hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
127 Commits 1,684 Branches 159 Tags
f42a2b060cd0eff5fd0b26147eb67ea1faf07aa3
Commit Graph

127 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
f42a2b060c Take implicit dereferences in index and slice expressions into account as well. 2020-01-21 09:56:59 +00:00
Max Schaefer
a4f5ad7412 Refactor implementation of SliceNode. 2020-01-21 09:56:59 +00:00
Max Schaefer
44b9bcf7a1 Autoformat. 2020-01-21 09:56:59 +00:00
Max Schaefer
64049d8f3d Make taint tracking less syntactic. 2020-01-21 09:56:59 +00:00
Max Schaefer
9f897132f2 Update HTTP library. 2020-01-21 09:56:59 +00:00
Max Schaefer
a2879dc754 Model implicit dereferences in data flow. 2020-01-21 09:56:59 +00:00
Max Schaefer
ba9d2fb2eb Add IR instructions to model implicit pointer dereferences. 2020-01-21 09:56:59 +00:00
Max Schaefer
efc5f10f07 Streamline definition of UserControlledRequestField. 2020-01-21 09:56:59 +00:00
Max Schaefer
39b28a4969 Make CallNode.getReceiver() less syntactic. 2020-01-21 09:56:59 +00:00
Max Schaefer
ef964632be Remove CallExpr.getQualifier() and its single, pointless, use. 2020-01-21 09:56:59 +00:00
Max Schaefer
8fc414b93f Autoformat. 2020-01-21 09:56:59 +00:00
Max Schaefer
1d33a619d9 Add failing test case. 2020-01-20 20:46:12 +00:00
Sauyon Lee
471d843025 Merge pull request #222 from max/switch-guard-nodes 
Switch guard nodes
 2020-01-17 21:44:59 +00:00
Sauyon Lee
2d97b396b7 Merge pull request #20 from github/sort-change-notes 
Sort lines in change notes.
 2020-01-17 09:01:46 -08:00
Max Schaefer
08ba795565 Sort lines in change notes. 2020-01-17 15:46:50 +00:00
Max Schaefer
24f9fce7a1 Rename MkCaseNode as suggested. 2020-01-17 10:32:39 +00:00
Max Schaefer
e86201829e Add an explanatory comment. 2020-01-17 10:27:36 +00:00
Max Schaefer
98c7c4a255 Autoformat. 2020-01-17 10:25:10 +00:00
Sauyon Lee
aa9489ea28 Merge pull request #218 from max/field-refs 
Fix handling of references to fields and methods
 2020-01-16 14:26:55 -08:00
Sauyon Lee
7040b76cf6 Merge pull request #219 from max/new-env-vars 
Teach extractor about CodeQL environment variables.
 2020-01-15 11:37:26 -08:00
Max Schaefer
1ad90b6739 Teach extractor about CodeQL environment variables. 2020-01-15 14:01:30 +00:00
Max Schaefer
b7a830593d Correctly create extract nodes for returns where we cannot infer the type of the returned expression, but know from context that it must be a tuple type. 2020-01-15 10:22:29 +00:00
Max Schaefer
86708f7867 Merge pull request #212 from sauyon/dependency-update 
Dependency update
 2020-01-15 09:18:14 +00:00
Sauyon Lee
f32a785127 Merge pull request #217 from max/issue-24 
Switch RedundantExpr query back to using AST instead of global value numbering.
 2020-01-14 13:05:44 -08:00
Max Schaefer
3d508d44e7 Fix global value numbering. 2020-01-14 20:44:13 +00:00
Max Schaefer
2fdd45255c Add two new tests. 2020-01-14 17:06:42 +00:00
Max Schaefer
61976d8dea Fix code that does not account for the fact that Field is a subtype of ValueEntity. 2020-01-14 15:52:48 +00:00
Max Schaefer
0c254f8cd1 Fix a typo. 2020-01-14 15:35:18 +00:00
Max Schaefer
c96cebb022 Make reads(ValueEntity) and writes(ValueEntity) work for fields. 2020-01-14 15:35:18 +00:00
Sauyon Lee
1125c1ac41 Merge pull request #216 from Semmle/add-sql-tx-support 
Add tests for https://github.com/github/codeql-go/pull/15
 2020-01-14 01:55:29 -08:00
Max Schaefer
efc72fa01a Remove Entity.getAUse() and replace uses with getAReference(). 
