hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-17 21:14:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,992 Commits 1,740 Branches 165 Tags
fbff44ea45ee2910cd7cc3637e8ecf0515bcbb8a
Commit Graph

14992 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
fbff44ea45 C++: Add reverse taint as well. 2020-08-27 10:09:51 +01:00
Geoffrey White
6ae96baaf6 C++: Model std::vector::data. 2020-08-27 10:08:58 +01:00
Geoffrey White
2235c19593 C++: Add test cases for 'assign' and extra cases for 'data'. 2020-08-27 10:08:42 +01:00
Taus
b1946c60dd Merge pull request #4127 from RasmusWL/python-tainttracking-fstring 
Python: Handle f-strings in (current) taint tracking
 2020-08-26 16:06:01 +02:00
Jonas Jensen
f60abd8cf9 Merge pull request #4125 from geoffw0/oparray2 
C++: Model operator[]
 2020-08-26 13:44:02 +02:00
Nick Rolfe
00316dca8b Merge pull request #4120 from github/igfoo/global_vars 
C++: Give fewer types to global variables
 2020-08-26 12:29:41 +01:00
Tamás Vajk
9ef827641f C#: Add .editorconfig file (#4129) 2020-08-26 12:41:00 +02:00
Geoffrey White
3f04530d84 C++: Autoformat. 2020-08-26 09:34:06 +01:00
Robert Marsh
28d3343e2b Merge pull request #4122 from jbj/constexpr-const-test 
C++: Demonstrate that constexpr implies const
 2020-08-25 19:36:13 -04:00
Geoffrey White
fdf45f02f1 C++: Autoformat. 2020-08-25 18:53:19 +01:00
Geoffrey White
c083c6235d C++: Explicitly model data flow in through reference return values. 2020-08-25 16:20:12 +01:00
Taus
000fa33d54 Merge pull request #4013 from yoff/SharedDataflow_SequenceFlow 
Python: Shared dataflow: Content flow
 2020-08-25 15:38:14 +02:00
CodeQL CI
92c97b1778 Merge pull request #4124 from RasmusWL/python-taint-tracking-string-methods 
Approved by yoff
 2020-08-25 14:14:47 +01:00
Geoffrey White
76a07f7292 C++: Use [, ...] syntax. 2020-08-25 12:30:06 +01:00
Geoffrey White
d31987d496 C++: Additional QLDoc. 2020-08-25 12:21:06 +01:00
Geoffrey White
23a792b8c6 C++: Add tests of nested vectors. 2020-08-25 12:13:32 +01:00
Rasmus Wriedt Larsen
2dbf83b579 Python: TaintTracking: Move tests of py3 string methods 2020-08-25 13:06:27 +02:00
Rasmus Wriedt Larsen
cf121cc4d0 Python: TaintTracking: stringMethods => stringManipualtion 2020-08-25 13:05:27 +02:00
Rasmus Wriedt Larsen
238e0845aa Python: Minor refactoring 2020-08-25 12:50:41 +02:00
Rasmus Wriedt Larsen
0439b83c60 Python: Taint when using unicode 2020-08-25 12:50:32 +02:00
Rasmus Wriedt Larsen
2a29e26687 Python: Fix grammar 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-08-25 12:41:53 +02:00
Tamás Vajk
74db25d80c C#: Enable nullability on Semmle.Extraction.CIL.Driver (#4114) 2020-08-25 11:44:08 +02:00
CodeQL CI
722b1a24f6 Merge pull request #4087 from erik-krogh/thisJsx 
Approved by asgerf
 2020-08-25 10:20:32 +01:00
CodeQL CI
844abc51e8 Merge pull request #4108 from erik-krogh/packType 
Approved by asgerf
 2020-08-25 10:17:28 +01:00
Rasmus Wriedt Larsen
483bd0e863 Python: Fix shared taint tracking tests 
Since there was a .ql file, qltest tried to run a test in
test/experimental/dataflow/taintracking/ which failed since there was no code.
