hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,872 Commits 1,703 Branches 162 Tags
cdac0e2b529ef1630c5cd16fd2fc35066f7cb015
Commit Graph

44872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jami Cogswell
cdac0e2b52 add local algo name tracking, still need to add ability to track algo name when KeyGen obj is param to other method 2022-10-11 16:56:10 -04:00
Jami Cogswell
c414ee0e25 add ECC dataflow config; passes all test cases; still don't have algo name tracking 2022-10-11 16:56:10 -04:00
Jami Cogswell
5e2ef66014 refactoring to use both dataflow configs; commit before deleting unused code 2022-10-11 16:56:10 -04:00
Jami Cogswell
ac707198d5 commit before adding taint flow back (since no taint flow doesn't capture all cases) 2022-10-11 16:56:10 -04:00
Jami Cogswell
8ffd2522e7 add draft code to find algo type to replace tainttracking configs 2022-10-11 16:56:10 -04:00
Jami Cogswell
d3b1a04c13 handle FN case with simple VarAccess; add draft of dataflow config to handle complex VarAccess 2022-10-11 16:56:10 -04:00
Jami Cogswell
7de9c05c9d use CompileTimeConstantExpr for FN with VarAccess, and remove KeyGeneratorInitConfiguration 2022-10-11 16:56:10 -04:00
Jami Cogswell
75794ec7a7 false negative testing - before rewrite for variable dataflow 2022-10-11 16:56:10 -04:00
Jami Cogswell
7d94590d79 add change note 2022-10-11 16:56:10 -04:00
Jami Cogswell
9eb45c3787 refactor tests and code, update help file 2022-10-11 16:56:10 -04:00
Jami Cogswell
657e1e62ca start refactoring query logic into lib file 2022-10-11 16:56:10 -04:00
Jami Cogswell
3643c9e658 update metadata 2022-10-11 16:56:10 -04:00
Jami Cogswell
9b7df354e6 move files 2022-10-11 16:56:10 -04:00
Mathias Vorreiter Pedersen
fc810ddbf4 Merge pull request #10775 from atorralba/atorralba/swift/custom-url-scheme-sources 
Swift: Add taint sources for custom URL scheme URLs
 2022-10-11 16:47:52 +01:00
Tony Torralba
f4d43deec4 Add taint sources for custom URL scheme URLs 2022-10-11 17:19:04 +02:00
Mathias Vorreiter Pedersen
af79139c30 Merge pull request #10772 from atorralba/atorralba/swift/subscriptexpr-taint-step 
Swift: Add taint step for subscript expressions
 2022-10-11 15:45:54 +01:00
Mathias Vorreiter Pedersen
7ac9c1e832 Merge pull request #10713 from MathiasVP/fix-types-in-ir-dataflow 
C++: Fix `getType` for experimental IR dataflow
 2022-10-11 15:20:49 +01:00
Rasmus Wriedt Larsen
b3f10311b3 Merge pull request #10752 from RasmusWL/pymssql 
Python: DB Modeling: Add `pymssql` and `executemany` in general
 2022-10-11 15:55:04 +02:00
Tony Torralba
0892a5795d Add taint step for subscript expressions 2022-10-11 15:33:45 +02:00
Tamás Vajk
8523d21f8c Merge pull request #10696 from tamasvajk/kotlin-lateinit 
Kotlin: Extract `lateinit` modifier
 2022-10-11 15:03:10 +02:00
Tamás Vajk
e9835ec07e Merge pull request #10756 from tamasvajk/kotlin-fix-java-modifier 
Kotlin: extract `protected` modifier from java class files
 2022-10-11 15:02:13 +02:00
Erik Krogh Kristensen
66c2de87b0 Merge pull request #10729 from erik-krogh/py-last-msg 
Py: fix some more style-guide violations in the alert-messages
 2022-10-11 14:48:14 +02:00
Rasmus Wriedt Larsen
ac30cfa5c1 Python: Apply suggestions from code review 2022-10-11 14:05:27 +02:00
erik-krogh
a826dbbdee fix capitalization in stack-trace-exposure 2022-10-11 13:59:10 +02:00
