codeql

mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00

Author	SHA1	Message	Date
Max Schaefer	ec9ba8aa7f	Address review comments.	2020-02-17 09:23:08 +00:00
Max Schaefer	f60b5daf94	Apply suggestions from code review Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com> Co-Authored-By: Sauyon Lee <sauyon@github.com>	2020-02-17 08:48:16 +00:00
Max Schaefer	65c116538c	Write library overview.	2020-02-14 12:50:04 +00:00
Max Schaefer	5571f1eac7	Rename `Comparison` to `ComparisonExpr`.	2020-02-07 16:24:42 +00:00
Max Schaefer	ad7dfa258c	Rename `ParenExpr.getExpression()` to `getExpr()` for consistency with similar predicates in other classes.	2020-02-07 16:24:42 +00:00
Sauyon Lee	3c88eab84c	Merge pull request #229 from max/string-break Add query to find unsafe quoting	2020-02-03 09:47:36 -08:00
Max Schaefer	af3d91ffd3	Add query StringBreak.	2020-02-03 09:01:40 +00:00
Max Schaefer	63ca382a0c	Reorganise modelling of string concatenation.	2020-02-03 09:01:40 +00:00
Sauyon Lee	da2924251b	Merge pull request #230 from max/remove-deprecated-flow-predicates Remove deprecated flow predicates.	2020-01-30 11:29:05 -08:00
Max Schaefer	3afce956ab	Remove deprecated flow predicates.	2020-01-30 11:45:19 +00:00
Max Schaefer	69a91b537f	Add change note for autobuilder changes https://git.semmle.com/Semmle/go/pull/210 did not include a change note.	2020-01-30 11:36:23 +00:00
Max Schaefer	ef60f1cbf7	Merge pull request #210 from sauyon/autobuilder-run-make autobuilder: run build if relevant files exist	2020-01-29 16:32:43 +00:00
Max Schaefer	8bb769b4f9	Merge pull request #228 from sauyon/codeql-test Makefile: Make extractor-common extractor target	2020-01-29 09:23:53 +00:00
Max Schaefer	be183596c8	Merge pull request #211 from sauyon/open-redirect-fps OpenUrlRedirect: resolve some FPs	2020-01-29 09:18:07 +00:00
Sauyon Lee	7676a56af6	Makefile: Make extractor-common extractor target	2020-01-28 14:38:15 -08:00
Sauyon Lee	41d04f3d96	Revert "Add DataFlow2" This reverts commit 6a0203f33303847d9e7006ca67b1dba31428748b.	2020-01-28 13:01:37 -08:00
Sauyon Lee	478f906d7a	HTTP: Use Field.getQualifiedName in UserControlledRequestField Also autoformat.	2020-01-28 13:01:36 -08:00
Sauyon Lee	d2e5322b94	Apply review comments	2020-01-28 13:01:35 -08:00
Sauyon Lee	3eee780fdd	TaintTracking: minor functionNodeStep call improvement Co-Authored-By: Max Schaefer <max@semmle.com>	2020-01-28 13:01:34 -08:00
Sauyon Lee	9af436566f	OpenUrlRedirect: Use a data-flow configuration to track whole URLs	2020-01-28 13:01:33 -08:00
Sauyon Lee	a2b5bb85ab	OpenUrlRedirect: Fix test compilation	2020-01-28 13:01:19 -08:00
Sauyon Lee	e17f548780	Add DataFlow2	2020-01-28 12:59:47 -08:00
Sauyon Lee	30d2fb0b7f	TaintTracking: Make functionModelStep take a FunctionModel This makes using only some function models easier.	2020-01-28 12:59:46 -08:00
Sauyon Lee	260b33be7e	OpenUrlRedirect: Add untrusted methods Also use more up-to-date data-flow APIs	2020-01-28 12:59:45 -08:00
