hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
20,105 Commits 1,741 Branches 165 Tags
cc72fc82f0fbc0780376db5d99eba549eb0f0f98
Commit Graph

20105 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
cc72fc82f0 Merge branch 'main' into flask-clean-models 2021-02-18 16:08:18 +01:00
Rasmus Wriedt Larsen
9a42f2fb26 Python: Add missing QLdoc for FlaskMethodViewClass 2021-02-18 16:07:47 +01:00
Rasmus Wriedt Larsen
bb2613b02b Python: Flask model now ready to be publicly exposed 
With a single call-out for a member-predicate that is only for internal use.
 2021-02-18 15:36:30 +01:00
Rasmus Wriedt Larsen
35876f1939 Python: Re-introduce Response::instance() in flask model 
We don't actually need it for anything right now, but I have plans for the
future where would need it.

Although it would be nice to have it as an `API::Node`, and we could re-write
implementations so we could provide it in this instance, I'm not convinced we
can do that in general right now.

For example, if <n'th> parameter of a function has to be modeled as belonging to
a certain type, I don't see any way to specify that as an API::Node.

For me, that's ok. Until we _can_ specify things like this as API::Nodes in the
future, I would like to keep things consistent, and use `DataFlow::Node` as the
result type.
 2021-02-18 15:22:16 +01:00
Rasmus Wriedt Larsen
141e2665ea Python: Align ViewClass naming with django 
Just as part of tyding up
 2021-02-18 15:10:21 +01:00
Rasmus Wriedt Larsen
19b7ea8d85 Python: Align flask taint modeling with rest of code 
This was a good time to do this, so we don't have 2 different ways of doing the
same thing.

