hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 04:01:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,689 Branches 160 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
a2dc505c26 Merge pull request #7317 from hvitved/ruby/param-node-refactor 
Ruby: Restructure `ParameterNode(Impl)`
 2021-12-07 16:29:49 +01:00
Tom Hvitved
5183290439 Merge pull request #7315 from hvitved/ruby/inline-flow-test 
Ruby: Add `InlineFlowTest.qll`
 2021-12-07 16:29:34 +01:00
Henry Mercer
322e39446d JS: Autoformat 2021-12-07 14:17:11 +00:00
Henry Mercer
016727d6b6 JS: Fix occasional duplicate body tokens 
0e31439 introduces some occasional duplicate tokens due to duplicate AST
node attributes. The long-term fix is to update `CodeToFeatures.qll`,
but for the short-term, we update the concatenation to concatenate
unique (location, token) pairs.
 2021-12-07 14:16:48 +00:00
Philip Ginsbach
b2c1b55c0c rephrase extensions as aliases 2021-12-07 13:09:25 +00:00
Tom Hvitved
b17a93eaad Merge pull request #7316 from hvitved/ruby/is-private-join 
Ruby: Tweak `Method::isPrivate` join-orders
 2021-12-07 13:58:19 +01:00
Sauyon Lee
873f496038 Use basicLocalFlowStep instead of .getASuccessor 
This prevents non-monotonic recursion through summary post-update nodes
 2021-12-07 07:39:28 -05:00
Sauyon Lee
afe7edc093 Fix test output 
Includes a bunch of new edges, but no new results
 2021-12-07 07:39:28 -05:00
Sauyon Lee
0572c4785c Model net http sources as csv 2021-12-07 07:39:27 -05:00
Sauyon Lee
bebdb0ba53 Add RangeIndexNode 2021-12-07 07:39:27 -05:00
Sauyon Lee
3750af41d3 Add standard container steps 2021-12-07 07:39:27 -05:00
Sauyon Lee
8c4a1d2559 Consider CSV remote sources as untrusted flow sources 2021-12-07 07:39:26 -05:00
Sauyon Lee
d62f417130 Remove uses of getEnclosingCallable 2021-12-07 07:39:26 -05:00
Sauyon Lee
30ab22f5a6 Fix compilation errors with new DataFlowCallable 2021-12-07 07:39:26 -05:00
Chris Smowton
b10d5cf0b0 Broaden ReturnNode to include return nodes of summaries 2021-12-07 07:39:25 -05:00
Chris Smowton
94d9d08489 Fix DataFlow::Node::getEnclosingCallable 2021-12-07 07:39:25 -05:00
Sauyon Lee
c8a2a6356a Add summary parameter nodes 2021-12-07 07:39:25 -05:00
Sauyon Lee
4af4a11729 Make getACallee return DataFlowCallable 2021-12-07 07:39:24 -05:00
Sauyon Lee
8cba368ef5 Model archive/tar.FileInfoHeader in CSV 2021-12-07 07:39:24 -05:00
Sauyon Lee
86d3410041 Add asFunctionNode to new dataflowcallable 2021-12-07 07:39:23 -05:00
Sauyon Lee
d9383d9412 Don't use internal predicates in revel 2021-12-07 07:39:23 -05:00
Sauyon Lee
73684f483c Allow for Return[i] specifications 2021-12-07 07:39:22 -05:00
Sauyon Lee
aa747ea5ff Fix validation regexes for go 2021-12-07 07:39:22 -05:00
Sauyon Lee
0151cd4f2e Document SourceOrSinkElement 2021-12-07 07:39:22 -05:00
Sauyon Lee
0b50b7b2b1 Make DataFlowCallable either a Function or a FuncLit 2021-12-07 07:39:21 -05:00
Sauyon Lee
3ac2a50497 Update test output 2021-12-07 07:39:21 -05:00
Owen Mansel-Chan
763861bef9 Keep call to defaultTaintSanitizerGuard 2021-12-07 07:39:21 -05:00
Sauyon Lee
e41d609921 Use newtype for SourceOrSinkElement 2021-12-07 07:39:20 -05:00
Sauyon Lee
9bfe1c94b3 autoformat 2021-12-07 07:39:20 -05:00
Sauyon Lee
16371ac488 Add support for summary elements 2021-12-07 07:39:19 -05:00
Sauyon Lee
96c58b58dd Add EmptyInterfaceType 2021-12-07 07:39:19 -05:00
Sauyon Lee
26d00f1d5b Move basicLocalFlowsStep to DataFlowPrivate 2021-12-07 07:39:19 -05:00
Sauyon Lee
3098a4ef16 Qualify uses and add imports in DataFlowNodes 2021-12-07 07:39:18 -05:00
Sauyon Lee
93f2569f1d Refactor data-flow nodes 2021-12-07 07:39:18 -05:00
Sauyon Lee
9ceda08d13 Sync dataflow libraries 2021-12-07 07:39:12 -05:00
Tom Hvitved
4d797d6b3d Merge pull request #7324 from github/hmac/empty-else-cfg 
Ruby: Include empty StmtSequences in CFG
 2021-12-07 13:19:15 +01:00
Philip Ginsbach
da43984ba4 fix dependency cycle by removing superfluous classes 2021-12-07 11:59:04 +00:00
Geoffrey White
b82425a35c C++: Add various new test cases. 2021-12-07 11:58:56 +00:00
Geoffrey White
2d4a2e0d44 C++: Test spacing. 2021-12-07 11:58:06 +00:00
Rasmus Wriedt Larsen
ee23799a59 Merge pull request #7319 from RasmusWL/js-cwe-328 
JS: Tag queries with CWE-328
 2021-12-07 11:40:33 +01:00
Anders Schack-Mulligen
6c739b67fa Merge pull request #7318 from RasmusWL/java-cwe-328 
Java: Tag queries with CWE-328
 2021-12-07 11:39:48 +01:00
Asger Feldthaus
23480b2d8f JS: Remove stray TODO 2021-12-07 10:49:14 +01:00
Asger F
614c80706f Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-07 10:48:44 +01:00
Asger Feldthaus
5559681916 JS: Change note 2021-12-07 10:46:18 +01:00
Asger Feldthaus
635ac0a209 JS: Fix perf issue in data flow step generation 2021-12-07 10:46:18 +01:00
Asger Feldthaus
da8e67b7ee JS: Use routing trees to detect deeply tainted req.body 2021-12-07 10:46:18 +01:00
Asger Feldthaus
7492293c5b JS: Add test with route handler indirection 2021-12-07 10:46:18 +01:00
Asger Feldthaus
3cbe94ac0a JS: Add consistency checks to TemplateObjectInjection test 2021-12-07 10:46:18 +01:00
Asger Feldthaus
64db70f3ac JS: Add explicit body-parsers to TemplateObjectInjection test 2021-12-07 10:46:18 +01:00
Asger Feldthaus
8af430d40f JS: Shift line numbers in TemplateObjectInjection test 2021-12-07 10:46:17 +01:00