hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
247 Commits 1,684 Branches 159 Tags
d7e6c59fab102b31844e6fff5a4361198f9fa708
Commit Graph

172 Commits

Author SHA1 Message Date
Sauyon Lee
1b7186347d Merge pull request #25 from max-schaefer/library-overview 
Add library overview
 2020-02-19 01:39:14 -08:00
Max Schaefer
4b371ac85a Remove rogue full stop. 2020-02-19 08:14:15 +00:00
Max Schaefer
31557e8c19 Rename ArrowExpr to RecvExpr and address further review comments. 2020-02-18 08:39:31 +00:00
Max Schaefer
ec9ba8aa7f Address review comments. 2020-02-17 09:23:08 +00:00
Max Schaefer
f60b5daf94 Apply suggestions from code review 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-02-17 08:48:16 +00:00
Max Schaefer
65c116538c Write library overview. 2020-02-14 12:50:04 +00:00
Max Schaefer
9379f74308 Merge pull request #24 from sauyon/runelit 
Add a RuneLit alias for CharLit
 2020-02-13 09:07:38 +00:00
Max Schaefer
c7d29311e6 Merge pull request #232 from sauyon/makefile-improvements 
Makefile improvements
 2020-02-13 08:51:51 +00:00
Max Schaefer
69eae987d1 Merge pull request #240 from sauyon/rune-literal-string-value 
Make rune literal string value its value
 2020-02-13 08:47:56 +00:00
Sauyon Lee
1262935085 Update stats 2020-02-12 15:52:41 -08:00
Sauyon Lee
92025ad9bd Add a RuneLit alias for CharLit 
Also change the doc comment on CharLit to RuneLit
 2020-02-12 15:17:14 -08:00
Sauyon Lee
eb990c9de7 BadRedirectCheck: Use new rune literal string values 2020-02-12 15:14:59 -08:00
Sauyon Lee
74bb4f707d Make rune literal string value its value 2020-02-12 15:14:58 -08:00
Sauyon Lee
1365da2224 examples/variable: Select declaration as well as the variable 
This makes the test platform-independent
 2020-02-12 10:41:58 -08:00
Sauyon Lee
ae96bd88bc Merge pull request #239 from max/virtual-dispatch 
Call-graph API cleanup
 2020-02-10 15:05:13 -08:00
Max Schaefer
acd27cdee6 Merge pull request #238 from sauyon/semmle-to-github 
Rename the go module to github.com/github/codeql-go
 2020-02-10 21:02:05 +00:00
Max Schaefer
6aa0d631dd Address review comments. 2020-02-10 20:59:13 +00:00
Sauyon Lee
677ed6ebf4 Fix tests to use codeql-go repository name 2020-02-10 11:00:01 -08:00
Max Schaefer
d6f3005e0e Merge branch '235-head' 2020-02-07 20:12:47 +00:00
Max Schaefer
5571f1eac7 Rename Comparison to ComparisonExpr. 2020-02-07 16:24:42 +00:00
Max Schaefer
ad7dfa258c Rename ParenExpr.getExpression() to getExpr() for consistency with similar predicates in other classes. 2020-02-07 16:24:42 +00:00
Sauyon Lee
1a21c14f2f Remove build ignore from HardcodedCredentials example 2020-02-07 03:13:14 -08:00
Sauyon Lee
e4d228fa0f Fix CleartextStorage tests 2020-02-07 03:13:13 -08:00
Sauyon Lee
6300fdf85e Remove accidentally added CleartextStorage tests 2020-02-07 03:13:12 -08:00
Sauyon Lee
559ac8f0d2 Fix squirrel test build 2020-02-07 03:12:19 -08:00
Max Schaefer
72de4728a2 Suppress unhelpful magic. 2020-02-07 11:09:33 +00:00
Max Schaefer
69edfe08df Make regular expression for format strings more precise. 2020-02-07 11:05:44 +00:00
Max Schaefer
8b0d271717 Locally resolve calls to function expressions. 2020-02-07 11:05:44 +00:00
Max Schaefer
f6305f019d Minor refactoring. 2020-02-07 11:05:44 +00:00
Max Schaefer
46a8f8c8ed Remove Function.getACallExpr. 2020-02-07 11:05:44 +00:00
Max Schaefer
39b7272241 Teach Function.getACall to take virtual dispatch into account. 2020-02-07 11:05:44 +00:00
Max Schaefer
84002f585e Remove CallExpr.getACallee(). 2020-02-07 11:05:44 +00:00
Max Schaefer
cf0e38b22c Move virtual dispatch resolution from CallExpr to CallNode and generalise it very slightly. 2020-02-07 11:05:44 +00:00
Max Schaefer
253a394ae0 Make CallNode.getCalleeName() more robust to missing type information. 2020-02-07 11:05:44 +00:00
Max Schaefer
93a84684a5 Remove predicate CallExpr.calls. 
This sort of reasoning should be done at the data-flow level.
 2020-02-07 11:05:44 +00:00
Max Schaefer
9400442bea Add call graph test. 
This test uses annotations to encode the expected output directly into the source, hence the `.expected` files are trivial.
 2020-02-07 11:05:41 +00:00
Sauyon Lee
5dbebe44f5 Package tests: also select raw database path 2020-02-07 02:25:26 -08:00
Sauyon Lee
2cb61911c3 Package tests: Limit to specific packages 2020-02-07 02:23:28 -08:00
Sauyon Lee
9a9561bb12 Remove vendored path prefix of vendored packages 2020-02-07 02:17:54 -08:00
Sauyon Lee
0dca13a5d9 Address review comments 2020-02-04 11:13:41 -08:00
Sauyon Lee
87865afa42 ReflectedXss: Remove FPs from constant prefix Fprintfs 2020-02-03 16:00:33 -08:00
Sauyon Lee
3c88eab84c Merge pull request #229 from max/string-break 
Add query to find unsafe quoting
 2020-02-03 09:47:36 -08:00
Max Schaefer
af3d91ffd3 Add query StringBreak. 2020-02-03 09:01:40 +00:00
Max Schaefer
63ca382a0c Reorganise modelling of string concatenation. 2020-02-03 09:01:40 +00:00
Max Schaefer
3afce956ab Remove deprecated flow predicates. 2020-01-30 11:45:19 +00:00
Sauyon Lee
41d04f3d96 Revert "Add DataFlow2" 
This reverts commit 6a0203f33303847d9e7006ca67b1dba31428748b.
 2020-01-28 13:01:37 -08:00
Sauyon Lee
478f906d7a HTTP: Use Field.getQualifiedName in UserControlledRequestField 
Also autoformat.
 2020-01-28 13:01:36 -08:00
Sauyon Lee
d2e5322b94 Apply review comments 2020-01-28 13:01:35 -08:00
Sauyon Lee
3eee780fdd TaintTracking: minor functionNodeStep call improvement 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2020-01-28 13:01:34 -08:00
Sauyon Lee
9af436566f OpenUrlRedirect: Use a data-flow configuration to track whole URLs 2020-01-28 13:01:33 -08:00