hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,854 Commits 1,671 Branches 157 Tags
c20b688a3fbd0054ada4b3bb13f7316ab7180c24
Commit Graph

1854 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sharad
c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
Taus
3cee874ee3 Merge pull request #536 from markshannon/python-more-shell-injection 
Python: Some additional sinks for command injection.
 2018-11-23 17:12:20 +01:00
yh-semmle
17b063f0b2 Merge pull request #473 from sb-semmle/add-properties-files-to-java-schema 
Add properties files to java schema
 2018-11-23 11:09:00 -05:00
yh-semmle
f4ec168666 Merge pull request #533 from aschackmull/java/inherit-bugfix-changenote 
Java: Add change note for #459.
 2018-11-23 10:53:44 -05:00
Mark Shannon
7f5d46b32f Python: Add change note for new sinks. 2018-11-23 14:30:57 +00:00
Mark Shannon
b94493aec3 Python: Add extra sinks for command-injection query. 2018-11-23 14:29:02 +00:00
Taus
ceb316df60 Merge pull request #527 from markshannon/python-security-change-note 
Collated python change notes
 2018-11-23 15:28:18 +01:00
Taus
61f5c2e834 Merge pull request #516 from markshannon/python-path-queries 
Python path queries
 2018-11-23 15:20:19 +01:00
Anders Schack-Mulligen
d24145831b Java: Add change note for #459. 2018-11-23 14:21:30 +01:00
Aditya Sharad
10dc183495 Merge pull request #512 from hvitved/csharp/autobuilder/dirs-proj 
C#: Recognize `.proj` files in autobuilder
 2018-11-23 13:18:04 +00:00
Mark Shannon
4f5cfbc336 Correct change for extractor logging levels. 2018-11-23 13:03:16 +00:00
Mark Shannon
95f1935eaa Python change notes: Merge in internal change notes. 2018-11-23 12:55:04 +00:00
semmle-qlci
04c2b23abd Merge pull request #520 from esben-semmle/js/clear-text-logging-taint-kinds 
Approved by asger-semmle
 2018-11-23 12:40:40 +00:00
Mark Shannon
61bd8682df Python: Improve API and representation of taint tracking nodes. Update queries and tests accordingly. 2018-11-23 12:32:14 +00:00
semmle-qlci
817456ee9f Merge pull request #529 from asger-semmle/js-line-map 
Approved by xiemaisi
 2018-11-23 12:00:17 +00:00
Anders Schack-Mulligen
a0d8888224 Merge pull request #531 from yh-semmle/java/deprecate-vcs 
Java: deprecate queries that use `VCS.qll`
 2018-11-23 11:59:17 +01:00
Geoffrey White
0a27022dd4 Merge pull request #523 from jbj/placement-new-never-freed 
C++: Detect non-allocating placement new in cpp/memory-never-freed
 2018-11-23 09:40:11 +00:00
Tom Hvitved
1939773684 C#: Address review comments 2018-11-23 09:32:12 +01:00
Tom Hvitved
c3ccdfa7f9 C#: Guard against cyclic inclusions in project files 2018-11-23 09:32:12 +01:00
Tom Hvitved
e4f68ae324 C#: Address review comments 2018-11-23 09:32:12 +01:00
Tom Hvitved
836daaf07b C#: Recognize .proj files in autobuilder 
When determining the target of `msbuild` or `dotnet build`, first look for `.proj`
files, then `.sln` files, and finally `.csproj`/`.vcxproj` files. In all three cases,
choose the project/solution file closest to the root.
