hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
366 Commits 1,684 Branches 159 Tags
f41151350a728c19ea7586fa04699bc233d1b379
Commit Graph

366 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
f41151350a Merge pull request #60 from sauyon/bitwise-xor-fps 
MistypedExponentiation: Add a heuristic to reduce FPs
 2020-03-13 15:46:03 +00:00
Sauyon Lee
78ad006e68 Merge pull request #55 from max-schaefer/tainted-arithmetic 
Add new query `AllocationSizeOverflow`.
 2020-03-13 07:16:54 -07:00
Max Schaefer
39fa6052e6 Also treat second argument to make (slice capacity) as an allocation size. 2020-03-13 12:17:53 +00:00
Max Schaefer
864c85e886 Fix typo. 2020-03-13 10:27:58 +00:00
Max Schaefer
b2f1da8942 Simplify a condition. 2020-03-13 10:27:58 +00:00
Max Schaefer
d66888e651 Make query more extensible. 2020-03-13 10:27:58 +00:00
Max Schaefer
ea36d49218 Add new query AllocationSizeOverflow. 2020-03-13 10:18:51 +00:00
Sauyon Lee
ea5e6a324d Add change note 2020-03-13 03:10:55 -07:00
Sauyon Lee
630d0cef89 Address review comments 2020-03-12 09:13:52 -07:00
Sauyon Lee
6e681f829b MistypedExponentiation: Add a heuristic to reduce FPs 2020-03-12 09:13:52 -07:00
Max Schaefer
2c751f2945 Merge pull request #58 from max-schaefer/desemmlify 
Docs: Remove some Semmle references.
 2020-03-12 16:05:48 +00:00
Sauyon Lee
b64a43f578 Merge pull request #57 from max-schaefer/trap.gz 
Gzip TRAP files
 2020-03-12 06:24:32 -07:00
Max Schaefer
270ae0926a Docs: Remove some Semmle references. 2020-03-12 10:57:06 +00:00
Max Schaefer
6b0ba750e6 Put gzip writer on top of bufio writer. 2020-03-12 08:40:22 +00:00
Max Schaefer
d7d5447689 Merge pull request #46 from sauyon/force-extract-methods 
Extract methods when they don't exist
 2020-03-12 08:16:44 +00:00
Sauyon Lee
2e8958583b Merge pull request #56 from max-schaefer/issue-66 
Standardize experimental contribution
 2020-03-11 14:18:35 -07:00
Max Schaefer
8901ba62e0 Gzip TRAP files. 2020-03-11 15:14:37 +00:00
Max Schaefer
8136ebbb91 Merge pull request #54 from sauyon/vendor-support 
extractor: Use -mod=vendor when a vendor directory exists
 2020-03-11 11:36:49 +00:00
Max Schaefer
b3022c9fc8 Standardise RangeAnalysis.qll. 
This brings the library in line with our usual syntactic conventions regarding QLDoc and names. I've also made a few superficial simplifications here and there.

Overall, the code would benefit from being rewritten to make use of the data-flow graph, but that is a larger undertaking.
 2020-03-11 11:20:59 +00:00
Max Schaefer
a95b9c8e02 Rename a few files and clean up wording. 2020-03-11 11:04:42 +00:00
Max Schaefer
2fd925fe90 Autoformat. 2020-03-11 10:47:23 +00:00
Sauyon Lee
5056b5f161 Apply review comments. 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-11 03:26:18 -07:00
Sauyon Lee
1f83aa4586 Add a -mod=vendor change note 2020-03-11 03:10:35 -07:00
Max Schaefer
f1d489f6f9 Merge pull request #51 from singleghost/master 
Add integer overflow detection support for codeql-go.
 2020-03-11 10:00:39 +00:00
Sauyon Lee
57b874e047 extractor: Only skip dependency installation when vendor folder is detected 2020-03-11 02:59:33 -07:00
Max Schaefer
a8c1731f9d Merge pull request #50 from sauyon/uintptr 
Make uintptrtype a subclass of unsignedintegertype
 2020-03-11 09:57:00 +00:00
Sauyon Lee
ecd4c42428 extractor: Factor out method extraction 
This fixes a subtle bug where the underlying interface type was used
as the receiver when constructing method labels, causing some database
inconsistencies.
 2020-03-10 22:01:16 -07:00
Sauyon Lee
0daf8c1fa3 extractor: Extract methods when their labels don't exist 2020-03-10 20:36:49 -07:00
Sauyon Lee
ccae530508 extractor: minor refactoring to use variables 2020-03-10 20:36:13 -07:00
Sauyon Lee
0aa46becf9 extractor: Use -mod=vendor when a vendor directory exists 2020-03-10 16:44:03 -07:00
singleghost
2aa2f608a3 Move files related to integer overflow detection under the src/experimental folder 2020-03-10 19:02:05 +08:00
Max Schaefer
7ec7b17ce7 Merge pull request #53 from sauyon/close-files 
extractor: Close files even when writes fail
 2020-03-10 09:38:02 +00:00
Sauyon Lee
79ab831776 extractor: Close files even when writes fail 2020-03-10 00:52:33 -07:00
Sauyon Lee
cdf3bc4fa0 Merge pull request #52 from max-schaefer/issue-48 
Improve taint-tracking through pointers and other fixes
 2020-03-09 06:36:43 -07:00
Sauyon Lee
2428efcb6d Make @uintptrtype a @unsignedintegertype 2020-03-09 04:40:02 -07:00
Sauyon Lee
5b81775670 Fix constant values test data 2020-03-09 04:40:01 -07:00
Max Schaefer
4dca00e99c Merge pull request #45 from sauyon/go-mod-libs 
Go.mod extraction libraries and tests
 2020-03-09 09:40:41 +00:00
singleghost
77ec4c913f Add integer overflow detection support for codeql-go. 
I wrote a ql library which can perform range analysis on expression and
can detect whether an arithmetic operation may overflow. I wrote this library with reference to the `SimpleRangeAnalysis.qll` for C language. I hope this helps a little bit for those who want to detect integer overflow issues in code.
 2020-03-07 21:34:38 +08:00
Sauyon Lee
2d879458ba Merge pull request #49 from max-schaefer/more-function-outputs 
Make `FunctionOutput` more useful
 2020-03-06 09:41:40 -08:00
Max Schaefer
1be0cc57a8 Add test case from https://github.com/github/codeql-go/issues/48. 2020-03-06 17:35:50 +00:00
Max Schaefer
bcb9ce2498 Add another test for StringBreak. 2020-03-06 17:35:50 +00:00
Max Schaefer
bf6865b96a Add model of ioutil.ReadAll 2020-03-06 17:35:50 +00:00
Max Schaefer
f599243a34 Conflate references and referents more thoroughly in taint tracking. 2020-03-06 17:35:50 +00:00
Max Schaefer
aa8bc972d9 Address review comments. 2020-03-06 15:03:45 +00:00
Sauyon Lee
3d88032f81 Address review comments. 
Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:30 -08:00
Sauyon Lee
43fbf47da3 Add a change note about go.mod extraction 2020-03-06 06:51:28 -08:00
Sauyon Lee
555b0a9527 Add a GoModFile class 2020-03-06 06:51:27 -08:00
Sauyon Lee
38596dddc0 Address review comments. 
Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:26 -08:00
Sauyon Lee
34f34e2241 GoModExpr.qll: Rename getOffsetToken to GoModLine.getToken 
Also add getRawToken to do what getToken did before, and fix up
documentation.
 2020-03-06 06:51:25 -08:00
Sauyon Lee
4b9cc87c2e Add test for replace line with versions 2020-03-06 06:51:24 -08:00