hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 05:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
69,927 Commits 1,740 Branches 165 Tags
fb9732a33fe91d8d5782909568b62a2add83d414
Commit Graph

69927 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
fb9732a33f JS: Add another test and TODO about an issue with constant array indices 2024-09-06 08:43:11 +02:00
Asger F
1da68aac73 JS: Benign test output change 
This happened as a result of the bugfix in the previous commit
 2024-09-06 08:43:10 +02:00
Asger F
a9a8351cce JS: Fix one case of missing handling of unknown array index 2024-09-06 08:43:09 +02:00
Asger F
379c7ef20a JS: Add test to show lack of unknown array element being propagated 2024-09-06 08:43:08 +02:00
Asger F
92bb4b3da8 JS: Address some comments from hvitved 2024-09-05 11:32:07 +02:00
Asger F
4568967a76 JS: Do not use legacy taint steps in TaintedUrlSuffix 
Tainted URL suffix steps are added as configuration-specific additional
steps, which means implicit reads may occur before any of these steps.

These steps accidentally included the legacy taint steps which include
a step from 'arguments' to all positional parameters. Combined with the
implicit read, arguments could escape their array index and flow to
any parameter while in the tainted-url flow state.
 2024-08-29 13:48:30 +02:00
Asger F
65a36b0b3b JS: Add regression test for argument position confusion 2024-08-29 13:42:28 +02:00
Asger F
f65879eef1 JS: Update a test that no longer fails 2024-08-27 11:35:37 +02:00
Asger F
cb5dbb919d JS: Update test to reflect implicit read flow has been fixed 
Shows the effect of https://github.com/github/codeql/pull/17262
 2024-08-27 11:35:36 +02:00
Asger F
a2d53c261b JS: Update test output and add related TODO in model of 'async' 2024-08-27 11:35:35 +02:00
Asger F
837a8be1b8 JS: Update test output and add related TODO in 'markdown-table' model 2024-08-27 11:35:34 +02:00
Asger F
2e2181be2c JS: Update test output that only affects nodes/edges/subpaths 2024-08-27 11:35:33 +02:00
Asger F
3e196f83f1 JS: Update Promises/flow2 test 2024-08-27 11:35:32 +02:00
Asger F
aa8bd332bf JS: Add a few more tests 2024-08-27 11:35:31 +02:00
Asger F
371f7ef551 JS: Add implicit taint read of array elements 2024-08-27 11:35:31 +02:00
Asger F
df42e7c527 JS: Add test showing lack of implicit reads for ArrayElement 2024-08-27 11:35:30 +02:00
Asger F
4e7bd9ddd8 JS: Update Arrays test now that array elements do not taint the whole array 2024-08-27 11:35:29 +02:00
Asger F
4389b5c999 JS: Fix issue for .apply() calls 2024-08-27 11:35:28 +02:00
Asger F
34e6864fa3 JS: Note issue with .apply() calls 2024-08-27 11:35:27 +02:00
Asger F
ac1dd1850e JS: Remove taint step from array element to whole array 2024-08-27 11:35:26 +02:00
Asger F
5084d0260f Update tests.expected 
The 'arguments' node is only materialised for functions that use 'arguments
 2024-08-27 11:35:25 +02:00
Asger F
895cb872ad JS: Add taint into dynamic argument array 2024-08-27 11:35:24 +02:00
Asger F
079a622cf9 JS: Add tests showing missing taint flow 
When the spread argument itself is tained and not
inside any content, the read steps currently fail
to propagate the data.
 2024-08-27 11:35:23 +02:00
Asger F
6a083136d7 JS: Hide some nodes 2024-08-27 11:35:22 +02:00
Asger F
acdc896c04 JS: Support for dynamic args to flow summaries 2024-08-27 11:35:21 +02:00
Asger F
53a2a66dd0 Add new nodes to early stage 2024-08-27 11:35:20 +02:00