 2018-11-23 09:32:12 +01:00
Tom Hvitved
b95d7e5302 C#: Move autobuilder into separate folder 2018-11-23 09:32:12 +01:00
Jonas Jensen
4ad59235d8 Merge pull request #524 from geoffw0/cpp-299 
CPP: Add (partial) dataflow to OverflowStatic.ql
 2018-11-23 08:46:07 +01:00
Sebastian Bauersfeld
4eabca6dde Update java schema to accommodate for key-value configuration files. 2018-11-22 19:08:43 -05:00
yh-semmle
1b84fceb3c Java: deprecate queries that use VCS.qll 2018-11-22 16:21:44 -05:00
semmle-qlci
816a94eaa9 Merge pull request #525 from jbj/uninit-badast-mergefix 
Approved by geoffw0, ian-semmle
 2018-11-22 21:05:54 +00:00
Asger F
b5008d8685 TS: only transfer offsets as part of the AST 2018-11-22 16:20:47 +00:00
Geoffrey White
cb609f4be0 CPP: Be conservative where there are multiple flow sources. 2018-11-22 15:50:13 +00:00
Geoffrey White
d57574e92c CPP: localFlowStep* -> localFlow. 2018-11-22 15:50:13 +00:00
Geoffrey White
16be502d61 CPP: Add change note. 2018-11-22 15:50:13 +00:00
Geoffrey White
ea56a5d9ce CPP: Add local dataflow to (one bit of) OverflowStatic.ql. 2018-11-22 15:49:13 +00:00
Geoffrey White
01ba635e1d CPP: Add some test cases involving dataflow. 2018-11-22 15:49:13 +00:00
Geoffrey White
dc224c5c94 Merge pull request #521 from felicity-semmle/cpp/update-qhelp 
C++: Update qhelp for consistency
 2018-11-22 15:31:34 +00:00
Pavel Avgustinov
b9a3a71406 Merge pull request #518 from jbj/vcs-deprecate-queries 
C++: Deprecate queries using VCS.qll
 2018-11-22 15:07:19 +00:00
semmle-qlci
472c0429b5 Merge pull request #526 from esben-semmle/js/flow-parsing-improvements 
Approved by xiemaisi
 2018-11-22 15:02:21 +00:00
Esben Sparre Andreasen
8c7ca38b8d JS(extractor): improve parser support for flowtype syntax 2018-11-22 14:09:09 +01:00
Jonas Jensen
da26b4f856 C++: Accept test changes for IR 
This test was failing due to a semantic merge conflict between #509,
which added `UninitializedInstruction`, and #517, which added new test
code that would get `UninitializedInstruction`s in it after merging with #509.
 2018-11-22 13:52:33 +01:00
Esben Sparre Andreasen
b780f82869 JS: sharpen js/clear-text-logging (ODASA-7485) 2018-11-22 13:38:43 +01:00
Mark Shannon
c01db23f58 Python: Fix up expected results of SqlInjection.ql 2018-11-22 11:05:09 +00:00
Mark Shannon
bfb7e17ebf Python: Move library to correct location. 2018-11-22 11:05:09 +00:00
Mark Shannon
f3fedcdf38 Python tests: Move security test stubs to correct location. 2018-11-22 11:05:09 +00:00
Mark Shannon
04e5b8927a Python tests: use a more accurate form os os.path.join() in test lib. 2018-11-22 11:05:09 +00:00
Mark Shannon
88d82017b3 Python: Convert stack-trace-exposure query to path-problem. 2018-11-22 11:05:08 +00:00
Mark Shannon
2a24723cc3 Python: Update test results for path queries. 2018-11-22 11:05:08 +00:00
Mark Shannon
722d89fc75 Upgrade taint-tracking security queries to path-problem queries. 2018-11-22 11:05:01 +00:00
Tom Hvitved
201f64ef8e Merge pull request #367 from calumgrant/cs/path-problems 
C#: Update all security queries to path-problems
 2018-11-22 12:02:11 +01:00
Mark Shannon
2ac2233e69 Add change note for enhance visibility of security alerts and conversion to path-queries. 2018-11-22 11:01:35 +00:00
Jonas Jensen
75873bb4a6 C++: Detect non-allocating placement new 
This adds a `NewOrNewArrayExpr.getPlacementPointer` predicate and uses
it in `Alloc.qll` to detect when a `new`-expression is not an
allocation.

User-defined replacements for `operator new` may not be allocations
either, but the code continues to assume that they are. It's possible
that we want to change this assumption in the future or leave it up to
individual queries to decide on which side to err. It's hard to
statically tell whether `operator new` has been overloaded in a
particular file because it can be overloaded by a definition that is not
in scope but is only linked together with that file.
 2018-11-22 11:31:19 +01:00
Felicity Chapman
8cad0b6ef1 Update qhelp for consistency 2018-11-22 10:25:41 +00:00
Jonas Jensen
a17debac3e C++: Placement-new tests for MemoryNeverFreed.ql 2018-11-22 10:48:18 +01:00