hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 09:11:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
16a5ccddea Java: Simplify model generator query using flow state. 2022-02-28 16:48:23 +01:00
Rasmus Wriedt Larsen
8afd560c64 Python: ORM: Handle load of PolymorphicModels 2022-02-28 16:38:41 +01:00
Rasmus Wriedt Larsen
48fba87273 Python: ORM: add flow to base-class 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
6b9dd49499 Python: ORM: Model polymorphic.models.PolymorphicModel as Django ORM class 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
e1191cf63c Python: ORM: Add tests for inheritance 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
092cfceb18 Python: Add dataflow consistency checks to ORM tests 
Luckily they passed :phew:
 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
d7ff00e615 Python: Add change-note 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
ed36ff1570 Python: ORM: Handle <Model>.objects.[<QuerySet>].update() 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
fea46b642d Python: ORM: Handle <Model>.objects.create and friends 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
9b458b54aa Python: ORM: Add flow to collection/dict queries 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
9cff4cbd1c Python: ORM: Add a few more tests 
There were a few methods I had overlooked
 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
ae057c74cc Python: ORM: Store step for constructor 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
f8a51bb994 Python: ORM: Add data-flow steps for Django ORM 
Added dummy-whitespace to `orm_security_tests.py` so it would be
possible to see what the reflected XSS results are in the diff
 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
ef39968a56 Python: ORM: Add data-flow plumbing for ORM modeling 
The idea is that we will do `save ==> synthetic`
and `synthetic ==> load`, so we don't need to do CP between save/load.

This setup with synthetic node in the middle, also allows for a limited
amount of the field-flow we can do with real flow-summary support.
 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
d3f07cdc10 Python: ORM: Add qltests 
Which shows that there is no flow yet, which is not really a surprise :D
 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
c78fed6594 Python: ORM: Add raw python test files 
no ql test files yet though, will come in next commit.
 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
f89fb50eb5 Python: ORM: Add boilerplate django project 
By doing

```
django-admin startproject testproj
django-admin startapp testapp
```
 2022-02-28 16:38:40 +01:00
yoff
d953382df9 Merge pull request #7807 from RasmusWL/dataflow-improvements 
Python: Dataflow improvements
 2022-02-28 16:24:00 +01:00
Jeroen Ketema
497991b6b1 C++: Improve change note 2022-02-28 16:08:23 +01:00
Erik Krogh Kristensen
5130929358 remove comment suggesting that the receiver is parameter -1 2022-02-28 15:25:34 +01:00
Erik Krogh Kristensen
843ed8fca5 rename pw to aw 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-02-28 15:25:25 +01:00
Tom Hvitved
5cba505514 Merge pull request #8284 from hvitved/csharp/move-csharp9-standalone-tests 
C#: Move C# 9 standalone tests
 2022-02-28 15:15:47 +01:00
Tamas Vajk
efb876192f Add change note 2022-02-28 14:58:59 +01:00
Tamas Vajk
4748d2c6e2 C# Exclude dynamic casts from useless casts check 2022-02-28 14:58:59 +01:00
Ian Lynagh
1e62b485a5 Merge pull request #8241 from igfoo/igfoo/stats4 
Java: Update stats and make some performance tweaks
 2022-02-28 12:58:06 +00:00
Tom Hvitved
4ecd843c05 C#: Move C# 9 standalone tests 2022-02-28 13:43:20 +01:00
haby0
be40b54b9f add test 2022-02-28 20:34:58 +08:00
Geoffrey White
2b0d473072 C++: Remove this query from exclude-slow-queries.yml. 2022-02-28 12:18:11 +00:00
Rasmus Wriedt Larsen
0e0f159891 Python: Use Python 3 for investigation tests 
Apparently there are minor differences with `test-6-max-import-depth-2`
where under Python 2 `isfile_no_problem.py` still works as before
 2022-02-28 11:33:31 +01:00
Rasmus Wriedt Larsen
01d426dc58 Python: Replace rest of from testlib import * 
I think we should write our tests in a way that puts points-to in the
best condition to resolve calls. Although this specific change did not
change much, it should help set us up for success in the future 👍
 2022-02-28 10:58:44 +01:00
Rasmus Wriedt Larsen
ead0b658d2 Python: Fix fieldflow tests by increasing max-import-depth 2022-02-28 10:58:44 +01:00
Rasmus Wriedt Larsen
a0d1cea490 Python: Add investigation of field-flow problem 
TL;DR; we used a too low value for `--max-import-depth` :(
 2022-02-28 10:58:44 +01:00
haby0
b23e28a1e6 add Server-side Request Forgery sinks 2022-02-28 15:24:02 +08:00
Alex Ford
6ddacce27a Ruby: Add OrmWriteAccess concept changenote 2022-02-28 01:18:39 +00:00
Alex Ford
63ef9a75c9 Ruby: model OrmWriteAccesses for ActiveRecord 2022-02-28 01:18:39 +00:00
Alex Ford
b1fd321b65 Ruby: update Rails framework test output for existing tests 2022-02-28 01:13:26 +00:00
Alex Ford
283a48c76d Ruby: tests for OrmWriteAccess 2022-02-28 01:12:49 +00:00
Alex Ford
8c6c680a28 Ruby: Add OrmWriteAccess concept 2022-02-28 01:11:40 +00:00
Jeroen Ketema
e40c51cc83 C++: Add documentation for TranslatedStructuredBindingVariableAccess 2022-02-27 21:13:48 +01:00
Jeroen Ketema
0a4d8132e6 C++: Consistently use getUnspecifiedType in structured binding IR translation 2022-02-27 21:13:48 +01:00
Jeroen Ketema
4ffbc2d148 C++: Ensure we use lvalue reference types for structured bindings 
This also adds a test for rvalue reference uses in the tuple
structured binding case.
 2022-02-27 21:13:48 +01:00
Jeroen Ketema
074577b539 C++: Refactor IR structured binding tuple test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
edaabf8fdf C++: Add structured bindings IR change note 2022-02-27 21:13:48 +01:00
Jeroen Ketema
6515e77c0e C++: Generate additional loads for non-reference structured bindings 2022-02-27 21:13:48 +01:00
Jeroen Ketema
eebfbc12a0 C++: Add structured bindings struct as data member test case 2022-02-27 21:13:48 +01:00
Jeroen Ketema
5814349fd8 C++: Give names in structured binding declarations correct IR types 2022-02-27 21:13:48 +01:00
Jeroen Ketema
73f0366dc6 C++: Add typedef'ed reference structured binding test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
91659af4d4 C++: Add array data member structured binding test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
ec05942693 C++: Use unnamed_local_variable in array structured binding test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
437a85dec7 C++: Add pointer related structured binding tests 2022-02-27 21:13:48 +01:00