hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-16 20:46:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
86,161 Commits 1,714 Branches 162 Tags
codeql-cli/latest
Commit Graph

86161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Eisenberg
d2a91970f3 Update devcontainer memory settings 
CodeQL CLI needs a minimum of 2G of memory. By default, the memory used is slightly less than that, leading to poor performance.
 2020-09-02 12:04:34 -07:00
Max Schaefer
702192c316 JavaScript: Make implicit inits of module and exports source nodes. 
This is instead of making every access to those variables source nodes, and fixes a regression in `DeadStoreOfProperty`.
 2020-09-02 19:52:13 +01:00
Max Schaefer
9840a7ddfb JavaScript: Add utility predicate SSA::implicitInit. 2020-09-02 19:46:59 +01:00
Max Schaefer
d81d80430e JavaScript: Add a regression test for DeadStoreOfProperty. 2020-09-02 19:45:27 +01:00
Max Schaefer
df49818152 JavaScript: Address review comments. 2020-09-02 19:45:27 +01:00
Ian Lynagh
8c7431c4ae C++: Put {true,false}cond_base back as deprecated predicates for now 2020-09-02 19:10:36 +01:00
Ian Lynagh
c980ccf7c5 C++: Add an upgrade script 2020-09-02 19:05:05 +01:00
Ian Lynagh
8ce1edbed3 C++: Update stats now CFG tables have been removed 2020-09-02 19:05:05 +01:00
Tom Hvitved
26639a113e C#: Rename Layout.Condition to FilePattern and move to separate file 2020-09-02 19:41:22 +02:00
Max Schaefer
82d92dc726 JavaScript: Avoid bad join order. 
The optimiser decided that it would be a great idea to start the pipeline with `getReturn().getAUse().(DataFlow::InvokeNode)`. It's not.
 2020-09-02 17:42:33 +01:00
Max Schaefer
500f7bd8fa JavaScript: Reduce complexity of SystemCommandExecutors charpred. 2020-09-02 17:42:32 +01:00
Chris Smowton
b487799f69 Oauth2 state query: avoid duplicate paths by excluding variable references as sources 2020-09-02 17:40:53 +01:00
Max Schaefer
e3a9906071 JavaScript: Switch MissingRateLimiting.qll to API graphs. 
The added test shows how this helps us avoid false positives.
 2020-09-02 17:35:47 +01:00
Max Schaefer
e34a821cc6 JavaScript: Switch system-command executor modelling from source nodes to API graphs. 2020-09-02 17:35:47 +01:00
Max Schaefer
6d68036d85 JavaScript: Add test demonstrating more SQL flow. 2020-09-02 17:35:47 +01:00
Max Schaefer
68b3ccdc65 JavaScript: Switch SQL modelling from source nodes to API graphs. 2020-09-02 17:35:47 +01:00
Max Schaefer
f3e9104be4 JavaScript: Add implementation of API graphs. 2020-09-02 17:35:47 +01:00
Arthur Baars
babe69d6e9 Update unit tests 2020-09-02 17:59:56 +02:00
Mathias Vorreiter Pedersen
3cbc4cf0b9 C++: Add field to object taint tests 2020-09-02 17:32:46 +02:00
Rasmus Wriedt Larsen
bf34b07605 Python: Add a few taint tests for default sanitizer 
specifically the ones removes from dataflow tests in https://github.com/yoff/codeql/pull/1
 2020-09-02 16:56:05 +02:00
Taus
8e86d56bce Merge pull request #4189 from RasmusWL/python-experimental-file-structure 
Python: Move files in experimental dirs to be consistent
 2020-09-02 16:34:35 +02:00
Arthur Baars
90f013d74f Merge pull request #4176 from aibaars/missing-qhelp 
Add missing QHelp files
 2020-09-02 16:12:42 +02:00
Asger F
2c0e9f0c86 Merge pull request #4186 from github/rc/1.25 
Mergeback: 1.25 -> main
 2020-09-02 15:12:25 +01:00
Chris Smowton
6fea8abd82 Oauth2 state query: improve code style 
No behavioural changes intended.
