hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-22 18:03:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jorgectf
0fc044dfd5 Checkout Stdlib.qll 2021-05-07 23:03:23 +02:00
jorgectf
e7bdc73420 Update .expected 2021-05-07 23:00:21 +02:00
jorgectf
65c6f1976a Rename mongoengine-flask-db-document-subclass 2021-05-07 23:00:08 +02:00
Dave Bartolomeo
773e5f2e2e Merge remote-tracking branch 'upstream/main' into side-effects 2021-05-07 16:50:48 -04:00
Dave Bartolomeo
187e136ecc C++: Generate IR side effects for smart pointer indirections 
When inserting side effect instructions for argument indirections, we now insert side effects for smart pointers as we would for raw pointers. The address operand of the side effect instruction is  the smart pointer object, which is a bit odd. However, I'd like to think through the design of a more principled solution before doing additional work.

A few new tests are added to the existing IR tests. In addition, the IR tests now `#include` some of the shared STL headers. I've disabled IR dumps for functions from those headers, since they only get in the way of the test cases we intended.
 2021-05-07 16:50:03 -04:00
Dave Bartolomeo
f0a994a570 C++: Fix pointer flow modeling for smart pointer setters 2021-05-07 16:33:15 -04:00
jorgectf
2ad72ad693 Add LDAP framework entry in Frameworks.qll 2021-05-07 22:16:12 +02:00
jorgectf
6159fbea2b Update functions naming 2021-05-07 22:15:51 +02:00
jorgectf
34b8af30ac Move structure to LDAP.qll 2021-05-07 22:09:57 +02:00
Dave Bartolomeo
653ef9d257 C++: Improve consistency failure message for multiple MemoryLocations on a memory access. 2021-05-07 16:04:01 -04:00
Dave Bartolomeo
54b9f2175d C++: Allow annotating IR dumps with Alias Analysis info 
This commit adds a `PrintAliasAnalysis.qll` module, which can be imported alongside `PrintIR.qll` to annotate those dumps with alias analysis results.
 2021-05-07 16:03:11 -04:00
Jorge
c2b96b3a5e Add documentation to main classes' functions. 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-05-07 21:51:10 +02:00
thank_you
aa24c689bc Add back accidentally deleted StdLib.qll file 2021-05-07 15:17:01 -04:00
thank_you
83f0870231 Update file path of module 2021-05-07 15:13:56 -04:00
thank_you
9a44020af3 Rename StdLib.qll file to NoSQL.qll file 
It makes more sense to have this file represent just the NoSQL module
 2021-05-07 15:13:30 -04:00
thank_you
8f8eff231a Fix comment description of predicate 2021-05-07 15:08:48 -04:00
Jorge
ae806cd445 Merge branch 'github:main' into jorgectf/python/ldapimproperauth 2021-05-07 20:46:09 +02:00
thank_you
7693d696cc Add additional query tests 
To ensure that this query works against numerous usages of libraries such as PyMongo, Flask PyMongo, Mongoengine, and Flask Mongoengine, I've added a variety of query tests to test against. These tests deal with scenarious such as:

- Subscript expressions
- Mongoengine instances and Document subclasses
- Mongoengine connection usage
- And more...
 2021-05-07 14:36:02 -04:00
thank_you
1d36aa6649 Add additional querying for mongoengine Document subclassing 
After further research, it was discovered that Flask-Mongoengine has multiple ways of allowing a developer to call the Document class. One way is by directly importing the Document class from the module. Another approach is to get the Document class via a mongoengine instance.

The update to this query checks for cases where the developer gets the Document class via the MongoEngine instance.

