hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
56,831 Commits 1,741 Branches 165 Tags
dbde99df91b76e919ee2e7b9312bffa1daecd11b
Commit Graph

56831 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
dbde99df91 Python: Add test cases. 2023-07-20 11:06:00 +01:00
Geoffrey White
cb6276e5e2 Python: Test layout. 2023-07-19 18:44:15 +01:00
Owen Mansel-Chan
0a0e9bb25b Merge pull request #13767 from owen-mc/go/missing-flow-through-receiver 
Go: Fix missing flow through receiver for function variable
 2023-07-19 13:52:25 +01:00
Anders Schack-Mulligen
a9c76d4175 Merge pull request #13717 from aschackmull/dataflow/neverskipadditionalsteps 
Dataflow: Add support for not skipping configuration-specific nodes in big-step
 2023-07-19 14:06:54 +02:00
Owen Mansel-Chan
b9027a0806 Avoid using getTarget() as it may not exist 2023-07-19 12:48:34 +01:00
Owen Mansel-Chan
a1fdc6f438 Merge pull request #13599 from pwntester/ruby/gopg_improvements 
Go: Improve go-pg support
 2023-07-19 12:40:39 +01:00
Stephan Brandauer
5575fc65aa Merge pull request #13636 from github/tausbn/add-sink-alert-metrics-query 
Java: Add metric queries for counting sinks coming from models
 2023-07-19 13:12:32 +02:00
Mathias Vorreiter Pedersen
434815b9f7 Merge pull request #13764 from MathiasVP/fix-fp-in-missing-noinline 
QL: Fix FP in `ql/missing-noinline`
 2023-07-19 11:49:20 +01:00
Mathias Vorreiter Pedersen
475a892216 Merge pull request #13760 from MathiasVP/split-invalid-ptr-deref-into-more-files 
C++: Split `cpp/invalid-pointer-deref` into more files
 2023-07-19 11:36:35 +01:00
Mathias Vorreiter Pedersen
5fa70b0eb0 Update ql/ql/test/queries/performance/MissingNoInline/MissingNoInline.expected 2023-07-19 11:34:05 +01:00
Mathias Vorreiter Pedersen
b470dd7f00 Update ql/ql/src/queries/performance/MissingNoinline.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-07-19 11:33:16 +01:00
Owen Mansel-Chan
9b3ff82279 Address review comments 2023-07-19 11:18:20 +01:00
Owen Mansel-Chan
a3ba74a6a6 Cast to MethodCallNode before calling getReceiver() 
This is not required, because getReceiver is still defined on CallNode,
but is done for consistency.
 2023-07-19 11:17:38 +01:00
Anders Schack-Mulligen
8d365b04c1 C/C++: Adjust expected output. 2023-07-19 11:41:54 +02:00
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
c01a494ea5 C/C++: Don't force-include XxeFlowStateTransformer steps in XXE.ql. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
941aa7ae28 C/C++: Don't force-include default steps in DefaultTaintTrackingImpl. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
95d17045c9 Dataflow: Sync. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
fd83b6afdb Dataflow: Add support for not skipping configuration-specific nodes in big-step. 2023-07-19 11:41:15 +02:00
Mathias Vorreiter Pedersen
2f48cde2e5 Update cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-19 10:28:05 +01:00
Mathias Vorreiter Pedersen
9a8fb0b93a Update cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-19 10:27:55 +01:00
Owen Mansel-Chan
de8794e9ba Make MethodCallNode char pred more accurate 
When a function is assigned to a variable and called through that
variable then we previously didn't realise it was a function. With
this change we try use local flow to determine if the function being
called is a method.