 2020-09-02 15:06:23 +01:00
Mathias Vorreiter Pedersen
7f5f6b15f7 C++: Make FieldContent private again 2020-09-02 16:05:40 +02:00
Chris Smowton
2f175e365e Oauth2 state query: remove unnecessary isSource overload 2020-09-02 15:05:22 +01:00
Chris Smowton
8f99972833 OAuth2 CSRF query: improve documentation 2020-09-02 15:05:22 +01:00
Chris Smowton
0ba42f7f87 OAuth2 state query: set precision 2020-09-02 15:05:22 +01:00
Chris Smowton
406ea741f4 Improve comment style 2020-09-02 15:05:22 +01:00
Chris Smowton
faf43efb60 Promote OAuth2 constant-state query to mainline 2020-09-02 15:05:22 +01:00
Chris Smowton
0ee7bbbaa7 Extend oauth2 tests 2020-09-02 15:05:21 +01:00
Chris Smowton
f61c62d2d8 Generalise isReturnedWithError 
It now recognises any function returning an Error alongside other return values
 2020-09-02 15:05:21 +01:00
Chris Smowton
9e4ee0accf OAuth2 constant state query: trace local URLs across reference operations and Sprintf calls 2020-09-02 15:05:21 +01:00
Chris Smowton
050a823397 OAuth2 exclusion: hide cases that clearly target an out-of-band process or private HTTP server 2020-09-02 15:05:21 +01:00
Chris Smowton
bcb65157e6 Oauth2-state query: treat log calls the same as stdout printers 
These presumably get to the user somehow, and in conjunction with stdin use are enough to identify use of oauth at the terminal.
 2020-09-02 15:05:21 +01:00
Chris Smowton
3d877fc67d Oauth2 state: note bufio.NewScanner is also a sign of probable terminal-interactive use 2020-09-02 15:05:21 +01:00
Chris Smowton
6fee4f382f Constant-oauth2-state: exclude strings returned alongside an error value 
For example, getState() { ... return "", someError } is commonly seen in the wild.
 2020-09-02 15:05:21 +01:00
Rasmus Wriedt Larsen
4387d106aa Python: Fix formatting (last time, promise) 2020-09-02 15:36:50 +02:00
Rasmus Wriedt Larsen
8aab0c8be7 Python: Fix .qlref for experimental security tests 2020-09-02 15:35:50 +02:00
Max Schaefer
cd64ce7b1a JavaScript: Add utility predicate SSA::implicitInit. 2020-09-02 14:34:52 +01:00
CodeQL CI
c017308505 Merge pull request #4134 from erik-krogh/genCalls 
Approved by asgerf
 2020-09-02 14:23:39 +01:00
Alessio Della Libera
785f335ab8 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:22:33 +02:00
Alessio Della Libera
548cb65a64 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:22:23 +02:00
Alessio Della Libera
26046a4847 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:22:07 +02:00
Alessio Della Libera
6ad88bf93f Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:21:55 +02:00
Arthur Baars
3ed6465716 Address comments 2020-09-02 15:18:31 +02:00
Jonas Jensen
5760213490 Merge pull request #4190 from lcartey/cpp/range-analysis-extensible-assign-ops 
C++: Support `AssignOperation`s with `SimpleRangeAnalysisExpr`s
 2020-09-02 15:16:35 +02:00
Anders Schack-Mulligen
ed6c1798e2 Java: Fix reference to Unit. 2020-09-02 14:47:01 +02:00
Anders Schack-Mulligen
ca8fd6197a Merge pull request #4187 from RasmusWL/java-experimental-file-structure 
Java: Move files in experiemntal dirs to be consistent
 2020-09-02 14:41:26 +02:00
Chris Smowton
aac303c0a2 Merge pull request #287 from smowton/smowton/feature/restore-repo-after-build 
Restore repo layout post-autobuild
 2020-09-02 13:38:36 +01:00