hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
606 Commits 1,684 Branches 159 Tags
fd2e618be28802de0e9795b41339ff9bed8a0fb0
Commit Graph

429 Commits

Author SHA1 Message Date
Max Schaefer
fd2e618be2 Data flow: No more summaries 
cf https://github.com/github/codeql/pull/3110
 2020-05-06 19:43:27 +01:00
Max Schaefer
968d4d9cdd Revert the join order fix from https://github.com/github/codeql/pull/2872. 
cf https://github.com/github/codeql/pull/3202
 2020-05-06 19:43:27 +01:00
Max Schaefer
f2b43f65f9 Data flow: Exclude param-param flow through identical params. 
cf https://github.com/Semmle/ql/pull/3060
 2020-05-06 19:43:27 +01:00
Max Schaefer
aabe2f2f82 Data flow: No magic in returnFlowCallableCand. 
cf https://github.com/Semmle/ql/pull/3142
 2020-05-06 19:43:27 +01:00
Max Schaefer
c9ba6dd672 Fix up hasLocationInfo predicate. 2020-05-06 19:43:27 +01:00
Max Schaefer
5cd9168e4d Data flow: Refactoring + performance improvements 
cf https://github.com/Semmle/ql/pull/2903
 2020-05-06 19:43:27 +01:00
Max Schaefer
96120e1e35 Update expected output. 2020-05-06 19:43:27 +01:00
Max Schaefer
8d10a8dd5b Fix bug in type pruning. 
cf https://github.com/Semmle/ql/pull/3020
 2020-05-06 19:43:27 +01:00
Max Schaefer
d008d2a6a8 Fix performance issue in partial paths exploration. 
cf https://github.com/Semmle/ql/pull/3021
 2020-05-06 19:43:27 +01:00
Max Schaefer
1d4a993d87 Merge pull request #132 from max-schaefer/extends-this-class 
Fix copy-pasted typo.
 2020-05-06 19:42:55 +01:00
Max Schaefer
d6a5a72c01 Fix copy-pasted typo. 2020-05-06 13:54:28 +01:00
Sauyon Lee
164149b29a Merge pull request #129 from max-schaefer/fix-argument-post-update-nodes 
Fix and improve taint-tracking through function arguments
 2020-05-06 02:57:01 -07:00
Max Schaefer
08f5451fce Address review comments. 2020-05-06 07:32:15 +01:00
Max Schaefer
9f59777cc9 Merge pull request #119 from jcreedcmu/jcreed/jump-to-def-ide 
Add queries for ide search.
 2020-05-05 15:10:58 +01:00
Jason Reed
5653889a39 Exclude IDE queries from query suites. 2020-05-05 09:22:44 -04:00
Max Schaefer
2fb3d39f61 Merge pull request #128 from sauyon/mux 
Add support for Mux library
 2020-05-05 13:57:37 +01:00
Max Schaefer
b177d58c88 Tweak test. 
The query under test isn't a `@problem` query, so we should refer to "alerts".
 2020-05-05 12:05:09 +01:00
Max Schaefer
60a6c96863 Simplify modeling of NewContent. 2020-05-05 12:05:09 +01:00
Max Schaefer
5a96b0e8ac Add two function models for handling MIME APIs. 2020-05-05 12:05:09 +01:00
Max Schaefer
be94f2b9e6 Improve and extend various standard-library function models. 2020-05-05 12:05:09 +01:00
Sauyon Lee
a841077cbe Add support for Mux library 2020-05-05 03:25:08 -07:00
Max Schaefer
54f10157b0 Update ql/src/semmle/go/frameworks/Email.qll 
Co-authored-by: Sauyon Lee <sauyon@github.com>
 2020-05-05 11:24:19 +01:00
Max Schaefer
e632c75de3 Add support for taint models involving "backwards" taint propagation from results to arguments. 2020-05-04 16:36:38 +01:00
Max Schaefer
5e8e51993e Simplify SmtpData. 2020-05-04 16:36:38 +01:00
Max Schaefer
5b0c48e332 Add taint models for fmt.Fprintf and io.WriteString. 2020-05-04 16:36:38 +01:00
Max Schaefer
d0e8d6efda Fix post-update nodes for function arguments. 2020-05-04 16:36:38 +01:00
Max Schaefer
04a19b7150 Clean up EmailInjection.qll and related libraries. 2020-05-04 09:13:23 +01:00
porcupineyhairs
657108d598 Add Email Content Injection Query (#108) 
This adds a query for Email content injection issues.
It models the Golang's net/smtp library as well as
the Sendgrid email library (581 stars).
 2020-05-04 07:54:30 +01:00
Sauyon Lee
cd1d699208 Improve BadRedirectCheck query 
We now look for a path from the variable being checked to a redirect.