 2023-07-19 10:24:27 +01:00
James Fletcher
8a46ff344a Merge pull request #13768 from github/update-presentations 
Remove mentions of LGTM from CodeQL training presentations
 2023-07-19 09:54:02 +01:00
James Fletcher
a54b96cb8d Merge branch 'main' into update-presentations 2023-07-19 09:35:52 +01:00
james
70076fd3f0 remove lgtm from presentations 2023-07-19 09:33:13 +01:00
Geoffrey White
a58dbf26b5 Merge pull request #13759 from geoffw0/parsemode2 
Swift: Refactor regex library
 2023-07-19 08:36:28 +01:00
Owen Mansel-Chan
9b0d7f3515 Merge pull request #13739 from owen-mc/go/extractor-use-origin 
Use Origin() in Go extractor
 2023-07-18 21:37:46 +01:00
Jeroen Ketema
b72d89295a Merge pull request #13762 from jketema/fun-qual 
C++: Handle `FunctionAccess`es with qualifiers
 2023-07-18 21:17:30 +02:00
Mathias Vorreiter Pedersen
3e1b4d97fe C++: Add QLDoc. 2023-07-18 18:15:25 +01:00
Mathias Vorreiter Pedersen
576f021c25 C++: Fix Code Scanning errors. 2023-07-18 18:15:25 +01:00
Mathias Vorreiter Pedersen
4762e883fc C++: Add inline expectations tests for the invalid-pointer-to-dereference stage of the query. 2023-07-18 18:15:24 +01:00
Mathias Vorreiter Pedersen
a735d18a1b C++: Add inline expectations tests for the allocation-to-invalid-pointer stage of the query. 2023-07-18 18:15:24 +01:00
Mathias Vorreiter Pedersen
5099de5b3d C++: Split the query into 4 files. 2023-07-18 18:15:18 +01:00
Mathias Vorreiter Pedersen
5a15c19e4b QL: Accept test changes. 2023-07-18 18:04:46 +01:00
Mathias Vorreiter Pedersen
3b3f374223 QL: Fix FP in 'ql/missing-noinline'. 2023-07-18 17:55:44 +01:00
Geoffrey White
5dea539f3f Swift: Fix QL-for-QL suggestion. 2023-07-18 16:51:12 +01:00
Jeroen Ketema
aad094bdd0 C++: Handle FunctionAccesses with qualifiers 
Also fix the IR generation for these and add more IR tests involving value
categories.
 2023-07-18 16:35:39 +02:00
Mathias Vorreiter Pedersen
a038b389c3 C++: More cleanup. 2023-07-18 14:03:04 +01:00
Mathias Vorreiter Pedersen
d41d2bc29e Merge pull request #13699 from MathiasVP/final-config-to-invalid-pointer-deref 
C++: Handle call-contexts mismatches in `cpp/invalid-pointer-deref`
 2023-07-18 13:08:21 +01:00
Alex Ford
e803e98ee4 Merge pull request #13585 from alexrford/rb/rack-env-query-string 
Ruby: add rack `env['QUERY_STRING']` as a remote flow input
 2023-07-18 12:44:07 +01:00
yoff
a1aa16f901 Merge pull request #13745 from GeekMasher/py-mad-xss 
Python - Add Models as Data support for Reflected XSS Query
 2023-07-18 13:39:17 +02:00
Geoffrey White
1deacf40ca Merge pull request #13660 from geoffw0/regexinjection 
Swift: Query for regular expression injection
 2023-07-18 10:25:30 +01:00
Geoffrey White
96dece3c88 Swift: ReDoS query result changes. 2023-07-18 10:11:22 +01:00
Jeroen Ketema
5d8b203112 Merge pull request #13758 from jketema/val-cat-tests 
C++: Add more IR tests
 2023-07-18 11:02:27 +02:00
Geoffrey White
86c6960e2a Swift: Add RegexUseFlow and modify the role of StringLiteralUseFlow. 2023-07-18 09:49:47 +01:00
Geoffrey White
c76d85df1b Swift: Create a model for RegexCreation. 2023-07-18 09:49:47 +01:00
Geoffrey White
734a00d616 Swift: Rename so that different data flows will be clear. 2023-07-18 09:49:47 +01:00
Geoffrey White
f243e854ae Swift: Move regex dataflow code into a RegexTracking library (similar to the layout in Ruby and Python). 2023-07-18 09:49:36 +01:00
Anders Schack-Mulligen
e72366194b Merge pull request #13754 from aschackmull/java/remotesource-inbarrier 
Java: Exclude source-to-source flow in 5 queries.
 2023-07-18 10:33:44 +02:00