hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
309 Commits 1,684 Branches 159 Tags
bcb9ce2498d52214ca4fde9bab8a6b415c350eff
Commit Graph

309 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
bcb9ce2498 Add another test for StringBreak. 2020-03-06 17:35:50 +00:00
Max Schaefer
bf6865b96a Add model of ioutil.ReadAll 2020-03-06 17:35:50 +00:00
Max Schaefer
f599243a34 Conflate references and referents more thoroughly in taint tracking. 2020-03-06 17:35:50 +00:00
Max Schaefer
3a7910da5a Introduce (un-)marshaling functions as a concept and instantiate it with the functions in encoding/json. 2020-03-06 10:07:54 +00:00
Max Schaefer
9bcbfb2911 Fix flow step from global functions to their use. 
How does anything work.
 2020-03-06 09:41:35 +00:00
Max Schaefer
a7ecb50a34 Add taint-tracking model for append. 2020-03-06 09:41:35 +00:00
Max Schaefer
4f061005cb Add a taint-tracking model for copy. 2020-03-06 09:41:35 +00:00
Max Schaefer
3f8d2117d8 Introduce post-update nodes for arguments with a mutable type. 2020-03-06 09:41:35 +00:00
Max Schaefer
b99c63d180 Factor out an auxiliary predicate. 2020-03-06 09:41:35 +00:00
Max Schaefer
af2c7aae5d Don't rely on flow through function models in definition of PostUpdateNode. 2020-03-06 09:41:35 +00:00
Max Schaefer
185d0910c3 Sharpen stringConcatStep to exclude addition. 2020-03-06 09:41:35 +00:00
Max Schaefer
b8338896be Merge pull request #33 from sauyon/extract-go-mod 
Add extraction for go.mod files
 2020-03-05 09:38:21 +00:00
Sauyon Lee
f2358a0a86 Find all go.mod files before extraction 2020-03-04 16:08:55 -08:00
Sauyon Lee
cca762dbc0 gomodextractor.go: Emit pseudo comment groups to table 2020-03-04 06:26:44 -08:00
Sauyon Lee
e75497ed3b update stats sha and stats 2020-03-04 06:26:43 -08:00
Sauyon Lee
db4efd6124 Add support for extracting go.mod files 2020-03-04 06:26:42 -08:00
Sauyon Lee
89caafb0e1 labels.go: Make label generation slightly more uniform 2020-03-04 06:21:20 -08:00
Sauyon Lee
70e916376c labels.go: Make LocalID more generic 2020-03-04 06:21:19 -08:00
Sauyon Lee
a403d60acc Add go mod dependency 
Also update tools dependency to latest master
 2020-03-04 06:21:18 -08:00
Sauyon Lee
66a3d40348 Fix typos in tables.go 2020-03-04 06:21:17 -08:00
Sauyon Lee
d694d59757 Merge pull request #44 from max-schaefer/remove-uniqueness 
Remove a mistaken uniqueness annotation.
 2020-03-04 06:20:58 -08:00
Max Schaefer
1ae0dd46ec Clarify method identity. 2020-03-04 12:53:37 +00:00
Max Schaefer
6a3730ead2 Merge pull request #43 from sauyon/phony-testdb 
Makefile: make testdb target phony
 2020-03-04 12:08:09 +00:00
Sauyon Lee
c3b57e4e74 Makefile: make testdb target phony 2020-03-04 03:27:11 -08:00
Max Schaefer
264478f4b8 Remove a mistaken uniqueness annotation. 2020-03-04 10:34:55 +00:00
Sauyon Lee
5e71a04fdf Merge pull request #42 from max-schaefer/experimental-guidelines 
Add guidelines for experimental CodeQL queries and libraries.
 2020-03-02 10:22:41 -08:00
Sauyon Lee
2dc42b8814 Merge pull request #41 from max-schaefer/interface-embedding 
Fix `NamedType.getMethod` to take interface embedding into account.
