hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 12:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,697 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Rolfe
b677a91fea Add VSCode workspace 2020-10-14 11:16:28 +01:00
Nick Rolfe
89959b2e0d Add tree-sitter-ruby submodule 2020-10-14 11:15:59 +01:00
yoff
27f474f0e9 Merge pull request #4429 from RasmusWL/python-model-invoke 
Python: model invoke library
 2020-10-14 12:13:35 +02:00
Rasmus Lerchedahl Petersen
dc7e7890f0 Python: Clearer naming and comments (I hope) 2020-10-14 12:03:05 +02:00
Taus Brock-Nannestad
f3c07e3849 Python: Fix up import helper tests 2020-10-14 11:58:14 +02:00
Chris Smowton
83a7411a05 Improve accuracy of allocation-size-overflow by excluding len(...) calls that never see a large operand 
This is achieved by splitting the query into two pieces: (1) trace flow from indefinitely large object creation to len(...) calls, then (2) considering those particular len(...) calls as taint propagators, trace taint from the same sources all the way to an allocation call. This is more accurate than the previous solution, which considered any len(...) call to propagate taint, potentially confusing an array that stored a large value in one of its cells for an array which is itself of large size.
 2020-10-14 10:16:08 +01:00
Max Schaefer
4100ab2919 JavaScript: Add another test to show that flow through functions still works. 2020-10-14 10:03:27 +01:00
Max Schaefer
1c04c07f07 JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction. 2020-10-14 10:03:04 +01:00
Tamás Vajk
8127d9b93e Merge pull request #4404 from tamasvajk/feature/cleanup-2 
C# extractor code cleanup
 2020-10-14 11:02:40 +02:00
Rasmus Wriedt Larsen
b0cfa1d92d Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:53:18 +02:00
Rasmus Wriedt Larsen
bfa5d18476 Python: Use new importNode 2020-10-14 10:49:38 +02:00
Rasmus Wriedt Larsen
7d600e4e8e Merge branch 'main' into python-port-code-injection 2020-10-14 10:48:38 +02:00
Rasmus Wriedt Larsen
4d9d2155fc Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:44:58 +02:00
Rasmus Wriedt Larsen
b0e79890e6 Python: Use new importNode 2020-10-14 10:43:22 +02:00
Rasmus Wriedt Larsen
4597ba64d0 Merge branch 'main' into python-model-invoke 2020-10-14 10:41:37 +02:00
Rasmus Wriedt Larsen
eff47457bf Python: Refactor argument matching 2020-10-14 10:37:38 +02:00
Rasmus Wriedt Larsen
2ea71f574c Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:37:37 +02:00
Rasmus Wriedt Larsen
2e30f58aa2 Python: Use new importNode 2020-10-14 10:37:36 +02:00
Rasmus Wriedt Larsen
ecf70c5f30 Merge branch 'main' into python-model-python2-specific-command-execution 2020-10-14 10:36:43 +02:00
Tom Hvitved
952b2da7d4 C#: Add copy of ControlFlowReachability.qll to be used by sign/modulus analysis 2020-10-14 10:28:08 +02:00
Tom Hvitved
c32242ed50 C#: Simplify ControlFlowReachability.qll 2020-10-14 10:28:07 +02:00
Rasmus Wriedt Larsen
74bd045488 Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:24:46 +02:00
Rasmus Wriedt Larsen
ba158f3317 Python: Use new importNode 2020-10-14 10:17:35 +02:00
Rasmus Wriedt Larsen
49d2e68d12 Merge branch 'main' into python-flask-routed-parameter 2020-10-14 10:16:00 +02:00
Rasmus Lerchedahl Petersen
b0ebb5b6d1 Python: Adjust tag format 2020-10-14 09:51:24 +02:00
Rasmus Lerchedahl Petersen
93383747bd Python: Use more common name for concept 2020-10-14 09:28:58 +02:00
Rasmus Lerchedahl Petersen
a76d276b48 Python: Adjust getARelevantTag 2020-10-14 08:44:04 +02:00
yoff
3b9ea3a958 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-14 08:24:26 +02:00
Jonathan Leitschuh
fc71ca747d Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile 2020-10-13 21:15:09 -04:00
Robert Marsh
28fa26629c C++: output iterator flow with user-defined operators 2020-10-13 16:30:47 -07:00
Robert Marsh
6552499545 C++: add model for iter-returning functions 2020-10-13 16:19:15 -07:00
Robert Marsh
4b6ecfb0b1 C++: remove some constexprs in qltest 2020-10-13 16:19:15 -07:00
Robert Marsh
45a27d3296 C++: add tests for back_inserter iterator flow 2020-10-13 16:19:15 -07:00
Robert Marsh
108cc9ea47 C++: fix assignment to *iter++ 2020-10-13 16:19:15 -07:00
Robert Marsh
f39195e339 C++: add tests for assignments to *iter++ 2020-10-13 16:19:15 -07:00
Ian Lynagh
9238503bc3 C++: Make unnamed parameters follow the "(unnamed ...)" naming 2020-10-14 00:10:56 +01:00
Ian Lynagh
7680080701 C++: Accept unnamed-function changes to tests 2020-10-13 23:52:33 +01:00
Taus Brock-Nannestad
7d86b53b71 Python: Fix unwanted module type tracking 2020-10-13 22:47:57 +02:00
Taus Brock-Nannestad
76e5b59dab Python: Add test case for unwanted module type tracking 2020-10-13 22:47:03 +02:00
Robert Marsh
b49aa677d0 Merge pull request #4459 from geoffw0/setex 
C++: Additional taint flows through std::set
 2020-10-13 15:17:54 -04:00
Nick Rolfe
d3ccb49273 Initial commit: cargo-generated boilerplate 2020-10-13 18:42:13 +01:00
yoff
1f2390455c Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-13 19:15:33 +02:00
Rasmus Lerchedahl Petersen
5d66c485d5 Python: IPA type for arguemnt mappings 
Not sure how arg2 in line 118 is achieved
 2020-10-13 19:12:52 +02:00
Dave Bartolomeo
fba4313457 Merge remote-tracking branch 'upstream/main' into work 2020-10-13 13:07:28 -04:00
Dave Bartolomeo
93f5ae4763 Clean up test formatting and accept new lines in results 2020-10-13 12:57:52 -04:00
Taus
83937bacae Merge pull request #4448 from RasmusWL/python-simplify-import-modeling 
Python: simplify import modeling
 2020-10-13 18:08:07 +02:00
Dave Bartolomeo
dfe69d8ada Update taint test to propagate through string constructor 2020-10-13 12:06:34 -04:00
Rasmus Wriedt Larsen
2c5996f694 Python: Refactor subprocess_attr type-tracker 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-13 17:21:21 +02:00
Taus Brock-Nannestad
fdb489fc93 Python: Remove flow between ESSA variables 
This required a minor change in the type tracker implementation, but
apart from that no other changes appear to be needed. Seems to clean
up the test output quite a bit.
 2020-10-13 16:35:41 +02:00
yoff
05b744701e Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-13 15:31:50 +02:00