hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-15 01:41:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,544 Commits 1,784 Branches 169 Tags
f543adcd38215403cf482c0c41e850d8d50ddaaa
Commit Graph

4544 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Shannon
f543adcd38 Python points-to: Fix up matching arguments to parameters. 2019-04-26 16:21:46 +01:00
Mark Shannon
662aedcb13 Python points-to: Fix up module attributes and classmethods. 2019-04-26 16:21:46 +01:00
Mark Shannon
fc2c46fe4a Python: Fix error in update Module to use new points-to API. 2019-04-26 16:21:46 +01:00
Mark Shannon
782311f805 Python: Update taint-tracking to use new points-to API. 2019-04-26 16:21:46 +01:00
Mark Shannon
3c30480845 Python: Extend API a bit. 2019-04-26 16:21:46 +01:00
Mark Shannon
31a95ceeec Python points-to: Use strongly typed version of CfgOrigin. 2019-04-26 16:21:46 +01:00
Mark Shannon
162bf5143b Python points-to: Assorted improvements to performance and better compatibility. 2019-04-26 16:21:46 +01:00
Mark Shannon
ef0a6b6713 Python points-to: Rationalize handling of expressions and conditions. Tweak API to be a bit more backward-compatible. 2019-04-26 16:21:46 +01:00
Mark Shannon
54c27e1d4b Python points-to: Various minor performance tweaks. 2019-04-26 16:21:46 +01:00
Mark Shannon
23ca403728 Python points-to: Understand callable and hasattr. 2019-04-26 16:21:46 +01:00
Mark Shannon
8af6cb6644 Python points-to: Use objects, not booleans when doing evaluation of tests. 2019-04-26 16:21:46 +01:00
Mark Shannon
610a35c187 Python points-to: Improve backwards compatibility for comparisons. 2019-04-26 16:21:45 +01:00
Mark Shannon
f7edbcc6d9 Python points-to: Clean up interface, and deprecate old interface. 2019-04-26 16:21:45 +01:00
Mark Shannon
d3762ac5a1 Rename 'points_to' to 'pointsTo'. 2019-04-26 16:21:45 +01:00
Mark Shannon
931100c772 Python points-to: Add float objects for better backwards compatibility. 2019-04-26 16:21:45 +01:00
Mark Shannon
e9f58ba3a7 Python: refactor ConstantObjects. 2019-04-26 16:21:45 +01:00
Mark Shannon
0b0a6337f3 Python points-to: Support descriptor protocols, particularly functions. 2019-04-26 16:21:45 +01:00
Mark Shannon
dbf228d005 Python points-to: Better handling of *args, **kwargs and procedures. 2019-04-26 16:21:45 +01:00
Mark Shannon
f5c32421f4 Python points-to: Handle list, dict and float literals as instances. 2019-04-26 16:21:45 +01:00
Mark Shannon
48297e299e Python points-to: Improve handling of 'type' object. 2019-04-26 16:21:45 +01:00
Mark Shannon
85a9016c8c Python points-to: make 'self' instances distinct from other instances. 2019-04-26 16:21:45 +01:00
Mark Shannon
12853ccf30 Python points-to: Add support for tuples. 2019-04-26 16:21:45 +01:00
Mark Shannon
dd83149cc3 Python points-to: Port old API classes to use new points-to. 2019-04-26 16:21:45 +01:00
Mark Shannon
aa30745492 Python points-to: Further types and flow. 2019-04-26 16:21:45 +01:00
Mark Shannon
e3ed8c6abf Python points-to: Simplify handling of booleans and comparisons. 2019-04-26 16:21:45 +01:00
Mark Shannon
84c9866c50 Python points-to: Add generic instances and handle returns for builtin functions. Move attribute lookup handling to objects. 2019-04-26 16:21:45 +01:00
Mark Shannon
ce9d0f1a06 Python points-to: Add support for some more ESSA definitions. 2019-04-26 16:21:45 +01:00
Mark Shannon
ec151e9b02 Python points-to: Convert two pairs of predicates to methods on booleans. 2019-04-26 16:21:45 +01:00
Mark Shannon
39b9723054 Python: Add support for bound-methods. 2019-04-26 16:21:45 +01:00
Mark Shannon
bf692f4aad Python: Add better class support, including inheritance. 2019-04-26 16:21:45 +01:00
Mark Shannon
5a46df2132 Python: Add ADTs for ints and strings. Add some global data-flow. 2019-04-26 16:21:45 +01:00
Mark Shannon
051683fadf Python: Break-up internal object modules. 2019-04-26 16:21:45 +01:00
Mark Shannon
c48d63f2ec Python: First draft of ADT based objects and attendant points-to. 2019-04-26 16:21:45 +01:00
Taus
7d2c17f27c Merge pull request #1271 from markshannon/python-fix-fp-http-prefix 
Python: Fix false positive in 'Incomplete URL substring sanitization' query
 2019-04-26 15:23:04 +02:00
Jonas Jensen
bdb678a318 Merge pull request #1267 from rdmarsh2/rdmarsh/cpp/def-by-ref-taint 
C++: add taint edges to DefinitionByReferenceNode
 2019-04-26 08:50:20 +02:00
Robert Marsh
f5c57b77e6 C++: fix whitespace 2019-04-25 16:16:27 -07:00
Mark Shannon
2db06f9881 Merge pull request #1282 from taus-semmle/python-various-dist-compare-fixes 
Python: Add missing `override` annotations.
 2019-04-25 18:39:01 +01:00
Mark Shannon
28799441af Python: Fix false positive in 'Incomplete URL substring sanitization' query. 2019-04-25 18:11:01 +01:00
Taus Brock-Nannestad
c8cbae37d9 Python: Add missing override annotations. 2019-04-25 16:48:47 +02:00
semmle-qlci
3231b60e6b Merge pull request #1272 from asger-semmle/access-path-capture 
Approved by xiemaisi
 2019-04-25 11:32:54 +01:00
Asger F
47ba7d3004 Merge pull request #1278 from xiemaisi/js/symbolic-constants 
JavaScript: Generalise `ConstantComparison` sanitisers.
 2019-04-25 11:17:22 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
semmle-qlci
a504ad4261 Merge pull request #1270 from xiemaisi/odasa/7904 
Approved by esben-semmle
 2019-04-24 21:50:07 +01:00
Taus
0917936100 Merge pull request #1273 from markshannon/python-fix-odasa-7890 
Add test confirming correct handling of zope.interface.Interface in query.
 2019-04-24 11:59:35 +02:00
Asger F
a16753c125 JS: Add documentation 2019-04-24 10:12:55 +01:00
Jonas Jensen
1dcfd21a5c Merge pull request #1264 from geoffw0/redundantnullperf 
CPP: Add qhelp for RedundantNullCheckSimple.ql.
 2019-04-24 10:25:23 +02:00
Robert Marsh
919f5c616f C++: comment and test for taint flow via memcpy 2019-04-23 11:17:18 -07:00
semmle-qlci
060aa8cb6c Merge pull request #1274 from asger-semmle/ts-export-equals 
Approved by xiemaisi
 2019-04-23 17:07:52 +01:00
Asger F
08bc29cddb TS: fix analysis of export= statements 2019-04-23 13:09:40 +01:00
Mark Shannon
6a9bb5c5c9 Add test confirming correct handling of zope.interface.Interface in query. 2019-04-23 12:52:50 +01:00