hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-07 08:06:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
86,161 Commits 1,703 Branches 162 Tags
codeql-cli/latest
Commit Graph

86161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
509941649c remove redundant qldoc, and change parameter names to better reflect behavior 2020-03-09 17:20:12 +01:00
Erik Krogh Kristensen
a476fc5c3b revert Array.from change 2020-03-09 17:09:31 +01:00
Rasmus Wriedt Larsen
a38fd2d3d1 Python: Use unambiguous name getCallNode 2020-03-09 17:05:00 +01:00
Rasmus Wriedt Larsen
a9674ef6e8 Python: Resolve autoformat ugliness 2020-03-09 16:54:55 +01:00
Erik Krogh Kristensen
68ffd52d4c update expected output 2020-03-09 16:45:10 +01:00
Erik Krogh Kristensen
b4b05696e1 two bugfixes 2020-03-09 16:45:03 +01:00
semmle-qlci
155985c77d Merge pull request #3024 from max-schaefer/js/move-portals-to-experimental 
Approved by asgerf
 2020-03-09 15:39:36 +00:00
Rasmus Wriedt Larsen
31cfb1689c Python: Fix minor bug in modernisation-rewrite 
Obviously the result module shouldn't be a package 🤦 I was confusing
myself, since I wanted to say that `Module::named("Crypto.Cipher")` should be a package :D
 2020-03-09 15:49:08 +01:00
Mathias Vorreiter Pedersen
6dee7061a0 C++: Handle constant variable accesses in SimpleRangeAnalysis.qll 2020-03-09 15:44:32 +01:00
Rasmus Wriedt Larsen
0ce8e9180b Python: Remove code that adds taint to unrelated ControlFlowNode 
The problem with the deleted code is that it would add flow to what might be an
unrelated ControlFlowNode, which is illustrated in the query below (that gives
results on flask)

from ControlFlowNode arg, CallNode call, CallNode other_call
where
    call.getNode().getAKeyword().getValue() = arg.getNode() and
    not call.getAnArg() = arg and
    other_call.getAnArg() = arg and
    not other_call = call
select call, arg, other_call
 2020-03-09 15:27:31 +01:00
Rasmus Wriedt Larsen
cac5d00ca2 Python: Fix string taint tests 
The tests in ql/python/ql/test/library-tests/taint/strings/ shows that
ClassValue::str() is not good enough.
 2020-03-09 15:10:48 +01:00
Tom Hvitved
6a10516c1e Merge pull request #3021 from aschackmull/dataflow/partial-path-perf 
Java/C++/C#: Fix performance issue in partial paths exploration.
 2020-03-09 15:04:33 +01:00
Sauyon Lee
cdf3bc4fa0 Merge pull request #52 from max-schaefer/issue-48 
Improve taint-tracking through pointers and other fixes
 2020-03-09 06:36:43 -07:00
Max Schaefer
3c785ecaa7 JavaScript: Move flow summaries to experimental. 
Also update description and change note to call out their experimental character more clearly.
