hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,332 Commits 1,712 Branches 163 Tags
f94055fa2c66afa2a06cc80a2ef4be5a9eedf540
Commit Graph

14332 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
intrigus
f94055fa2c Move tainted path ad-hoc guard back. 2020-07-19 00:19:29 +02:00
intrigus
33526f61a8 Make path creation subclasses private. 2020-07-19 00:11:04 +02:00
intrigus
b705f7f3e9 Improve "PathCreation" Test. 2020-07-19 00:10:39 +02:00
intrigus
4570444c7e Rename to getAnInput and clarify doc. 2020-07-19 00:10:13 +02:00
intrigus
641c5df79f Centralize and model additional path creations. 2020-07-09 14:48:47 +02:00
semmle-qlci
e167b87150 Merge pull request #3932 from max-schaefer/portals-additions 
Approved by esbena
 2020-07-09 11:43:45 +01:00
Max Schaefer
7a1410e0d5 JavaScript: Update and expand tests. 2020-07-09 09:25:52 +01:00
Anders Schack-Mulligen
777dc6305c Merge pull request #3893 from aibaars/set-map-list-copy-of 
Java: model some new Set,List,Map methods
 2020-07-09 10:18:12 +02:00
Max Schaefer
1c47260bde JavaScript: Add support for global variables to portals. 2020-07-09 09:12:56 +01:00
Max Schaefer
c40ef0556a JavaScript: Broaden scope of imports considered relevant to portals. 
Previously, we only considered an import relevant to portals if the path it imported was declared as a dependency. This falls down for deep imports where a specific module inside the package is imported rather than the default entry point, for imports of built-in modules like `fs`, and in cases where a developer simply forgets to declare a dependency.

So instead we now consider all imports relevant whose path does not start with a dot or a slash.
 2020-07-09 09:09:44 +01:00
Max Schaefer
8b4b5781e6 JavaScript: Add utility predicate getBasePortal(i). 
This iterates the existing `getBasePortal()` predicate `i` times.
 2020-07-09 09:08:18 +01:00
Robert Marsh
0e66d0892b Merge pull request #3785 from MathiasVP/dataflow-operand-nodes 
C++: Operands as dataflow nodes
 2020-07-08 14:50:54 -07:00
Jonas Jensen
0bbbfe58cf Merge pull request #3916 from geoffw0/cc_followup2 
C++: Add missing constructor taint test
 2020-07-08 16:35:47 +02:00
Arthur Baars
e8f216c761 Merge remote-tracking branch 'upstream/master' into set-map-list-copy-of 2020-07-08 15:11:13 +02:00
Anders Schack-Mulligen
bf5c5297d3 Merge pull request #3897 from aibaars/util-objects 
Java: data flow for `java.util.Objects`
 2020-07-08 15:07:50 +02:00
Anders Schack-Mulligen
528f250af3 Merge pull request #3653 from lcartey/java/improve-spring-support 
Java: Improve modelling of Spring requests, flow steps and XSS sinks
 2020-07-08 15:00:14 +02:00
Luke Cartey
443c13d516 Merge pull request #2 from aschackmull/java/spring-3653-2 
Java: Fix qltests for https://github.com/github/codeql/pull/3653
 2020-07-08 13:19:45 +01:00
Anders Schack-Mulligen
b88ebd69c1 Java: Fix OgnlInjection qltest 2020-07-08 14:12:27 +02:00
Anders Schack-Mulligen
a4fe4f41b9 Java: Fix JndiInjection qltest 2020-07-08 14:09:08 +02:00
Anders Schack-Mulligen
581d496167 Java: Fix LdapInjection qltest 2020-07-08 14:04:01 +02:00
Arthur Baars
72a24972e7 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-07-08 13:30:24 +02:00
Anders Schack-Mulligen
48e4759632 Merge branch 'master' into java/spring-3653-2 2020-07-08 13:06:51 +02:00
semmle-qlci
6ef7288848 Merge pull request #3922 from aschackmull/java/stub-cleanup 
Approved by aibaars
 2020-07-08 12:04:39 +01:00
Anders Schack-Mulligen
b38839e84e Merge pull request #3920 from Marcono1234/patch-3 
Improve VariableAssign.getSource documentation
 2020-07-08 10:25:13 +02:00
Anders Schack-Mulligen
6eac8e82a3 Java: Consolidate spring-ldap-2.3.2 stubs. 2020-07-08 10:08:44 +02:00
Anders Schack-Mulligen
40b9d34ab9 Java: Consolidate springframework-5.2.3 stubs 2020-07-08 09:57:48 +02:00
Anders Schack-Mulligen
c166fee198 Merge pull request #3894 from aibaars/util-arrays 
Java: model taint for java.util.Arrays
 2020-07-08 09:06:40 +02:00
Marcono1234
00a61816c0 Improve VariableAssign.getSource documentation 2020-07-07 22:37:58 +02:00
Taus
548fceb306 Merge pull request #3917 from RasmusWL/python-fix-experimental-tests 
Python: Fix experimental tests
 2020-07-07 22:05:47 +02:00
Rasmus Wriedt Larsen
7306f58e57 Python: Fix experimental tests 2020-07-07 19:44:43 +02:00
Rasmus Wriedt Larsen
1d5ef381ae Merge pull request #3915 from tausbn/python-qlformat-everything-again 
Python: Autoformat everything using `qlformat`.
