hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
e5fa4a6dcad7a0a34e90ca661888e17a2530422c
Commit Graph

1591 Commits

Author SHA1 Message Date
github-actions[bot]
e4f25c9a13 Release preparation for version 2.23.5 2025-11-11 11:33:33 +00:00
Michael B. Gale
8ba29a7821 Revert "Release preparation for version 2.23.4" 2025-11-10 17:13:28 +00:00
github-actions[bot]
6342da9503 Release preparation for version 2.23.4 2025-11-07 17:37:29 +00:00
Michael B. Gale
6ce8f07290 Revert "Release preparation for version 2.23.4" 2025-11-07 17:28:28 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
Henry Mercer
9507ec0853 Fix "be be" typos 2025-10-14 11:09:43 +01:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Owen Mansel-Chan
37151791b4 Add change notes 2025-10-09 12:26:32 +01:00
Owen Mansel-Chan
3cbce80d0b Add SimpleTypeSanitizer to go/request-forgery 2025-10-09 12:17:21 +01:00
Owen Mansel-Chan
0c9cd09140 Make NumericOrBooleanSanitizer easier to access and rename it 2025-10-09 12:17:17 +01:00
Owen Mansel-Chan
f35d28de45 Change note for bug fix in go/unvalidated-url-redirection 2025-10-02 17:03:55 +01:00
Owen Mansel-Chan
cce44b1f54 Update change notes for api changes 2025-10-02 16:52:16 +01:00
Owen Mansel-Chan
4d4862899e Preserve old behaviour of Write.writesComponent 2025-10-02 16:50:18 +01:00
Owen Mansel-Chan
2629369c93 Improve additional flow step for Host field 2025-10-01 16:18:05 +01:00
Owen Mansel-Chan
c006777714 Simplify PathAssignmentBarrier 2025-10-01 16:18:03 +01:00
Owen Mansel-Chan
6e4dbe8e22 Fix SafeUrlFlow so test passes 2025-10-01 16:17:52 +01:00
Owen Mansel-Chan
8a21a4ff92 Deprecate WriteNode.writesComponent 2025-10-01 16:13:33 +01:00
Owen Mansel-Chan
59e3c14a5e Add and use WriteNode.writesElementPreUpdate 2025-10-01 16:13:31 +01:00
Owen Mansel-Chan
6fcd35885e Fix pointer content store step for write to field of pointer dereference 2025-10-01 16:13:29 +01:00
Owen Mansel-Chan
2ffb638b7e Delete WriteNode.writesFieldOnSsaWithFields 
This can be easily expressed in terms of `WriteNode.writesFieldPreUpdate`.
 2025-10-01 16:13:27 +01:00
Owen Mansel-Chan
489b8431ea Add and use WriteNode.writesFieldPreUpdate 2025-10-01 16:13:25 +01:00
Owen Mansel-Chan
c9a2816bfe Fix OpenUrlRedirect barrier for write to Url.Host 2025-10-01 16:13:24 +01:00
Owen Mansel-Chan
7b426186aa Rephrase change note to avoid technical terms 2025-10-01 16:13:19 +01:00
Owen Mansel-Chan
630a8446ad Rename confusing predicate and add qldoc 2025-10-01 16:13:17 +01:00
Owen Mansel-Chan
b1bcbec37d Use slightly less confusing syntax 2025-10-01 16:13:15 +01:00
Owen Mansel-Chan
1d9a93a731 Rename helper predicate 2025-10-01 16:13:14 +01:00
Owen Mansel-Chan
4ee236d73f Delete commented out code 2025-10-01 16:13:12 +01:00
Owen Mansel-Chan
25f182302d Fix email injection sink that needs local flow 2025-10-01 16:13:10 +01:00
Owen Mansel-Chan
f5f6d64d9d Add change notes 2025-10-01 16:13:08 +01:00
Owen Mansel-Chan
a9420d46c8 Fix bad join order 2025-10-01 16:13:04 +01:00
Owen Mansel-Chan
6cb69535a5 Add missing qldocs 2025-10-01 16:13:03 +01:00
Owen Mansel-Chan
5efc8ac1a4 Fix backwards flow through TaintTracking::FunctionModel 
We only do this for taint models as there isn't any backwards flow
through data flow function models.
 2025-10-01 16:13:01 +01:00
Owen Mansel-Chan
62155876c5 Fix flow to variable capture 
The jump step to a `SsaCaptureVariable` should start at the last use
before it, rather than from the previous definition.
 2025-10-01 16:12:57 +01:00
Owen Mansel-Chan
748c53a791 Refactor: Create writesFieldOnSsaWithFields 2025-10-01 16:12:56 +01:00
Owen Mansel-Chan
cf6cfe2a1e Non-initializing writes should target post-update nodes 2025-10-01 16:12:54 +01:00
Owen Mansel-Chan
3229630598 Make store step to send stmt's channel use post-update node 2025-10-01 16:12:51 +01:00
Owen Mansel-Chan
118def8d28 Make separate post-update nodes 2025-10-01 16:12:45 +01:00
Owen Mansel-Chan
89ae0e3bf3 Inline predicate only used once 2025-10-01 16:12:40 +01:00
Owen Mansel-Chan
05a16dc100 Convert post-update logic to IR (part 3) 2025-10-01 16:12:38 +01:00
Owen Mansel-Chan
ad1801827b Implement writesComponent at IR level 2025-10-01 16:12:37 +01:00
Owen Mansel-Chan
203952fa47 Convert post-update logic to IR (part 2) 
Note that we don't create post-update nodes for method receivers if the
call to the method is indirect, via a function variable. We could aim to
do this in future.
 2025-10-01 16:12:35 +01:00
Owen Mansel-Chan
c8b8e25fbb Convert post-update logic to IR (part 1) 2025-10-01 16:12:34 +01:00
Owen Mansel-Chan
7a515c101a Pull out post-update node logic into predicate 2025-10-01 16:12:32 +01:00
Owen Mansel-Chan
d13d7173ed Fix QLDoc typo 2025-10-01 16:12:30 +01:00
Owen Mansel-Chan
32de2113a6 Use _ instead of exists variable x2 2025-10-01 16:12:22 +01:00
Chris Smowton
a3eb0100a6 Optimise join order for varBlockReaches 2025-10-01 16:12:21 +01:00
Owen Mansel-Chan
9068315f03 Fix IncorrectIntegerConversion for use-use flow 
We were assuming that `sink` only had one successor, the TypeCastNode, but it
can now have an adjacent use as well.
 2025-10-01 16:12:19 +01:00
Owen Mansel-Chan
b2a9cecd69 Fix Allocation Size Overflow for use-use flow 
We have an operator expression like `x * 5`. We want to follow where the
value of the operator expression goes. We used to follow local flow from
an operand, but now there is flow from that operand to the next use of
the variable. The fix is to explicitly start local flow from the
operator expression.

There are also some expected edge changes due to use-use flow.
 2025-10-01 16:12:18 +01:00
Owen Mansel-Chan
4e04d27d32 Adjust SafeFormatArgumentSanitizer to use-use flow 
Make it sanitize the result of the call rather than the input, so that
further uses of the input are still tainted. This means that it catches
things like `log.Print(fmt.Sprintf("user %q logged in.\n", username))`
where the argument to the LoggerCall contains a StringFormatCall, but
it misses things like `log.Printf("user %q logged in.\n", username)`. So
we extract the logic into a predicate and apply it as a condition in the
sink as well.

The downside of this approach is that if there are two tainted inputs
and only one has a safe format argument then we still sanitize the
result. Hopefully this is rare.
 2025-10-01 16:12:16 +01:00