hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,470 Commits 1,714 Branches 163 Tags
eea893483d519233c9c8fc82f433155dab930e12
Commit Graph

15470 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
eea893483d Merge pull request #4209 from geoffw0/taintbits 
C++: Fix a few remaining holes in taint through std::string
 2020-09-04 17:52:48 +02:00
Jonas Jensen
f92139d2b0 Merge pull request #4202 from geoffw0/localhidesparam 
C++: Improve handling of template functions in cpp/declaration-hides-parameter
 2020-09-04 17:52:35 +02:00
Geoffrey White
156a174cf4 C++: Add explanation. 2020-09-04 14:55:55 +01:00
Geoffrey White
96098c5244 C++: Simplify getConstructedFrom. 2020-09-04 14:52:01 +01:00
Taus
5ffc959e32 Merge pull request #4211 from RasmusWL/python-strange-essaflow 
Python: Add example of strange DataFlow::jumpStep
 2020-09-04 15:47:22 +02:00
Geoffrey White
2472b40b31 C++: Fix test comments. 2020-09-04 14:37:23 +01:00
Geoffrey White
43d8e83258 Merge branch 'main' into taintbits 2020-09-04 14:26:42 +01:00
Geoffrey White
5d1c2a3689 Merge pull request #4204 from jbj/SimpleRangeAnalysis-NEExpr 
C++: Support `!= constant` in range analysis
 2020-09-04 13:47:59 +01:00
Rasmus Wriedt Larsen
cf57afd102 Python: Add example of strange DataFlow::jumpStep 
The example code is just copied from command injection tests, that is not too
important. The important part is that `jumpStep` says there is flow from the
import of `os` to `app.route()` :O
 2020-09-04 14:39:16 +02:00
Taus
59c7907ee4 Merge pull request #4207 from RasmusWL/python-typetracker-small-fixes 
Python: Small fixes for TypeTracker
 2020-09-04 14:30:10 +02:00
Rasmus Wriedt Larsen
6aae75799e Python: Fix import in type tracking test 
Fixes 7855576a6
 2020-09-04 13:36:25 +02:00
CodeQL CI
fd715a5b66 Merge pull request #4179 from RasmusWL/python-tainttracking-ala-go 
Approved by tausbn, yoff
 2020-09-04 12:20:12 +01:00
Jonas Jensen
958f89905d Merge pull request #4197 from github/aeisenberg/devcontainer-settings 
Update devcontainer memory settings
 2020-09-04 12:42:34 +02:00
yoff
7a00fbc654 Merge pull request #4154 from RasmusWL/python-more-complete-dataflow-tests 
Python more complete dataflow tests
 2020-09-04 11:35:24 +02:00
Rasmus Wriedt Larsen
2f480597ef Merge pull request #4157 from RasmusWL/add-labeler-action 
Enable labeler action again
 2020-09-04 11:15:15 +02:00
Rasmus Wriedt Larsen
f12fa52e22 Python: Update inline example for TypeTracker usage 2020-09-04 11:11:30 +02:00
Rasmus Wriedt Larsen
189c94f9e3 Python: Add TypeTracker::end() 
Copied from JS
 2020-09-04 11:10:10 +02:00
Rasmus Wriedt Larsen
7855576a69 Python: TypeTracker only exposes its own interface 
This is especially important if the TypeTracker needs to be publicly imported by
DataFlowPublic.