Sauyon Lee	abfdd7ee1e	OpenUrlRedirect: make functions like isValidRedirect barrier guards	2020-01-28 12:59:44 -08:00
Sauyon Lee	82635a46ad	OpenUrlRedirect: only make some parts of the URL untrusted	2020-01-28 12:59:43 -08:00
Max Schaefer	2b92cd5ba5	Merge pull request #209 from sauyon/bad-redirect-sanitiser Bad redirect sanitiser	2020-01-28 20:11:46 +00:00
Sauyon Lee	aa33595b0f	Address review comments	2020-01-28 08:26:37 -08:00
Sauyon Lee	497bfeee83	BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity	2020-01-27 17:33:54 -08:00
Sauyon Lee	f897f68ead	SsaWithFilds: Add a getQualifiedName predicate	2020-01-27 17:33:53 -08:00
Sauyon Lee	a31ad88fc9	BadRedirectSanitizer: Transition to using data-flow API	2020-01-27 17:33:53 -08:00
Sauyon Lee	abc9438cd3	Apply suggestions from code review Co-Authored-By: Max Schaefer <max@semmle.com>	2020-01-27 17:33:52 -08:00
Sauyon Lee	3a73658a9c	BadRedirectSanitizer: Bind e to hp Address doc review comments	2020-01-27 17:33:51 -08:00
Sauyon Lee	aa28724f7c	Add `BadRedirectCheck` query	2020-01-27 17:33:50 -08:00
Sauyon Lee	9c6aa80718	Move OpenUrlRedirect tests into their own directory	2020-01-27 17:33:49 -08:00
Sauyon Lee	c889cb3501	Add getAnOperand to OperatorExpr	2020-01-27 17:33:48 -08:00
Sauyon Lee	edecb4e128	Merge pull request #227 from max/redundant-expr-bug Fix hash-consing of literals	2020-01-27 11:35:40 -08:00
Max Schaefer	3c1a68ee8f	Fix hash-consing of literals. We shouldn't rely on the literal value given in the `literals` table, but use the exact value (where available) instead.	2020-01-27 12:05:48 +00:00
Sauyon Lee	496ad5d051	Merge pull request #226 from max/fix-classify-files-regex Fix regex in ClassifyFiles.	2020-01-24 21:01:01 -08:00
Sauyon Lee	6e4880bc53	Merge pull request #220 from max/example-queries Add example queries	2020-01-24 09:42:31 -08:00
Max Schaefer	d293388172	Add failing test case for RedundantExpr.	2020-01-24 16:20:08 +00:00
Max Schaefer	77b86150d6	Fix regex in ClassifyFiles. `Comment.getText()` does not include the delimiter.	2020-01-24 14:05:13 +00:00
Max Schaefer	c30b1d98ea	Address review comments.	2020-01-24 10:26:59 +00:00
Max Schaefer	ebea811a83	Add example queries.	2020-01-24 10:26:59 +00:00
Max Schaefer	9507a22f48	Merge pull request #213 from sauyon/codeql-test Use codeql for testing and add binary cross compilation support	2020-01-24 09:40:47 +00:00
Sauyon Lee	2bd88d5b61	Merge pull request #225 from max/impossible-interface-nil-check-robustness Make ImpossibleInterfaceNilCheck more robust.	2020-01-23 16:06:03 -08:00
Sauyon Lee	3a53269a52	Merge pull request #223 from max/update-dataflow Add support for taint-getter/setter summaries in data flow.	2020-01-23 16:03:05 -08:00
Sauyon Lee	a6a8375ae5	Merge pull request #224 from max/make-implicit-deref-explicit Make implicit dereferences explicit	2020-01-23 00:50:18 -08:00
Max Schaefer	47104a3db8	Add explanatory comment.	2020-01-23 08:14:57 +00:00
Max Schaefer	5895c6ac69	Fix typo. Co-Authored-By: Sauyon Lee <sauyon@github.com>	2020-01-23 08:10:20 +00:00

1 2 3 4

194 Commits