hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

5327 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
50196d099b Inline Expectation Tests: sync 2022-06-03 11:39:57 +02:00
Anders Schack-Mulligen
4f3751dfea Merge pull request #9316 from hvitved/dataflow/edges-get-a-successor-consistency 
Data flow: Make `PathGraph::edges/2` and `PathNode::getASuccessor/1` consistent
 2022-06-01 10:38:25 +02:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
github-actions[bot]
ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
github-actions[bot]
31c91a6faa Add changed framework coverage reports 2022-05-29 00:16:56 +00:00
Tom Hvitved
bcdef98392 Data flow: Sync files 2022-05-25 14:39:37 +02:00
Tom Hvitved
a4023b8a1d Data flow: Make PathGraph::edges/2 and PathNode::getASuccessor/1 consistent 2022-05-25 14:39:37 +02:00
Tom Hvitved
42f05dadc4 Data flow: Sync files 2022-05-25 14:21:22 +02:00
github-actions[bot]
1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Michael Nebel
9cab92b16f C#: Update flow summaries test after rebase. The rebase included a fix to the isAutoGenerated predicate, which means that a summary is only considered autogenerated, if no hand-written version exist. This affects the printing as well. 2022-05-25 08:28:15 +02:00
Michael Nebel
5b405bb4cf C#: Update FlowSummaries test with generated printing (needed due to rebase). 2022-05-25 08:28:15 +02:00
Michael Nebel
ba7238d6e2 C#: Update XML Injectiont test output after rebase (query has been turned into a path-problem and the output is now affected by the added summaries for NameValueCollection). 2022-05-25 08:28:15 +02:00
Michael Nebel
75532432af C#: Update flow summaries test (note that the test doesn't correctly print the generated flag at the moment). 2022-05-25 08:28:15 +02:00
Michael Nebel
c8ede58704 C#: Flow summaries has now been added for Exception stack trace, but not for ToString. The latter will be encoded as an extra taintstep in the analysis. To reduce noise for all uses of an exception itself an isSanitizerIn is introduced. 2022-05-25 08:28:15 +02:00
Michael Nebel
4d6d1c8376 C#: Since NameValueCollection now has a flow summary for the string indexer it is no longer consider an unsafe external api, which is why it has disappared from the result. 2022-05-25 08:28:14 +02:00
Michael Nebel
ee027f845c C#: Since NameValueCollection now has a flow summary for the indexer it is considered a SafeExternalApiCallable and will thus not be included in the result of the test. 2022-05-25 08:28:14 +02:00
Michael Nebel
268230ef19 C#: Add QlDoc to the Generated file. 2022-05-25 08:28:14 +02:00
Michael Nebel
e2d6cd20c7 C#: Update tests due to new summaries for ProcessStartInfo. 2022-05-25 08:28:14 +02:00
Michael Nebel
9b8636aa23 C#: Update test because we now have a flow summary the string indexer for NameValueCollection. 2022-05-25 08:28:14 +02:00
Michael Nebel
d9c7ba471d C#: Update taint steps test as the generated models now include a model for the getters for KeyValuePair (we only had manual summaries for the constructor). 2022-05-25 08:28:14 +02:00
Michael Nebel
f8e729025f C#: Add generated Dotnet Runtime summary models that allows to up two reads and two stores and update flow summaries test. 2022-05-25 08:28:14 +02:00
Michael Nebel
3b62b45ea8 C#: Add generated framework models to ExternalFlow. 2022-05-25 08:28:14 +02:00
Michael Nebel
daace0fe68 Merge pull request #9270 from michaelnebel/csharp/summarized-callable-fix 
C#: Summarized callable
 2022-05-24 16:36:44 +02:00
Tom Hvitved
728ccafe2b Merge pull request #9024 from hvitved/dataflow/content-flow-lib 
Data flow: Introduce `ContentDataFlow.qll`
 2022-05-24 15:09:16 +02:00
Tom Hvitved
6345816acf Rework ContentDataFlow implementation 2022-05-24 10:34:06 +02:00
Michael Nebel
42be60ea57 C#: Address codereview comments. 2022-05-24 08:21:39 +02:00
Michael Nebel
eed02a2a9f C#: Fix issue with isAutoGenerated predicate and make sure that data flow only use relevant summaries. 2022-05-24 08:21:38 +02:00
Tom Hvitved
9cc9991c74 C#: Update ContentDataFlow test 
Illustrates missing flow when the sink is inside a method that is also part of
a `subpath`.