Other misc changes include setting the various predicates to private.
 2021-05-07 14:30:50 -04:00
Alex Ford
269ae8331b record 'unknown table type' extraction errors 2021-05-07 17:56:50 +01:00
Geoffrey White
65ac5b862d Merge pull request #5847 from MathiasVP/improve-wrong-in-detecting-and-handling-memory-allocation-errors 
Improve wrong in detecting and handling memory allocation errors
 2021-05-07 17:39:04 +01:00
Nick Rolfe
94ceb3f237 Remove unused class 2021-05-07 17:20:51 +01:00
Nick Rolfe
9def7c2dfe Make CFG for TEnsure post-order 2021-05-07 17:15:10 +01:00
Nick Rolfe
7f6805c82f Make CFG for TDo post-order 2021-05-07 17:00:30 +01:00
Mathias Vorreiter Pedersen
2241d7b359 Merge pull request #5616 from geoffw0/unsigneddiff2 
C++: Improve cpp/unsigned-difference-expression-compared-zero
 2021-05-07 17:58:53 +02:00
Nick Rolfe
46c9f858c4 Make CFG for TElse post-order 2021-05-07 16:47:19 +01:00
Geoffrey White
75edcf0b4f Merge branch 'main' into unsigneddiff2 2021-05-07 16:35:16 +01:00
Geoffrey White
69468514f0 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:42 +01:00
Geoffrey White
91be483c57 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:36 +01:00
Geoffrey White
fc96c1c400 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:23 +01:00
Geoffrey White
5db6abe2f4 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:22:48 +01:00
Geoffrey White
894f5d523c Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:19:48 +01:00
Nick Rolfe
2569bf257f Make CFG for TThen post-order 2021-05-07 15:40:50 +01:00
Tony Torralba
6884edf52a Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-05-07 16:31:55 +02:00
Tony Torralba
1f1a1bdb41 Remove unnecessary CWE reference 2021-05-07 16:29:00 +02:00
luchua-bc
fc7d340a89 Query to detect hard-coded Azure credentials 2021-05-07 13:16:41 +00:00
Felicity Chapman
10e76ff28f Merge pull request #5831 from github/3893-code-scanning 
Update CodeQL CLI article to use different query suite example
 2021-05-07 12:37:47 +01:00
Tony Torralba
dcee1daa31 Mark spurious test results 2021-05-07 13:17:04 +02:00
Tony Torralba
e6b7da1926 Add import for Android sinks in ExternalFlow 2021-05-07 12:41:39 +02:00
Tony Torralba
e78e5b9ee4 Merge branch 'main' into promote-jexl-injection 2021-05-07 12:36:49 +02:00
Mathias Vorreiter Pedersen
fc7d9c2c09 C++: Fix missing result by properly specifying that the function with unknown code actually didn't throw an exception. 2021-05-07 12:34:38 +02:00
Tony Torralba
b37b15cea4 Re-structure imports, add some new comments to tests 2021-05-07 12:33:51 +02:00
Mathias Vorreiter Pedersen
90e8368258 C++: Properly handle conversions in convertedExprMayThrow. This recursive implementation idea is stolen from convertedExprMightOverflow in SimpleRangeAnalysis. 2021-05-07 12:31:43 +02:00
Tony Torralba
e2e65aca3c Add new sink for Android XSS 2021-05-07 12:25:19 +02:00
Mathias Vorreiter Pedersen
7adb7b67f2 C++: Add false positive testcase involving conversions. 2021-05-07 12:19:19 +02:00
Anders Schack-Mulligen
8783746516 Merge pull request #5774 from atorralba/promote-xpath-injection 
Java: Promote XPath Injection query from experimental
 2021-05-07 12:04:49 +02:00
Mathias Vorreiter Pedersen
88e6cbaacd C++: Include Assignments in exprMayThrow and accept test changes. 2021-05-07 11:49:25 +02:00
Mathias Vorreiter Pedersen
80d41d9fe5 C++: Add false positive testcase involving assignments. 2021-05-07 11:48:09 +02:00
Tom Hvitved
ca89560849 C#: Remove unnecessary ! 2021-05-07 11:42:53 +02:00
Mathias Vorreiter Pedersen
08fa611700 C++: Avoid calling SwitchCase.getAStmt for performance reasons. This turns out to not be needed as the statements inside the switch case will get picked up by the BlockStmt.getAStmt case already. 2021-05-07 11:18:50 +02:00