hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 22:03:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,699 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
d93d3c8699 C++: Use the getSourceType predicate on RemoteFlowSources for better alert messages. 2020-11-17 16:23:27 +01:00
Mathias Vorreiter Pedersen
d1272d3a79 C++: Use strictcount instead of count. 2020-11-17 16:23:27 +01:00
Mathias Vorreiter Pedersen
4cb25d8e18 C++: Add isParameterDerefOrQualifierObject helper predicate to FunctionInput and FunctionOutput. 2020-11-17 16:23:27 +01:00
Mathias Vorreiter Pedersen
dea16d4d62 QLDoc/C++: Rename {IR}ExternalAPIsUsedWithUntrustedData to {IR}CountUntrustedDataToExternalAPI 2020-11-17 16:23:13 +01:00
Mathias Vorreiter Pedersen
eabc69b98e C++: Autoformat 2020-11-17 16:09:25 +01:00
Matthew Gretton-Dann
62767e7e0d Update expected results for `constinit' support 2020-11-17 14:01:00 +00:00
Anders Schack-Mulligen
f74fc0ff26 Dataflow: Fix bad join-orders. 2020-11-17 14:28:25 +01:00
Mathias Vorreiter Pedersen
5d2b85fcf5 Update cpp/ql/src/semmle/code/cpp/models/implementations/Getenv.qll 
Co-authored-by: hubwriter <hubwriter@github.com>
 2020-11-17 13:02:28 +01:00
Tom Hvitved
7f0ad2d232 Merge pull request #4646 from hvitved/csharp/cfg/post-order-exprs 
C#: Represent all expressions in post-order in the CFG
 2020-11-17 13:01:35 +01:00
Mathias Vorreiter Pedersen
c37093f4bc C++: Add copies of qhelp files for IR. 2020-11-17 12:28:31 +01:00
Mathias Vorreiter Pedersen
3b8580efaf C++: Add qhelp and example files (modeled after the Java examples). 2020-11-17 12:27:53 +01:00
Mathias Vorreiter Pedersen
c3c29b8dd0 C++: Add qldoc to new library files. 2020-11-17 12:27:53 +01:00
Mathias Vorreiter Pedersen
5c9b8f1cff C++: Update sync-identical-files. 2020-11-17 12:27:53 +01:00
Mathias Vorreiter Pedersen
5ad18eb748 C++: Add ExternalAPI query files (for AST and IR). 2020-11-17 12:27:40 +01:00
Nick Rolfe
12d4224e8e Merge pull request #40 from github/refactor 
Move all naming decisions to shared library
 2020-11-17 11:19:18 +00:00
Chris Smowton
1d850873f3 Add data-flow edge from -> to in the context to, ok := from.(*Type) 2020-11-17 10:59:59 +00:00
Jonas Jensen
10de931b92 C++: Decrease largeVariable cut-off to 100k 
This 10x lower cut-off has on at least one snapshot made it possible to
compute AST data flow where it was infeasible before.

Also fix an integer overflow that happened in practice on at least one
snapshot and prevented the cut-off from being applied.