The former had result type `Ident`, so it wouldn't pick up references to methods and fields. Apart from that, it is subsumed by the latter anyway.
 2020-01-14 07:15:43 +00:00
Max Schaefer
d339d55faa Merge pull request #15 from RicterZ/add-sql-tx-support 
Add sql.Tx.Exec/Query... support
 2020-01-13 08:38:32 +00:00
Max Schaefer
d55ebd731d Autoformat. 2020-01-13 08:37:32 +00:00
Max Schaefer
36c620d1dd Add tests and change note. 2020-01-13 08:37:01 +00:00
Ricter Zheng
a6e0dcaefc Add sql.Tx.Exec/Query... support 
Ref: https://golang.org/pkg/database/sql/#Tx.ExecContext
 2020-01-13 15:17:55 +08:00
Sauyon Lee
00dd464697 Update stats 2020-01-10 19:27:47 -08:00
Sauyon Lee
f01ef40af3 Update golang.org/x/tools dependency 2020-01-10 19:27:46 -08:00
Sauyon Lee
5985559161 Merge pull request #214 from max/issue-26 
Model `Header.Get` as a source of untrusted input.
 2020-01-10 19:26:43 -08:00
Max Schaefer
384d21b0e9 Switch RedundantExpr query back to using AST instead of global value numbers. 
Most current alerts (https://lgtm.com/rules/1510380685982/alerts/), while technically correct, are likely intentional and harmless. This change keeps only the interesting ones: https://lgtm.com/query/2999122885894714237
 2020-01-10 14:46:54 +00:00
Max Schaefer
c60ddb0f7c Model Header.Get as a source of untrusted input. 2020-01-10 12:29:18 +00:00
Max Schaefer
1cafec56ad Add condition guard nodes for some switch statements. 
We now create condition guard nodes for `cond1` and `cond2` in

```
switch {
case cond1:
  s1
case cond2:
  s2
default:
  s3
}
```

to record the fact that `cond1` is known to be true at `s1` and false at `cond2`, and that `cond2` is known to be true at `s2` and false at `default`.
 2020-01-10 10:37:51 +00:00
Max Schaefer
e7514bf133 Add new test cases for CFG construction. 2020-01-09 17:20:39 +00:00
Sauyon Lee
3ab68cb624 Merge pull request #208 from max/incomplete-url-scheme-check 
Add `IncompleteUrlSchemeCheck` query
 2020-01-08 00:50:58 -08:00
Max Schaefer
3d7046e38c Apply suggestions from code review 
Co-Authored-By: Shati Patel <shati@semmle.com>
 2020-01-07 20:07:44 +00:00
Max Schaefer
0d2fe473d7 Add IncompleteUrlSchemeCheck query. 2020-01-07 14:46:49 +00:00
Max Schaefer
9cff56b975 Rename StringConcatenation.qll to StringOps.qll and add HasPrefix class. 2020-01-07 14:46:49 +00:00
Max Schaefer
aeb9840144 Add SliceNode class. 2020-01-06 15:36:54 +00:00
Sauyon Lee
db40535b70 Merge pull request #207 from max/uber-fixes 
Various library improvements
 2020-01-03 17:18:49 -08:00
Max Schaefer
638fe07da0 Move getReceiver from MethodCallNode to CallNode. 2020-01-03 14:14:18 +00:00
Max Schaefer
bb4052a574 Generalise result type of getACallee. 2020-01-03 14:14:18 +00:00