 2020-08-25 11:15:11 +02:00
Tamás Vajk
dc62cd166c C#: Enable nullability checks in Semmle.Extraction.Tests (#4112) 2020-08-25 08:40:30 +02:00
Erik Krogh Kristensen
b0d4e79653 split out trap tests to avoid "package.json" naming conflict in trap test 2020-08-24 21:36:34 +02:00
Geoffrey White
adbfad21ef C++: Correct the localFlow test. 2020-08-24 18:05:30 +01:00
Geoffrey White
c0aaed2fac Merge branch 'main' into oparray2 2020-08-24 17:36:18 +01:00
Geoffrey White
ae807f7f33 C++: Autoformat. 2020-08-24 17:36:07 +01:00
Rasmus Wriedt Larsen
13148b42d3 Python: Handle taint of f-strings 2020-08-24 17:23:10 +02:00
Rasmus Wriedt Larsen
2f090df6d3 Python: Transform comments to QLDoc for security.strings.Basic 2020-08-24 17:20:04 +02:00
Rasmus Lerchedahl Petersen
2608509fa7 Merge branch 'main' of github.com:github/codeql into SharedDataflow_SequenceFlow 2020-08-24 17:16:33 +02:00
Rasmus Wriedt Larsen
be2acc00db Python: Add test for tainted f-string 2020-08-24 17:14:51 +02:00
CodeQL CI
e2c6a01c00 Merge pull request #4097 from erik-krogh/createRequire 
Approved by esbena
 2020-08-24 15:57:10 +01:00
Rasmus Wriedt Larsen
d96ef73033 Python: Handle taint for f-strings 
Which we seem to not handle in the current taint tracking :O

f-strings needs to be Python 3 only, so enabled that test setup. I really liked
the idea for having the version specific tests right next to the normal tests,
so you don't have to look in
test/experimental/3/dataflow/i/will/forget/to/look/here.
 2020-08-24 16:46:00 +02:00
Geoffrey White
1c38a4d5d6 Update cpp/ql/src/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-24 14:33:51 +01:00
Geoffrey White
d3c8ffb995 C++: Clean up, comment, and restrict the new flow to the post-update node of the returned reference. 2020-08-24 14:07:06 +01:00
Geoffrey White
f2caa8a2b0 C++: Reverse taint through function models returning a reference. 2020-08-24 14:05:04 +01:00
Geoffrey White
f25ef26c37 C++: Permit taint flow to the left side of an assignment. 2020-08-24 14:01:49 +01:00
Geoffrey White
1da78ada14 C++: Model 'operator[]' and 'at' for std::string, std::vector and other containers. 2020-08-24 13:58:43 +01:00
Rasmus Wriedt Larsen
cb4b4e91ab Python: Taint for string multiplication 2020-08-24 14:54:06 +02:00
Rasmus Wriedt Larsen
b688fe68d6 Python: Add options file to shared dataflow tests 
Since there isn't one in top-level of experimental, making a single import made
tests go really slow :|
 2020-08-24 14:54:05 +02:00
Rasmus Wriedt Larsen
5125c7a55c Python: Add taint tests for encode/decode functions 2020-08-24 14:54:04 +02:00
Geoffrey White
f6770c5b88 C++: Add tests for std::string 'operator[]' and 'at()'. 2020-08-24 13:49:39 +01:00
Rasmus Wriedt Larsen
31b398937a Python: Handle taint from bytes(obj) 2020-08-24 14:17:59 +02:00
Rasmus Wriedt Larsen
1e447c5ca2 Python: Handle taint for % formatting 2020-08-24 14:15:27 +02:00
Rasmus Wriedt Larsen
80745e8881 Python: Model string methods in shared taint tracking library 2020-08-24 13:58:42 +02:00
Rasmus Wriedt Larsen
a77f118b62 Python: Shared taint tracking: Handle string concat + subcript 2020-08-24 13:58:41 +02:00
Rasmus Wriedt Larsen
61f89ca3c3 Python: Add tests for shared taint tracking for strings 
I adopted the TestTaint testing setup that I made for the "old" taint tracking
tests. This time around we should figure out if we can use .qlref or similar so
it doesn't end up in multiple copies that are not kept up to date :|

The `repr` predicate could probably be placed somewhere better. For now I just
wanted something that could help me. I considered just expanding the `repr`
predicate in `ql/src/semmle/python/strings.qll`, but since it's currently used
by queries, I didn't want to do anything about it.