 2022-05-23 13:05:28 +02:00
Michael Nebel
bf958ff5bb Merge pull request #9255 from michaelnebel/csharp/test-clearscontent 
C#: Remove default clears content.
 2022-05-23 10:30:30 +02:00
Michael Nebel
c82ab6813f Merge pull request #9256 from michaelnebel/csharp/test-ranking 
C#: Rank summaries and source code in dataflow callables.
 2022-05-23 10:29:52 +02:00
Anders Schack-Mulligen
f2218944f6 Merge pull request #9214 from hvitved/dataflow/lambda-fp-flow 
Data flow: Do not discard call context when computing reverse lambda flow through jumps
 2022-05-23 10:02:51 +02:00
Michael Nebel
217c414b6e C#: Now that SummarizedCallableDefaultClears content has been removed, we need to explicitly say that fields are cleared. 2022-05-23 08:58:09 +02:00
Michael Nebel
ddde1d4607 C#: Remove default clears content. 2022-05-22 15:16:44 +02:00
Michael Nebel
f141336f64 C#: Fake location of methods as we want to use the defined summaries for testing purposes. 2022-05-22 15:14:58 +02:00
Michael Nebel
9f611d79ac C#: Rank summaries and source code such that only one is used. 2022-05-22 15:14:19 +02:00
Robert Marsh
6d267be1a1 C++: merge main and accept test changes 2022-05-20 14:37:09 -04:00
Anders Schack-Mulligen
8beef45599 Merge pull request #9195 from aschackmull/java/perf-local-flow 
Java: Performance fixes for local flow relation
 2022-05-20 12:38:02 +02:00
Michael Nebel
20af134ff0 Merge pull request #9210 from michaelnebel/dataflow/summarizedcallablerefactor 
DataFlow - SummarizedCallable refactor
 2022-05-20 09:32:30 +02:00
Tom Hvitved
3ebd4af24e C#: Fix another test 2022-05-19 16:23:31 +02:00
Tom Hvitved
909ad2a61a Address review comment 2022-05-19 15:37:18 +02:00
Tom Hvitved
f83deb6571 Data flow: Sync files 2022-05-19 15:20:43 +02:00
Michael Nebel
575b8376f3 C#: Update Flow summaries QL test code based on refactor. 2022-05-19 14:41:24 +02:00
Tom Hvitved
0a52420581 C#: Add ContentDataFlow test 2022-05-19 13:28:56 +02:00
Tom Hvitved
bd9b6567c7 Data flow: Introduce ContentDataFlow.qll 2022-05-19 13:28:56 +02:00
Michael Nebel
ff1e6637ac C#: Fix issue with summaryElement predicate. 2022-05-19 13:06:24 +02:00
Anders Schack-Mulligen
0e830f6052 C#/Ruby/Java: Fix pragmas. 2022-05-19 11:26:38 +02:00
Michael Nebel
be79f20ef1 C#: Refactor SummarizedCallable. 2022-05-19 11:03:50 +02:00
Erik Krogh Kristensen
fff70da650 Merge pull request #9182 from erik-krogh/useStringComp 
use string equality instead of regexps to compare constant strings
 2022-05-19 10:42:37 +02:00
Tom Hvitved
eef5022e3d Merge pull request #9014 from michaelnebel/csharp/dataflowcallablerefactor 
C#: Dataflow callable refactoring.
 2022-05-19 09:02:38 +02:00
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00