 2020-03-09 12:57:20 +00:00
Asger F
5a1bf94994 Merge pull request #2987 from asger-semmle/js/urls-not-sensitive-data 
JS: Declassify sensitive exprs with special characters
 2020-03-09 12:29:47 +00:00
Asger Feldthaus
6c1f98a5ae JS: Update vague variable name 2020-03-09 11:58:38 +00:00
Sauyon Lee
2428efcb6d Make @uintptrtype a @unsignedintegertype 2020-03-09 04:40:02 -07:00
Sauyon Lee
5b81775670 Fix constant values test data 2020-03-09 04:40:01 -07:00
Tom Hvitved
a2269158df C#: Ignore dotnet clean exit code in autobuilder 2020-03-09 12:00:28 +01:00
Calum Grant
250afda7da Merge pull request #2831 from hvitved/csharp/local-function-fresh-label 
C#: Generate fresh TRAP ID for local functions
 2020-03-09 10:46:45 +00:00
Anders Schack-Mulligen
a2bbacf58d Java/C++/C#: Fix performance issue in partial paths exploration. 2020-03-09 11:30:59 +01:00
Anders Schack-Mulligen
4298a3a931 Java: Add test. 2020-03-09 11:16:59 +01:00
Anders Schack-Mulligen
f491fcd5ae Java/C++/C#: Sync. 2020-03-09 11:05:13 +01:00
Anders Schack-Mulligen
7a74634cfd Java/C++/C#: Simplify. 2020-03-09 11:04:28 +01:00
Anders Schack-Mulligen
cf84a53573 Java/C++/C#: Fix bug in type pruning. 2020-03-09 11:04:24 +01:00
Max Schaefer
4dca00e99c Merge pull request #45 from sauyon/go-mod-libs 
Go.mod extraction libraries and tests
 2020-03-09 09:40:41 +00:00
Erik Krogh Kristensen
0f0187d585 move Array.from to ArrayCreationNode 2020-03-09 10:26:21 +01:00
Erik Krogh Kristensen
dc4e361d75 add data-flow steps for arrays 2020-03-09 09:53:08 +01:00
Erik Krogh Kristensen
8e3cf5c9c8 add test for data-flow on arrays 2020-03-09 09:25:17 +01:00
Erik Krogh Kristensen
14740d4ccc move existing array taint stracking into Arrays.qll 2020-03-09 09:20:45 +01:00
Asger Feldthaus
a9a9c14eea JS: Change note 2020-03-07 15:15:13 +00:00
Asger Feldthaus
a1d479e975 JS: Declassify sensitive exprs with special characters 2020-03-07 15:15:13 +00:00
Asger Feldthaus
759631ae56 JS: Raise default memory limit to 2.4G 2020-03-07 15:13:53 +00:00
Asger Feldthaus
c55dcf88d5 JS: Improve error reporting 2020-03-07 15:13:52 +00:00
Asger Feldthaus
549d4e9b57 JS: Do not restart in the middle of a message 2020-03-07 15:13:52 +00:00
Asger Feldthaus
e1657b237b JS: Extract compiler-restarting into a function 2020-03-07 15:13:52 +00:00
Asger Feldthaus
2ef21ea4b8 JS: Only evaluate relevant barrier guards 2020-03-07 15:13:20 +00:00
Asger Feldthaus
fd1a14d3bd JS: Add qldoc to a private predicate 2020-03-07 15:13:20 +00:00
Asger Feldthaus
eed4204e04 JS: Lift some internal members to private top-level 2020-03-07 15:13:20 +00:00
singleghost
77ec4c913f Add integer overflow detection support for codeql-go. 
I wrote a ql library which can perform range analysis on expression and
can detect whether an arithmetic operation may overflow. I wrote this library with reference to the `SimpleRangeAnalysis.qll` for C language. I hope this helps a little bit for those who want to detect integer overflow issues in code.
 2020-03-07 21:34:38 +08:00
Ted Reed
a425e5fb5c Reduce false positives with small heuristics 2020-03-06 23:12:16 -05:00
SpaceWhite
5e912cbf8e Move directory to experimental 2020-03-07 11:55:32 +09:00
SpaceWhite
8cdc2bb268 Merge branch 'master' into CWE-094 2020-03-07 11:54:31 +09:00
SpaceWhite
b7af1645aa Move directory to experimental 2020-03-07 11:49:33 +09:00
SpaceWhite
2ec107bc2d Merge branch 'master' into CWE-643 2020-03-07 11:47:53 +09:00
Rebecca Valentine
2f3967cf5e Python: Fixes erroneous modernization bug 2020-03-06 18:31:38 -08:00
Rebecca Valentine
3e36c672cf Python: Removes superfluous cast 2020-03-06 13:06:11 -08:00
Rebecca Valentine
7b49c8e6f8 Python: Fixes bug in modernization 2020-03-06 12:47:46 -08:00
Jonas Jensen
0cd3eb7b7e C++: Accept test changes 
Some IR inconsistencies are "fixed" because we no longer translate
constant initializers of static locals.
 2020-03-06 20:20:47 +01:00
Sauyon Lee
2d879458ba Merge pull request #49 from max-schaefer/more-function-outputs 
Make `FunctionOutput` more useful
 2020-03-06 09:41:40 -08:00