Anyway, the output it gives is much more useful than seeing this ;)

```
| test.py:20 | ok   | str_operations | test.py:20:9:20:10 | ts |
| test.py:21 | fail | str_operations | test.py:21:9:21:18 | BinaryExpr |
| test.py:22 | fail | str_operations | test.py:22:9:22:18 | BinaryExpr |
| test.py:23 | fail | str_operations | test.py:23:9:23:21 | Subscript |
| test.py:24 | fail | str_operations | test.py:24:9:24:13 | Subscript |
| test.py:25 | fail | str_operations | test.py:25:9:25:18 | Subscript |
| test.py:26 | fail | str_operations | test.py:26:9:26:13 | Subscript |
| test.py:27 | fail | str_operations | test.py:27:9:27:15 | str() |
| test.py:35 | fail | str_methods | test.py:35:9:35:23 | Attribute() |
| test.py:36 | fail | str_methods | test.py:36:9:36:21 | Attribute() |
| test.py:37 | fail | str_methods | test.py:37:9:37:22 | Attribute() |
| test.py:38 | fail | str_methods | test.py:38:9:38:23 | Attribute() |
| test.py:40 | fail | str_methods | test.py:40:9:40:19 | Attribute() |
| test.py:41 | fail | str_methods | test.py:41:9:41:23 | Attribute() |
| test.py:42 | fail | str_methods | test.py:42:9:42:36 | Attribute() |
| test.py:44 | fail | str_methods | test.py:44:9:44:25 | Attribute() |
| test.py:45 | fail | str_methods | test.py:45:9:45:45 | Attribute() |
| test.py:47 | fail | str_methods | test.py:47:9:47:21 | Attribute() |
| test.py:48 | fail | str_methods | test.py:48:9:48:19 | Attribute() |
| test.py:49 | fail | str_methods | test.py:49:9:49:18 | Attribute() |
| test.py:51 | fail | str_methods | test.py:51:9:51:32 | Attribute() |
| test.py:52 | fail | str_methods | test.py:52:9:52:34 | Attribute() |
| test.py:54 | fail | str_methods | test.py:54:9:54:21 | Attribute() |
| test.py:55 | fail | str_methods | test.py:55:9:55:19 | Attribute() |
| test.py:56 | fail | str_methods | test.py:56:9:56:18 | Attribute() |
| test.py:57 | fail | str_methods | test.py:57:9:57:21 | Attribute() |
| test.py:58 | fail | str_methods | test.py:58:9:58:18 | Attribute() |
| test.py:59 | fail | str_methods | test.py:59:9:59:18 | Attribute() |
| test.py:60 | fail | str_methods | test.py:60:9:60:21 | Attribute() |
| test.py:62 | fail | str_methods | test.py:62:9:62:26 | Attribute() |
| test.py:63 | fail | str_methods | test.py:63:9:63:42 | Attribute() |
| test.py:65 | fail | str_methods | test.py:65:9:65:26 | Attribute() |
| test.py:66 | fail | str_methods | test.py:66:9:66:42 | Attribute() |
| test.py:69 | fail | str_methods | test.py:69:9:69:25 | Attribute() |
| test.py:70 | fail | str_methods | test.py:70:9:70:26 | Attribute() |
| test.py:71 | fail | str_methods | test.py:71:9:71:22 | Attribute() |
| test.py:72 | fail | str_methods | test.py:72:9:72:21 | Attribute() |
| test.py:73 | fail | str_methods | test.py:73:9:73:23 | Attribute() |
| test.py:78 | ok   | str_methods | test.py:78:9:78:39 | Attribute() |
```
 2020-08-24 13:58:39 +02:00