codeql

mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00

Author	SHA1	Message	Date
Sauyon Lee	e41d609921	Use newtype for SourceOrSinkElement	2021-12-07 07:39:20 -05:00
Sauyon Lee	9bfe1c94b3	autoformat	2021-12-07 07:39:20 -05:00
Sauyon Lee	16371ac488	Add support for summary elements	2021-12-07 07:39:19 -05:00
Sauyon Lee	96c58b58dd	Add EmptyInterfaceType	2021-12-07 07:39:19 -05:00
Sauyon Lee	26d00f1d5b	Move basicLocalFlowsStep to DataFlowPrivate	2021-12-07 07:39:19 -05:00
Sauyon Lee	3098a4ef16	Qualify uses and add imports in DataFlowNodes	2021-12-07 07:39:18 -05:00
Sauyon Lee	93f2569f1d	Refactor data-flow nodes	2021-12-07 07:39:18 -05:00
Sauyon Lee	9ceda08d13	Sync dataflow libraries	2021-12-07 07:39:12 -05:00
Owen Mansel-Chan	d0c9aacd54	Distinguish variadic and non-variadic signature types in extractor	2021-12-01 09:33:44 -05:00
Owen Mansel-Chan	628835d3b3	Add failing tests for isVariadic `nonvariadicDeclaredFunction` has the same signature as `variadicDeclaredFunction`, so it is being erroneously reported as variadic.	2021-12-01 09:32:12 -05:00
Owen Mansel-Chan	e08007b287	Add missing qldocs for two `isVariadic()` predicates	2021-11-30 15:13:42 -05:00
Owen Mansel-Chan	acc5c4098a	Fix `Function.isVariadic` to work on external packages Going via `getFuncDecl()` didn't work as we don't function declarations from external packages. It works to use `getType()` instead.	2021-11-30 15:11:34 -05:00
Owen Mansel-Chan	a6d8deae3e	Add Fmt.Fprint to isVariadic tests We didn't have any tests involving a function in an imported package.	2021-11-30 15:07:57 -05:00
Erik Krogh Kristensen	adbe19878f	Merge pull request #615 from erik-krogh/explicit-this apply the implicit-this patch to the remaining go code	2021-11-29 17:16:43 +01:00
Erik Krogh Kristensen	1ade6c55d8	apply the implicit-this patch to the remaining go code	2021-11-29 13:10:04 +01:00
Owen Mansel-Chan	f9a3832aa2	Add extractor test that empty interface type exists	2021-11-26 15:16:09 -05:00
Tony Torralba	662f880ab8	Merge pull request #609 from github/atorralba/log-injection-query Go: Add Log Injection query (CWE-117)	2021-11-24 15:41:43 +01:00
Tony Torralba	cc8d9bdc7f	Update ql/src/Security/CWE-117/LogInjection.qhelp Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>	2021-11-24 13:57:34 +01:00
Chris Smowton	5ed4e3651b	Merge pull request #611 from tunnelshade/main Add `Where` method of squirrel sql builders to query range	2021-11-23 11:13:19 +00:00
tunnelshade	aeaa861fc6	Add `Where` method of squirrel sql builders to query range	2021-11-23 10:11:31 +05:30
Chris Smowton	271e239dee	Introduce manual magic to TaintedPathSanitizerGuardAsBacktrackingSanitizerGuard This avoids computing the full `localTaint` relation when actually there are few `TaintedPath::SanitizerGuard` instances to start from.	2021-11-22 17:41:56 +00:00
Chris Smowton	8bf78b07e5	Avoid recursively defining DataFlow::BarrierGuard In fact there never was true recursion, but the compiler thought there could be because it supposed that ZipSlip::SanitizerGuard growing may introduce instances that happen to also satisfy TaintedPath::SanitizerGuard. In fact this never happens, but here we make it clear by defining the shared sanitizer guards outside the DataFlow::BarrierGuard hierarchy and then introducing the sanitizers in each query that uses them.	2021-11-22 17:36:06 +00:00
Tony Torralba	f2017b626e	Fix stubs	2021-11-22 09:15:12 +01:00
Tony Torralba	c9332cdccb	Fix *Depth log levels in glog and klog	2021-11-22 09:15:01 +01:00
Tony Torralba	d4a20f1222	Autoformat	2021-11-19 18:04:51 +01:00
Tony Torralba	c886d10388	Add Log Injection query	2021-11-19 17:55:34 +01:00
Chris Smowton	33fd1aaf2a	Add missing @id tag	2021-11-16 18:52:41 +00:00
Chris Smowton	792bc4bce0	Merge pull request #596 from pupiles/feature/cwe-090 CWE-090: Ldap Injection	2021-11-10 11:31:36 +00:00
Chris Smowton	f3ba40e29d	Update test expectations	2021-11-10 09:42:19 +00:00
Chris Smowton	1ebb47feb3	Fix filename spelling error	2021-11-10 09:29:50 +00:00
pupiles	4d9ce49816	use stubs libs && add heuristic sanitizers	2021-11-10 14:12:45 +08:00
pupiles	97d4359881	add test code	2021-11-09 21:31:35 +08:00
Chris Smowton	2c5fe1dedc	File names should be camel-case	2021-11-09 10:45:09 +00:00
Chris Smowton	bc9300ebf5	Copyedit examples Fragments suffice for illustration, and the two bad and good examples can be easily combined	2021-11-09 10:42:58 +00:00
Chris Smowton	c18b11a470	Copy-edit query: * Regular comments to qldoc * Improve naming * Update out-of-date documentation from earlier versions of the query	2021-11-09 10:31:30 +00:00
Chris Smowton	dda425ca8d	Improve query style No need to highlight the sink again in the message when the sink is the alert location to begin with	2021-11-09 10:08:02 +00:00
Chris Smowton	f7c19dea71	Copyedit qhelp	2021-11-09 10:05:18 +00:00
pupiles	7f68f85002	fomat .ql inline comment	2021-11-09 14:42:32 +08:00
pupiles	c97d0c6ce5	Remove redundant code	2021-11-05 13:14:28 +08:00
Chris Smowton	233269869c	Tidy sanitizers, using `instanceof` not `extends` or a charpred where possible	2021-11-04 16:26:14 +00:00
Chris Smowton	23855979d5	Include UntrustedFlowSource into ServerSideRequestForgery::Source but not vice versa	2021-11-04 16:19:22 +00:00
Chris Smowton	9e218a70bb	Make imports private	2021-11-04 15:32:37 +00:00
Chris Smowton	18028dca2d	Share repeated regex	2021-11-04 15:30:34 +00:00
Chris Smowton	648a70945d	Copyedit docs and improve naming	2021-11-04 15:30:29 +00:00
Chris Smowton	a9c853257d	Fix qhelp good example	2021-11-04 14:42:54 +00:00
Chris Smowton	5256725359	Copyedit qhelp	2021-11-04 14:41:38 +00:00
valeria-meli	b84f31e918	format	2021-11-04 10:01:38 -03:00
Valeria	9f52a6654e	Merge branch 'main' into feature/SSRF	2021-11-04 09:56:10 -03:00
pupiles	4f1052b3a7	feature add common sanitizer	2021-11-04 13:16:24 +08:00
Chris Smowton	6d90b81655	Merge pull request #597 from owen-mc/var-args Update dbscheme to add table for variadic signature types	2021-11-03 11:29:45 +00:00

1 2 3 4 5 ...

1588 Commits