Additionally, several sources of false positives have been eliminated, and a model of relevant parts of the Macaron framework has been added.
 2020-05-01 07:13:16 +01:00
Max Schaefer
dd4f1ca70b Merge pull request #125 from gagliardetto/exec-syscall 
Add syscall functions to SystemCommandExecutors
 2020-04-30 07:21:28 +01:00
Sauyon Lee
417102c120 Merge pull request #124 from github/rc/1.24 
Merge rc/1.24 into master
 2020-04-29 12:27:56 -07:00
Slavomir
a357121e89 Fix test by removing a unix-only func; add windows-only funcs 2020-04-29 19:17:24 +03:00
Slavomir
a93477c301 Add syscall functions to SystemCommandExecutors 2020-04-29 18:31:07 +03:00
Sauyon Lee
157139bb46 Add license files for dependencies 2020-04-29 04:04:38 -07:00
Max Schaefer
a1222344eb Add tests. 2020-04-29 07:55:24 +01:00
Max Schaefer
0546c527af Fix getExitNode for receiver outputs. 2020-04-28 21:41:29 +01:00
Jason Reed
6489538623 Add queries for ide search. 
This enables jump-to-definition and find-references in the VS Code
extension, for golang source archives.
 2020-04-28 12:00:24 -04:00
Max Schaefer
c15094ab9e Mark frontend errors as expected in ImposibleInterfaceNilCheck. 2020-04-17 09:51:06 +01:00
Max Schaefer
ef497afc20 Mark a frontend error in DeadStoreOfLocal tests as expected. 2020-04-17 09:51:06 +01:00
Max Schaefer
13762bd76c Mark frontend errors in Types/unknownFunction.go as expected. 2020-04-17 09:51:06 +01:00
Max Schaefer
c6a37fdf1d Add consistency query flagging unexpected frontend errors. 2020-04-17 09:51:06 +01:00
Max Schaefer
bf42271d14 Add convenience predicate to class Error. 2020-04-17 09:39:26 +01:00
Max Schaefer
05a6f21aea Merge pull request #104 from github/rc/1.24 
Merge rc/1.24 into master.
 2020-04-16 10:53:50 +01:00
Max Schaefer
245b99dd42 Fix misformatted header comment for DisabledCertificateCheck. 2020-04-16 08:43:33 +01:00
Marco Gario
14e4e2d40f Integeroverflow.qhelp: use paragraphs within sections 2020-04-15 12:15:25 +01:00
Sauyon Lee
882805207a Merge pull request #98 from max-schaefer/extract-frontend-errors 
Add support for extracting frontend errors
 2020-04-15 01:40:31 -07:00
Max Schaefer
8341ce0d46 Merge pull request #97 from max-schaefer/fix-frontend-errors 
Fix a few compiler errors in tests
 2020-04-14 17:17:03 +01:00
Max Schaefer
dd9738f9a6 Better fix for frontend errors in DeadStoreOfLocal tests. 2020-04-14 16:07:23 +01:00
Max Schaefer
013d88e511 Fix frontend errors in DisabledCertificateCheck tests. 2020-04-14 10:51:29 +01:00
Max Schaefer
cb2f15f770 Fix frontend errors in AllocationSizeOverflow test. 2020-04-14 10:51:29 +01:00