Asger F
5c7e623c47 JS: Add some tests for missing handling of dynamic args in flow summaries 2024-08-27 11:35:19 +02:00
Asger F
c04f0beb8a Update DataFlowConsistency.expected 2024-08-27 11:35:18 +02:00
Asger F
60c3d077b2 Update DataFlowImplConsistency.qll 2024-08-27 11:35:17 +02:00
Asger F
bbb1c8c374 Remove old arguments-array position 2024-08-27 11:35:16 +02:00
Asger F
ed33a6e91b JS: Add explicit model of .join() 2024-08-27 11:35:15 +02:00
Asger F
fa7ad03068 JS: Add store/load steps for the new argument arrays 2024-08-27 11:35:15 +02:00
Asger F
623dbda77d Do not pass regular positional args into the rest parameter 2024-08-27 11:35:14 +02:00
Asger F
a72f79576a JS: Add corresponding argument positions 2024-08-27 11:35:13 +02:00
Asger F
6c7d745a2b JS: Add nodes for static/dynamic argument/parameter arrays 2024-08-27 11:35:12 +02:00
Asger F
5d77c336fc Test case for spread and rest args/params 2024-08-27 11:35:11 +02:00
Asger F
4cdaccd22e JS: Add InlineFlowTest 2024-08-27 11:35:10 +02:00
Asger F
4b8ae2a4f3 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-26 12:43:16 +02:00
Asger F
4e3440aad0 Merge pull request #17275 from asgerf/cpp/taint-test-case-false-negative 
C++: Reveal false negative in test case
 2024-08-26 12:36:03 +02:00
Asger F
16c2cf24b3 C++: use inline annotation for missing flow 2024-08-26 11:53:31 +02:00
Asger F
592e2eafb6 Merge pull request #17262 from asgerf/shared/implicit-read 
Shared: restrict flow after using implicit read
 2024-08-26 11:48:50 +02:00
Paolo Tranquilli
c4c8c9ddc1 Merge pull request #17291 from github/criemen/ripunzip 
Make ripunzip installer accessible from outside this repo.
 2024-08-23 20:14:44 +02:00
Cornelius Riemenschneider
3ac8108c4a Address review. 2024-08-23 17:26:05 +02:00
Tamás Vajk
d710c1e89d Merge pull request #17287 from tamasvajk/message-count-telemetry 
C#: Add aggregated compiler and extractor message counts to extractio…
 2024-08-23 14:41:27 +02:00
Cornelius Riemenschneider
d84e745ce9 Make ripunzip installer accessible from outside this repo. 
* The relative path to misc doesn't work when running from another repo
* The buildifier dependency is not available from other repos,
  therefore we can't pull in //misc/bazel without further refactoring.

Therefore, inline the runfiles snippet here.
 2024-08-23 14:24:51 +02:00
Asger F
8df7fbf6d6 Swift: update test output 
The 'first' field is seen as a TaintInheritingContent, which means any read step for 'first' becomes a taint step too.
This type of taint step does not permit an implicit read before it, because it wasn't contributed by a configuration.
So there is no way for the taint to get out of the collection content before the taint step through '.first'.
The test previously passed because an implicit read at once of the earlier sinks could follow use-use flow down to the receiver of .first,
allowing it to escape the collection content.
 2024-08-23 11:30:50 +02:00
Asger F
d27b28d371 C++: update test output 
This reveals that some tests were passing for the wrong reasons.
See https://github.com/github/codeql/pull/17275
 2024-08-23 11:29:24 +02:00
Asger F
9703f67794 Test output updates that only affect nodes/edges 2024-08-23 11:03:26 +02:00
Asger F
6bc8407bd6 Java: Update test output 2024-08-23 11:02:29 +02:00
Asger F
c3b36325b2 Shared: prevent use-use flow through implicit reads (part 1) 2024-08-23 11:02:28 +02:00