I needed to do this to figure out if we should expose
`API::moduleImport("flask").getMember("request")` in a helper predicate or
not. I think I ended up using more refenreces to this in the end. Although it's
not unreasonable to let someone do this themselves, I also think it's reasonable
that we provide a helper predicate for this.
 2021-02-18 15:04:07 +01:00
Tamás Vajk
f3814c6468 Merge pull request #5144 from tamasvajk/feature/refactor-2 
C# Share entity base classes between CIL and source extraction
 2021-02-18 13:52:52 +01:00
Tamás Vajk
8e7a823b9a Merge pull request #5083 from raulgarciamsft/master 
Adding queries related to the Solorigate campaign
 2021-02-18 13:50:45 +01:00
Rasmus Wriedt Larsen
ba61099172 Python: flask.make_response as InstanceSource of flask.Response 2021-02-18 12:52:59 +01:00
Rasmus Wriedt Larsen
e3d530dbbc Python: Flask: Remove more type-tracking helper predicates 2021-02-18 12:13:47 +01:00
Rasmus Wriedt Larsen
e4ea5f25dc Python: Flask: Moderize app and blueprint 2021-02-18 12:09:37 +01:00
Rasmus Wriedt Larsen
7de488b987 Python: Flask: Moderize views 2021-02-18 12:05:56 +01:00
CodeQL CI
d94f20ff2f Merge pull request #5194 from RasmusWL/type-tracking-snippets 
Approved by tausbn
 2021-02-18 02:13:21 -08:00
Mathias Vorreiter Pedersen
88263cb89e Merge pull request #5114 from geoffw0/codeqltestdoc 
Documentation: Make our policy for copied example code clear and visible.
 2021-02-18 10:43:17 +01:00
CodeQL CI
8716cbd7ee Merge pull request #5140 from erik-krogh/mark 
Approved by asgerf
 2021-02-17 11:50:11 -08:00
Raul Garcia (MSFT)
cba9f421ad Changes to the Readme file 2021-02-17 10:05:22 -08:00
Erik Krogh Kristensen
4df85b44de Update javascript/change-notes/2021-02-10-markdown.md 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-17 18:30:31 +01:00
Cornelius Riemenschneider
ebcecca9f1 Merge pull request #5157 from geoffw0/modelsbsl2 
C++: Improve Iterator models
 2021-02-17 18:04:07 +01:00
CodeQL CI
a81592dbd1 Merge pull request #5111 from asgerf/js/angular-framework-note 
Approved by erik-krogh
 2021-02-17 08:48:00 -08:00
Taus
593a96ffbb Merge pull request #5182 from RasmusWL/update-supported-python-frameworks-docs 
Docs: Update list of support frameworks in Python
 2021-02-17 17:44:18 +01:00
CodeQL CI
3e1d2c3f81 Merge pull request #5198 from RasmusWL/revert-structure-change 
Approved by tausbn
 2021-02-17 08:36:04 -08:00
Rasmus Wriedt Larsen
4880350420 Python: Add a single missing QLDoc 2021-02-17 16:33:12 +01:00
Rasmus Wriedt Larsen
7afe3972d8 Revert "Merge pull request #5171 from RasmusWL/restructure-queries" 
This reverts commit 8caafb3710, reversing
changes made to ec79094957.
 2021-02-17 16:32:53 +01:00
Erik Krogh Kristensen
bc4ff813f3 Merge pull request #5193 from erik-krogh/aceLog 
JS: avoid cartesian product in isFilteredPropertyName
 2021-02-17 16:27:33 +01:00
Rasmus Wriedt Larsen
63a09fccdd Python: Use this = <...>.getACall() for DataFlow::CallCfgNode 
I think this reads a bit cleaner
 2021-02-17 14:43:48 +01:00
Taus
ce1d8ded22 Merge pull request #5192 from RasmusWL/framework-for-routed-params 
Python: Expose framework identifier for route-setup and request handler
 2021-02-17 13:19:43 +01:00
Rasmus Wriedt Larsen
0cdb5c48cf Python: Remove type-tracking snippets for framework modeling 
We won't need these anymore, since we can now use API graphs
 2021-02-17 13:14:23 +01:00
Rasmus Wriedt Larsen
a4de88d39c Python: Update type-tracking snippet 
based on what I learned in https://github.com/github/codeql/pull/5184
 2021-02-17 13:13:25 +01:00
Erik Krogh Kristensen
a03507a544 avoid cartesian product in isFilteredPropertyName 2021-02-17 13:12:35 +01:00
Mathias Vorreiter Pedersen
e0dca2be20 Merge pull request #5185 from MathiasVP/block-integral-types-in-cgixss-query 
C++: Add isBarrier to cpp/cgi-xss
 2021-02-17 12:44:45 +01:00
Rasmus Wriedt Larsen
eee49cde85 Merge pull request #5184 from tausbn/python-move-type-tracker-tests-to-source-nodes 
Python: Use `LocalSourceNode` in type tracker tests
 2021-02-17 12:13:47 +01:00
Taus
8caafb3710 Merge pull request #5171 from RasmusWL/restructure-queries 
Python: Restructure query file layout
 2021-02-17 12:09:32 +01:00
Geoffrey White
ec79094957 Merge pull request #5191 from MathiasVP/regression-test-const-member-function 
C++: Add test for missing flow due to const specifier
 2021-02-17 10:59:20 +00:00
Mathias Vorreiter Pedersen
25beadcb05 Update cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/search.c 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-02-17 11:54:24 +01:00
Geoffrey White
c07a60818c C++: Simplify IteratorAssignArithmeticOperator. 2021-02-17 10:49:28 +00:00
Mathias Vorreiter Pedersen
e1c4406fd4 Merge pull request #5187 from geoffw0/modelsbsl5 
C++: Support BSL in Allocation.qll, Deallocation.qll.
 2021-02-17 11:48:53 +01:00
Mathias Vorreiter Pedersen
6db75df943 Merge pull request #5186 from geoffw0/modelsbsl4 
C++: More models work
 2021-02-17 11:46:23 +01:00
Rasmus Wriedt Larsen
cf9ad0cdc5 Python: Move ExternalAPI queries back under Security 
This was raised as a question at review, and I don't really have a good enough
argument for moving it under POI. At the end of the day, they are _security_
related enough I guess :)
 2021-02-17 11:29:33 +01:00
Rasmus Wriedt Larsen
dec026a820 Python: Fix security qlref to have single empty line 2021-02-17 11:26:02 +01:00
Rasmus Wriedt Larsen
1adb510578 Python: Add a single missing QLDoc 2021-02-17 11:24:11 +01:00
Mathias Vorreiter Pedersen
1b148c4c90 C++: Add reduced testcase demonstrating the problem in codeql-c-analysis-team/issues/231. 2021-02-17 11:20:00 +01:00
Rasmus Wriedt Larsen
2927d888cf Python: Fix location of PathInjection tests 2021-02-17 11:20:00 +01:00
Mathias Vorreiter Pedersen
f5d5460dde C++: Fix testcase. 2021-02-17 10:53:31 +01:00
Erik Krogh Kristensen
408ac2729d Merge pull request #5066 from CaptainFreak/express-hbs-lfr 
JS: add query for Express-HBS LFR
 2021-02-17 10:41:38 +01:00
Anders Schack-Mulligen
5188ad1444 Merge pull request #5126 from smowton/smowton/feature/commons-stringutils 
Java: Add support for Apache Commons Lang StringUtils
 2021-02-17 09:48:22 +01:00
Rasmus Wriedt Larsen
d98aae9fc1 Python: Expose framework identifier for route-setup and req handler 
This makes collecting metrics on framework coverage a bit simpler (specifically
giving the RoutedParameter class a more descriptive result for getSourceType).

I guess it can also help a bit when trying to get an overview of a new DB, but
making metrics collection easier is my main motivation for this.
 2021-02-16 23:44:03 +01:00
Geoffrey White
3323683ab2 C++: Support BSL in Allocation.qll, Deallocation.qll. 2021-02-16 19:19:06 +00:00
Sauyon Lee
8db234f5f3 Merge pull request #5092 from github/sauyon-patch-1 
Add GoKit to Go supported library list
 2021-02-16 11:04:43 -08:00
Geoffrey White
d068ede65b Merge pull request #5180 from criemen/bsl-stdcontainer 
C++: Refactor StdContainer.qll.
 2021-02-16 18:53:08 +00:00
Geoffrey White
58230d6d0a C++: Model BSL in Fread.qll. 2021-02-16 18:00:51 +00:00