hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
767 Commits 1,684 Branches 159 Tags
f11b95658364dfd5531357e7531cac09615dfd89
Commit Graph

767 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
f11b956583 Add a superclass for literals (#172) 2020-06-11 19:53:40 +01:00
Max Schaefer
40ffa221bc Merge pull request #171 from owen-mc/typeexprs-extend-typeexpr 
Make `ArrayTypeExpr` and so on extend `TypeExpr`
 2020-06-11 17:20:29 +01:00
Max Schaefer
b164cf33c7 Merge pull request #174 from github/rc/1.24 
Merge rc/1.24 into master
 2020-06-11 17:19:23 +01:00
Max Schaefer
9e3681cda4 Merge pull request #173 from owen-mc/update-ast-class-reference 
Update AST class reference
 2020-06-11 16:47:43 +01:00
Owen Mansel-Chan
71005f19c6 Update AST class reference 
To match https://github.com/github/codeql/pull/3685
 2020-06-11 16:08:36 +01:00
Owen Mansel-Chan
c891d22f74 Make ArrayTypeExpr and so on extend TypeExpr 
To avoid a recursive definition, need to replace ArrayTypeExpr with@arraytypeexpr and so on in isTypeExprBottomUp(Expr e).
 2020-06-11 11:06:15 +01:00
Max Schaefer
24e2a294ed Merge pull request #169 from max-schaefer/rc/1.24 
Merge rc/1.24 into master
 2020-06-11 09:15:28 +01:00
Max Schaefer
d8f1873635 Merge branch 'master' into rc/1.24 2020-06-11 08:10:22 +01:00
Owen Mansel-Chan
c30893aba7 Add AST class reference (#164) 2020-06-10 15:59:48 +01:00
Max Schaefer
8787f0b4f0 Merge pull request #165 from sauyon/support-actions 
autobuilder: Add support for GITHUB_REPOSITORY environment variable
 2020-06-10 09:45:18 +01:00
Sauyon Lee
4cd3f89128 Merge pull request #168 from max-schaefer/make-autoformat 
Add Make target to autoformat all QL.
 2020-06-09 12:55:57 -07:00
Sauyon Lee
ba0f922a28 autobuilder: Add support for GITHUB_REPOSITORY environment variable 
This is for use within GitHub actions
 2020-06-09 11:52:23 -07:00
Max Schaefer
1342d8688e Autoformat. 2020-06-09 17:38:18 +01:00
Max Schaefer
b4b78ff923 Use newer version of CodeQL. 2020-06-09 17:36:38 +01:00
Max Schaefer
6b5657b5fb Add PR check to ensure everything is autoformatted. 2020-06-09 17:31:29 +01:00
Max Schaefer
04af08ca0d Add Make target to autoformat all QL. 
Use

```sh
make autoformat
```

to format all `.ql` and `.qll` files under `ql/src`.

Use

```sh
make AUTOFORMAT=--check-only autoformat
```

to check that all `.ql` and `.qll` files under `ql/src` are correctly formatted and fail if they are not.
 2020-06-09 17:27:53 +01:00
Max Schaefer
524b11b81a Merge pull request #163 from robertbrignull/more-suites 
Add more code-scanning suites
 2020-06-04 09:53:14 +01:00
Robert Brignull
9ee57374cb add more code-scanning suites 2020-06-01 10:58:49 +01:00
Max Schaefer
b37bdec66c Merge pull request #157 from owen-mc/isresult-consistency 
Make FunctionOutput.isResult(0) and CallNode.getResult(0) match single results
 2020-05-29 17:13:21 +01:00
Max Schaefer
2f7ff6b56c Merge pull request #162 from max-schaefer/open-url-redirect-formvalue 
Consider `Request.FormValue(...)` as a source for URL redirects.
 2020-05-29 15:56:50 +01:00
Max Schaefer
8f0592a079 Consider Request.FormValue(...) as a source for URL redirects. 
Despite its name, this method doesn't just handle form values but also query parameters.
 2020-05-29 15:03:05 +01:00
Sauyon Lee
b1db53e733 Merge pull request #161 from max-schaefer/more-mutable-types 
Broaden definition of mutable types for taint tracking
 2020-05-29 06:55:16 -07:00
Max Schaefer
64c60f6153 Merge pull request #160 from sauyon/readme 
Add links to the CodeQL CLI and LGTM.com
 2020-05-29 07:13:20 +01:00
Sauyon Lee
51026a7142 Add links to the CodeQL CLI and LGTM.com 2020-05-28 22:38:23 -07:00
Owen Mansel-Chan
36fa2c29fa Simplify more code 2020-05-28 17:40:23 +01:00
Owen Mansel-Chan
65608a2912 Address review comments 2020-05-28 17:24:37 +01:00
Max Schaefer
e3501ddb44 Introduce more post-update nodes. 
To model (taint) flow through functions, we introduce post-update nodes for arguments (including receivers), but only if that argument is mutable.