 2020-07-07 18:48:05 +02:00
Arthur Baars
940fec5669 Drop taint tracking for Arrays.{deepToString,toString} 2020-07-07 17:26:49 +02:00
Arthur Baars
583f7f914e Drop taint tracking for Arrays.{setAll, parallelSetAll, parallelPrefix} 2020-07-07 17:22:30 +02:00
Taus Brock-Nannestad
45eccb2521 Python: Fix test failures. 2020-07-07 17:01:17 +02:00
Geoffrey White
bc7c83a5d6 C++: Add taint test cases confirming that constructor definitions do no need to be present. 2020-07-07 16:01:13 +01:00
Arthur Baars
9cf6601d02 Java: Data flow for java.util.Objects 2020-07-07 16:58:22 +02:00
Ian Lynagh
22666dd46e Merge pull request #3875 from igfoo/is_constexpr 
C++: Accept test changes for is_constexpr
 2020-07-07 15:47:28 +01:00
Taus
df4d145490 Merge branch 'master' into python-qlformat-everything-again 2020-07-07 16:33:21 +02:00
Jonas Jensen
32fcfcf97c Merge pull request #3912 from aschackmull/location-doc 
C++/C#/JavaScript/Python: Port Location qldoc update.
 2020-07-07 15:54:34 +02:00
Taus Brock-Nannestad
f07a7bf8cf Python: Autoformat everything using qlformat. 
Will need subsequent PRs fixing up test failures (due to deprecated
methods moving around), but other than that everything should be
straight-forward.
 2020-07-07 15:43:52 +02:00
Luke Cartey
3fef5cabf1 Merge pull request #1 from aschackmull/java/spring-3653 
Java: Review changes for https://github.com/github/codeql/pull/3653
 2020-07-07 12:07:33 +01:00
Anders Schack-Mulligen
67db1df00c C++/C#/JavaScript/Python: Port Location qldoc update. 2020-07-07 11:39:27 +02:00
Anders Schack-Mulligen
993506d781 Merge pull request #3820 from Marcono1234/patch-2 
Add missing java.nio.file.Files methods to FileReadWrite.qll
 2020-07-07 10:29:17 +02:00
Anders Schack-Mulligen
173e108606 Merge pull request #3907 from Marcono1234/patch-1 
Java: Clarify documentation for Location predicate results
 2020-07-07 07:58:39 +02:00
semmle-qlci
f2ce125e61 Merge pull request #3902 from Marcono1234/fix-outdated-query-links 
Approved by shati-patel
 2020-07-06 21:13:05 +01:00
Marcono1234
5649254dbd Fix broken link formatting in introduce-libraries-java.rst 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-07-06 20:35:11 +02:00
Ian Lynagh
0d9b18dbd7 C++: Accept test changes for is_constexpr 
Generated copy and move constructors may now be marked as constexpr.
 2020-07-06 19:24:39 +01:00
Marcono1234
0a9686709b Fix wrong method name 2020-07-06 18:52:07 +02:00
semmle-qlci
fe0c5a9ea6 Merge pull request #3892 from asger-semmle/js/redirect-starts-with-sanitizer 
Approved by esbena
 2020-07-06 17:04:30 +01:00
Anders Schack-Mulligen
f98460cfd0 Java: Use SpringHttpEntity class. 2020-07-06 16:54:20 +02:00