _could_ happen.
 2020-10-14 16:13:03 +02:00
yoff
5f6f85c998 Merge pull request #4465 from tausbn/python-remove-essa-flow 
Python: Remove flow between ESSA variables
 2020-10-14 15:37:39 +02:00
Tamas Vajk
5a91736b7a C#: Change public fields to properties 2020-10-14 14:44:01 +02:00
Rasmus Wriedt Larsen
5db4f906d0 Merge branch 'main' into python-port-code-injection 2020-10-14 14:22:02 +02:00
Tom Hvitved
91806da2fa C#: Address review comments 2020-10-14 14:15:34 +02:00
Tom Hvitved
5d1a5920c7 C#: Reimplement flow-summary compilation 2020-10-14 14:15:34 +02:00
Tom Hvitved
444e607338 C#: Add missing flow through library code using params arguments 2020-10-14 14:15:34 +02:00
Tom Hvitved
f2dc2d912a C#: Add inter-procedural data-flow test for StringBuilder 2020-10-14 14:15:34 +02:00
Taus
92ccb795fd Merge pull request #4415 from RasmusWL/python-flask-routed-parameter 
Python: Add support for routed parameters in flask
 2020-10-14 13:29:51 +02:00
Rasmus Wriedt Larsen
1fde477a8f Python: Refactor argument matching 2020-10-14 13:22:35 +02:00
Rasmus Wriedt Larsen
680a6eb2a6 Python: Refactor argument matching (more) 2020-10-14 13:21:04 +02:00
Rasmus Wriedt Larsen
61ecec7d17 Merge pull request #4467 from tausbn/python-fix-import-type-tracking 
Python: Fix unwanted module type tracking
 2020-10-14 13:08:57 +02:00
yoff
27f474f0e9 Merge pull request #4429 from RasmusWL/python-model-invoke 
Python: model invoke library
 2020-10-14 12:13:35 +02:00
Taus Brock-Nannestad
f3c07e3849 Python: Fix up import helper tests 2020-10-14 11:58:14 +02:00
Tamás Vajk
8127d9b93e Merge pull request #4404 from tamasvajk/feature/cleanup-2 
C# extractor code cleanup
 2020-10-14 11:02:40 +02:00
Rasmus Wriedt Larsen
b0cfa1d92d Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:53:18 +02:00
Rasmus Wriedt Larsen
bfa5d18476 Python: Use new importNode 2020-10-14 10:49:38 +02:00
Rasmus Wriedt Larsen
7d600e4e8e Merge branch 'main' into python-port-code-injection 2020-10-14 10:48:38 +02:00
Rasmus Wriedt Larsen
4d9d2155fc Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:44:58 +02:00
Rasmus Wriedt Larsen
b0e79890e6 Python: Use new importNode 2020-10-14 10:43:22 +02:00
Rasmus Wriedt Larsen
4597ba64d0 Merge branch 'main' into python-model-invoke 2020-10-14 10:41:37 +02:00
Rasmus Wriedt Larsen
eff47457bf Python: Refactor argument matching 2020-10-14 10:37:38 +02:00
Rasmus Wriedt Larsen
2ea71f574c Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:37:37 +02:00
Rasmus Wriedt Larsen
2e30f58aa2 Python: Use new importNode 2020-10-14 10:37:36 +02:00
Rasmus Wriedt Larsen
ecf70c5f30 Merge branch 'main' into python-model-python2-specific-command-execution 2020-10-14 10:36:43 +02:00
Rasmus Wriedt Larsen
74bd045488 Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:24:46 +02:00
Rasmus Wriedt Larsen
ba158f3317 Python: Use new importNode 2020-10-14 10:17:35 +02:00