 2020-11-17 09:48:32 +01:00
Jonas Jensen
55a38803cb Merge pull request #4673 from MathiasVP/ir-post-dominance 
C++: IR post dominance
 2020-11-17 09:35:51 +01:00
Tamás Vajk
f2259de5f1 Merge pull request #4666 from tamasvajk/feature/roslyn-3.8.0 
C#: Upgrade Roslyn dependencies to 3.8.0
 2020-11-17 08:59:55 +01:00
Rasmus Lerchedahl Petersen
71830abda0 Python: remaining c# tests, except lambdas 
both via nonlocal and via dict
 2020-11-17 08:28:11 +01:00
Robert Marsh
db8766ca69 Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2020-11-16 17:46:20 -08:00
Mathias Vorreiter Pedersen
057bb14eee C++: Add ExternalAPI library files (for AST and IR). 2020-11-16 22:59:54 +01:00
Nick Rolfe
1a9663ff7d Replace single-branch match with if let 2020-11-16 18:43:54 +00:00
Nick Rolfe
68c97a2d13 Use .. to ignore fields 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2020-11-16 18:41:18 +00:00
Nick Rolfe
ad61f7a0a6 Use references instead of owned strings in generator 2020-11-16 17:54:16 +00:00
Nick Rolfe
bbe7c70d34 more refactoring of names 2020-11-16 17:54:16 +00:00
Nick Rolfe
83a0e5fea6 Refactor to move naming decisions to shared library 2020-11-16 17:54:14 +00:00
luchua-bc
0bd6255c41 Query for cleartext storage using Android SharedPreferences 2020-11-16 17:23:01 +00:00
Robert Marsh
a94826dc81 C++: common superclass for Remote/LocalFlowSource 2020-11-16 18:05:17 +01:00
Robert Marsh
31d3e94cec C++: Grammar/style fixes from code review 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-11-16 18:03:44 +01:00
Robert Marsh
74e05c111e C++: add local flow sources 2020-11-16 18:02:19 +01:00
Rasmus Lerchedahl Petersen
27b4c67b9f Python: Start of tests for captured variables 2020-11-16 17:25:39 +01:00
Tamas Vajk
8bef5f417e C#: Upgrade Roslyn dependencies to 3.8.0 2020-11-16 16:44:14 +01:00
Mathias Vorreiter Pedersen
4a7f9100e4 C++: Respond to review comments. 2020-11-16 15:30:42 +01:00
Nick Rolfe
505d5c04d8 Merge pull request #31 from github/aibaars/drop-classes 
Simplify generated QL classes
 2020-11-16 14:16:02 +00:00
Mathias Vorreiter Pedersen
27aab4062a C++/C#: Sync identical files. 2020-11-16 15:05:59 +01:00
Mathias Vorreiter Pedersen
088d5863fc C++: Implement IR post-dominance predicates. 2020-11-16 15:04:40 +01:00
Mathias Vorreiter Pedersen
10a9f7ba13 Update cpp/change-notes/2020-11-12-unsafe-use-of-this.md 
Co-authored-by: hubwriter <hubwriter@github.com>
 2020-11-16 12:28:57 +01:00
Anders Schack-Mulligen
4be731d2ab Java: Adjust reference to static method and add test. 2020-11-16 11:47:58 +01:00
Anders Schack-Mulligen
80ee92ae97 Java: Add support for FastJson in unsafe deserialization. 2020-11-16 11:47:58 +01:00
Mathias Vorreiter Pedersen
020af1c88c C++: Add qhelp. 2020-11-16 11:21:18 +01:00
Geoffrey White
4b8f338139 C++: Autoformat. 2020-11-16 10:19:06 +00:00
Chris Smowton
79c010a601 Move unsafe-unzip-symlink query into qll file and give it customization points. 2020-11-16 09:57:26 +00:00
Chris Smowton
500d78dafa Include os.Readlink as a probable sanitiser. 
A couple of projects seem to walk links one unit at a time, rather than just throwing `EvalSymlinks` at the whole potentially suspect path.
 2020-11-16 09:57:26 +00:00
Chris Smowton
2193642c6e Expand query to notice Symlink and archive iterator calls that do not directly share a loop 
We look across function-call boundaries to check there is some common enclosing loop, but false-positives are more likely if in practice there is no control-flow path from the archive iterator to the Symlink call and back.
 2020-11-16 09:57:26 +00:00
Chris Smowton
1a2c209259 Add query checking for unpacking of symlinks without using EvalSymlinks to spot existing ones. 
This is usually dangerous because (if the archive is untrusted) the intent is usually to permit within-archive symlinks, e.g. dest/a/parent -> .. -> dest/a is an acceptable link to unpack. However if EvalSymlinks is not used to take already-unpacked symlinks into account, it becomes possible to sneak tricks like dest/escapes -> dest/a/parent/.. through, which create links leading out of the archive for later abuse.
 2020-11-16 09:57:26 +00:00
CodeQL CI
09cfb24afa Merge pull request #4648 from erik-krogh/regexpParse 
Approved by asgerf
 2020-11-16 08:20:40 +00:00
CodeQL CI
13edc3713d Merge pull request #4638 from erik-krogh/jwt 
Approved by asgerf
 2020-11-16 08:19:58 +00:00
Anders Schack-Mulligen
3dbd48063c Dataflow: Add Unit type for all languages. 2020-11-16 09:02:44 +01:00
james
45a3024440 Merge branch 'codeql-docs-reorg-2' of github.com:github/codeql into codeql-docs-reorg-2 2020-11-15 08:35:51 +00:00