 2020-09-04 10:58:20 +02:00
Geoffrey White
6c40e22f45 C++: Support further reverse taint flows on things that return *this. 2020-09-04 09:45:10 +01:00
Geoffrey White
018b0a5abf C++: Model std::string front, back and push_back. 2020-09-04 09:45:07 +01:00
Geoffrey White
6e734a894f C++: Additional test cases for std::string. 2020-09-04 09:44:58 +01:00
CodeQL CI
58f51899c9 Merge pull request #4173 from erik-krogh/targetBlankFP 
Approved by esbena
 2020-09-04 08:21:22 +01:00
Tom Hvitved
7f18c3377e Merge pull request #4017 from hvitved/csharp/unqualify-trap-ids3 
C#: Remove assembly prefixes from TRAP labels
 2020-09-04 09:20:39 +02:00
Jonas Jensen
fbe42fb64c C++: Support != constant in range analysis 2020-09-04 09:20:23 +02:00
Jonas Jensen
d061b09fe0 C++: Test showing no support for != and ! 2020-09-04 09:02:42 +02:00
Mathias Vorreiter Pedersen
b7774b2a82 Merge pull request #4201 from geoffw0/insert 
C++: Model iterator versions of string and vector methods
 2020-09-03 21:45:36 +02:00
Geoffrey White
1d04c89927 C++: Autoformat. 2020-09-03 18:54:36 +01:00
Geoffrey White
5124660831 C++: Change note. 2020-09-03 18:54:27 +01:00
Geoffrey White
2d7552358b C++: Put in a better fix. 2020-09-03 18:51:57 +01:00
Geoffrey White
a1c7fd8fec C++: Remove the workaround for CPP-331. 2020-09-03 18:51:21 +01:00
Geoffrey White
5150bf30e7 C++: Add another test case inspired by CPP-331. 2020-09-03 18:50:11 +01:00
Geoffrey White
1483306c4c C++: Add more tests. 2020-09-03 18:39:50 +01:00
CodeQL CI
f180497554 Merge pull request #4192 from max-schaefer/js/ssa__implicitinit 
Approved by asgerf
 2020-09-03 16:46:56 +01:00
Rasmus Wriedt Larsen
29bf98ad26 Python: Fix CUSTOM_SOURCE dataflow regression test 2020-09-03 15:03:53 +02:00
Rasmus Wriedt Larsen
febbe1229a Merge branch 'main' into python-more-complete-dataflow-tests 2020-09-03 14:58:20 +02:00
CodeQL CI
c8ffde20f4 Merge pull request #4195 from RasmusWL/python-taint-default-sanitizer 
Approved by tausbn
 2020-09-03 13:55:32 +01:00
Erik Krogh Kristensen
ed54fdcb06 Merge pull request #4118 from dellalibera/js/ldap 
[javascript] CodeQL to detect LDAP Injection
 2020-09-03 14:50:03 +02:00
Erik Krogh Kristensen
d56ea22018 Merge pull request #4200 from erik-krogh/typeaheadInconsistencyComment 
JS: adjust comment about inconsistency for XSS in typeahead
 2020-09-03 13:56:40 +02:00
Erik Krogh Kristensen
d946a61d6e update expected output 2020-09-03 13:32:54 +02:00
Nick Rolfe
b8ae87470d Merge pull request #4182 from github/igfoo/cfg 
C++: Remove some remnants of the extractor CFG
 2020-09-03 12:22:04 +01:00
Geoffrey White
50d9a85143 C++: Update change note. 2020-09-03 10:52:27 +01:00
Geoffrey White
d4cbb25e09 C++: Model std::string constructors and container constructors that use iterators. 2020-09-03 10:52:27 +01:00
Geoffrey White
1ac0aa169d C++: Add a few more test cases. 2020-09-03 10:52:26 +01:00
Geoffrey White
1ad404c605 C++: Extend model to include std::forward_list::insert_after. 2020-09-03 10:52:26 +01:00
Geoffrey White
fcacb22cad C++: Use [] in std::string begin model. 2020-09-03 10:52:26 +01:00
Geoffrey White
95ca4b674d C++: Add model for std::vector::insert. 2020-09-03 10:52:25 +01:00
Geoffrey White
f61c7ffc1a C++: Add support for iterator parameters to std::vector::assign. 2020-09-03 10:52:25 +01:00
Geoffrey White
8e9faac363 C++: Add support for std::vector begin and end. 2020-09-03 10:52:24 +01:00
Geoffrey White
4d47eaa08d C++: Add support for iterator parameters to std::string::assign. 2020-09-03 10:52:24 +01:00
Geoffrey White
98f84646d6 C++: Result changes due to iterators PR, which adds support for std::string begin and end, and iterator parameters to std::string::insert and some similar functions. 2020-09-03 10:52:24 +01:00