However, previously our criterion for determining whether an argument is mutable was a little too restrictive. In particular, we would not consider a struct-typed argument as mutable, since structs are passed by value. While this is reasonable for data flow, it is unnecessarily restrictive for taint, since it makes perfect sense to track deep taint through structs.

So instead we now turn things round and instead consider _all_ types to be mutable except for primitive types (booleans, numbers, and strings).
 2020-05-28 15:33:09 +01:00
Max Schaefer
0dd7676bd8 Add another function-model test. 2020-05-28 15:31:00 +01:00
Max Schaefer
1c5dd51992 Add codespaces configuration 2020-05-28 13:09:21 +00:00
Owen Mansel-Chan
bbce7d1f05 Simplify existing code 2020-05-28 13:07:08 +01:00
Owen Mansel-Chan
1c5a4605d6 Add CallNode.getAResult() 2020-05-28 12:49:05 +01:00
Owen Mansel-Chan
1580591b73 Address review comments 2020-05-28 12:49:05 +01:00
Max Schaefer
e7095baa39 Fix nonHtmlContentType. 2020-05-27 16:52:11 +01:00
Owen Mansel-Chan
f0e1147551 Make CallNode.getResult(0) match single results 2020-05-27 10:24:09 +01:00
Owen Mansel-Chan
4be805966f Make FunctionOutput.isResult(0) match single results 2020-05-27 10:24:09 +01:00
Owen Mansel-Chan
ae2ed877ee Add tests for CallNode.getResult 2020-05-27 10:24:09 +01:00
Owen Mansel-Chan
53cfbcc255 Add tests for FunctionOutput.isResult 2020-05-27 10:24:03 +01:00
Max Schaefer
8596a99f9d Merge pull request #156 from max-schaefer/update-data-flow 
Data flow: Remove deprecated predicates.
 2020-05-26 16:16:44 +01:00
Max Schaefer
a59e754403 Data flow: Remove deprecated predicates. 
cf https://github.com/github/codeql/pull/3515
 2020-05-26 11:09:35 +01:00
Max Schaefer
1f54edfe99 Add make target for synchronising data-flow libraries. 2020-05-26 11:09:07 +01:00
Max Schaefer
63fddfc705 Merge pull request #155 from sauyon/dbscheme-binary 
Create a new entry point for generating dbschemes
 2020-05-26 10:17:39 +01:00
Sauyon Lee
aef7524f35 Add a go-gen-dbscheme for generating dbschemes 2020-05-22 08:04:40 -07:00
Max Schaefer
4206408826 Merge pull request #153 from max-schaefer/cleanup-107 
More cleanup
 2020-05-22 13:18:46 +01:00
Max Schaefer
223d0dbf0b Fix missing </p> in qhelp. 2020-05-22 11:18:27 +01:00
Max Schaefer
bccf750e2e Sort go.qll alphabetically. 2020-05-22 11:12:31 +01:00
Max Schaefer
1d479d9a73 Add change note. 2020-05-22 11:11:58 +01:00
Max Schaefer
3c8fa02356 Regularise a few comments. 2020-05-22 11:11:58 +01:00
Max Schaefer
adc3ce8274 Extend documentation for package and use it in two more places. 
The predicate now works with an empty package path.

The way this is implemented is perhaps slightly non-obvious: the `($|/)\\Q" + path + "\\E"` part of the regular expression either matches the end of the string (and `path` must then be empty), or a slash followed by `path` (which may or may not be empty).

We do allow non-canonical import paths ending in `/`, which the compiler rejects. We could disallow that by putting a `(?!$)` assertion after the `/`, but that seems overkill.
 2020-05-22 11:11:58 +01:00
Max Schaefer
31c636fa55 Standardise on capitalisation WebSocket. 2020-05-22 11:11:58 +01:00
Max Schaefer
1d910a9622 Merge pull request #148 from owen-mc/syntax-examples-for-ast-classes 
Add syntax examples to  qldoc comments for AST classes
 2020-05-22 10:48:18 +01:00