Mathias Vorreiter Pedersen
95e798565b C++: Expand on the comment about missing types in the database. Also rename 'getType0' to 'getTypeImpl' to avoid confusion. 2022-10-11 12:57:51 +01:00
Erik Krogh Kristensen
0883b1782d Merge pull request #10730 from erik-krogh/ql-last-msg 
QL: fix some more style-guide violations in the alert-messages
 2022-10-11 13:43:21 +02:00
Asger F
02656b16c3 Merge pull request #10685 from asgerf/rb/splat-and-local-field-step 
Ruby: summarize unary splat operators and add local field step
 2022-10-11 13:28:58 +02:00
Erik Krogh Kristensen
01bc5f7226 Merge pull request #10731 from erik-krogh/rb-last-msg 
Ruby: fix some more style-guide violations in the alert-messages
 2022-10-11 12:16:52 +02:00
Mathias Vorreiter Pedersen
5cfc3fe8df C++: Use 'DataFlowType' instead of 'Type' for the 'getType' predicate in 'PostUpdateNode'. 2022-10-11 11:00:25 +01:00
Tom Hvitved
878654e0ff Merge pull request #10763 from hvitved/ruby/move-summarized-callable-from-model 
Ruby: Move `SummarizedCallableFromModel` into `ModelsAsData.qll`
 2022-10-11 11:47:38 +02:00
erik-krogh
42e1735f2a update expected output 2022-10-11 11:37:26 +02:00
erik-krogh
8779da8c0b reintroduce Psych 2022-10-11 11:14:52 +02:00
Erik Krogh Kristensen
7d282c3d75 fix casing in alert-message 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-11 11:12:59 +02:00
Tom Hvitved
d6df69d481 Merge pull request #10754 from hvitved/dataflow/non-hidden-succ-fast-tc 
Data flow: Improve `fastTC` bound in `PathNodeImpl::getANonHiddenSuccessor`
 2022-10-11 11:12:58 +02:00
Tom Hvitved
53abdb3fb5 Ruby: Move SummarizedCallableFromModel into ModelsAsData.qll 2022-10-11 11:06:35 +02:00
erik-krogh
4da0508dae Merge branch 'main' into py-last-msg 2022-10-11 10:49:19 +02:00
erik-krogh
cdf9d65e44 bump typos 2022-10-11 10:44:34 +02:00
erik-krogh
f4e928eec4 Merge branch 'main' into ql-last-msg 2022-10-11 10:44:20 +02:00
erik-krogh
9a9d2a6fe1 Merge branch 'main' into rb-last-msg 2022-10-11 10:43:39 +02:00
Asger F
b6e07c0cd5 Ruby: block API graph nodes from tracking through self-argument passing 2022-10-11 09:03:52 +02:00
Asger F
125761755a Ruby: do not generate API graph edges from Attribute contents 
Models should use Method[x] edges, not attribute edges
 2022-10-11 09:03:52 +02:00
Asger F
6daa1c432b Ruby: update test output 2022-10-11 09:03:51 +02:00
Asger F
38a3476d37 Ruby: add local field step to type tracking 
fixup local field steps
 2022-10-11 09:03:51 +02:00
Asger F
d55925d8d4 Ruby: support splat type-tracking step 2022-10-11 09:03:51 +02:00
Asger F
9bbbece8a7 Merge pull request #10670 from tyage/property-stringify 
JS: Improve detection of XSS when JSON.stringify()
 2022-10-10 18:16:09 +02:00
Tamas Vajk
f2e2e3bc1d Kotlin: extract protected modifier from java class files 2022-10-10 18:02:21 +02:00
Tamas Vajk
15aab711c7 Kotlin: Add test showing missing java modifier 2022-10-10 18:01:38 +02:00
Chris Smowton
5756a33604 Merge pull request #10737 from smowton/smowton/fix/type-instance-within-default-value-erasure 
Kotlin: fix type variable erasure inside default function values
 2022-10-10 16:31:07 +01:00
Tamás Vajk
70b8224a8b Merge pull request #10723 from tamasvajk/kotlin-generated-files 
Kotlin: Recognize generated files
 2022-10-10 16:24:42 +02:00
Asger F
b1a165ee98 JS: Edit change note 2022-10-10 16:08:21 +02:00