 2020-03-02 10:21:24 -08:00
Max Schaefer
56e07356fc Update ql/test/experimental/README.md 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-03-02 10:20:07 +00:00
Max Schaefer
cef017071f Move guidelines into ql folder. 2020-03-02 09:23:06 +00:00
Max Schaefer
2629f55d95 Add guidelines for experimental CodeQL queries and libraries. 2020-02-28 14:43:00 +00:00
Max Schaefer
90f1a7da75 Fix NamedType.getMethod to take interface embedding into account. 2020-02-28 10:37:14 +00:00
Max Schaefer
2eba7dee6f Add new table methodhosts associating interface methods with named types. 
In particular, methods from embedded interfaces will be associated with the same named type as those from the outer interface, even though their receiver types may be different.
 2020-02-28 10:24:04 +00:00
Max Schaefer
6dfd5fd934 Extend Types tests to cover interfaces. 2020-02-28 10:22:59 +00:00
Sauyon Lee
545379c050 Merge pull request #40 from max-schaefer/phonify-extractor 
Make extractor targets phony.
 2020-02-27 09:53:27 -08:00
Max Schaefer
7148b66d31 Make extractor targets phony. 2020-02-27 12:32:05 +00:00
Max Schaefer
a52e33ecc0 Merge pull request #38 from sauyon/use-text 
.gitattributes: Use -text instead of binary
 2020-02-27 08:27:31 +00:00
Sauyon Lee
8e909a49e9 .gitattributes: Use -text instead of binary 
Also only add attributes to go files under the ql directory
 2020-02-27 00:23:56 -08:00
Sauyon Lee
fe4003fc69 Merge pull request #37 from max-schaefer/clarify-field-identity 
Clarify field identity
 2020-02-26 11:49:29 -08:00
Max Schaefer
9bf5a31351 Clarify field identity. 
Like-named fields declared in identical types are identical. This can be a little confusing, since such fields will have multiple declarations and multiple locations, so it's worth calling out explicitly in the documentation.
 2020-02-26 10:10:47 +00:00
Sauyon Lee
b931539f68 Merge pull request #36 from max-schaefer/remove-unused-predicate 
Remove an unused predicate.
 2020-02-25 09:40:42 -08:00
Max Schaefer
34c66c4245 Remove an unused predicate. 2020-02-25 10:46:09 +00:00
Sauyon Lee
7a918efbf8 Merge pull request #34 from max-schaefer/receiver-flow 
Propagate data flow through receivers
 2020-02-24 23:58:28 -08:00
Sauyon Lee
836146a3bf Merge pull request #35 from max-schaefer/field-package 
Make `Field.getPackage()` behave sensibly.
 2020-02-24 23:52:02 -08:00
Max Schaefer
0f99842f34 Make Field.getPackage() behave sensibly. 
Previously it was never defined, now it gives you the package of the type the field is declared in. This means we have to override `Field.hasQualifiedName/2` to avoid a field `f` in a package `pkg` being considered to have qualified name `pkg.f`.
 2020-02-24 12:14:51 +00:00
Max Schaefer
5fbae15d0e Don't track receivers into virtual calls. 2020-02-24 09:56:09 +00:00
Max Schaefer
d1e020f74d Treat receiver variables as parameters. 
The inter-procedural data-flow libraries expects this to be the case, but I actually never got round to implementing it.
 2020-02-24 09:56:09 +00:00
Max Schaefer
77613a38c5 Add test, which does not work yet. 2020-02-24 09:55:42 +00:00
Sauyon Lee
4d58ebbae6 Merge pull request #32 from max-schaefer/update-data-flow 
Port recent data-flow improvements
 2020-02-21 09:45:14 -08:00
Sauyon Lee
bfbd08c51d Merge pull request #31 from max-schaefer/string-break-source 
Sharpen the sources for `StringBreak`.
 2020-02-21 09:35:58 -08:00
Max Schaefer
6251f1141c Simplify getACallee(). 2020-02-21 11:14:35 +00:00